[Savannah-cvs] [SavaneTasks] (edit) antispam ideas

savannah-cvs

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Savannah-cvs] [SavaneTasks] (edit) antispam ideas

From:	Beuc
Subject:	[Savannah-cvs] [SavaneTasks] (edit) antispam ideas
Date:	Fri, 15 Aug 2008 19:28:57 +0000

--removed:
-Check for an analysis after ~1 day: 
https://savannah.gnu.org/support/index.php?106304#comment9
-

??changed:
- -- Validated post (captcha or login)
 -- Validated post (validated captcha or authentified)

++added:
Check for an analysis after ~1 day: 
https://savannah.gnu.org/support/index.php?106304#comment9


Conclusion: distributed and dumb for the most part (95%), and %5 remaining 
distributed and clever.

Apparently we need to be a bit more challenging for the 5% one. Or, we need to 
accept there will be 5% clever spam anyway and filter them after-the-fact.

TODO: better analyse 5% remaining posts

Ideas (more challenging):

 * text captcha or textcha - http://moinmo.in/HelpOnTextChas 

   * beware: i18n

 * randomized text fields:

  * beware: pre-filling the fields on error

  * cons: needs cookie for anonymous users (not implemented)

 * reduce number of links per posts + surge protection (limit msgs/min)

 * URL block-lists?

Ideas (post-moderation):

 * Currently requires 5 spam points (user=1, tracker admin=2, project admin=5), 
but often normal users don't reach 5 points. Implement a moderation form for 
admins or site-admins, which would be able to quickly moderate the spam.

  * Beware: lack of moderation team, lots of dead projects

Rejected ideas:

 * captcha:

  * accessibility issues

  * clever spammers (the 5% we track) know how to read captcha

  * I don't like decrypting numbers on screen 20 times per day

 * recaptcha: graphic or sound captcha via a webservice: no server-side source 
code

 * give less privileges to anonymous users:

  * it discourages contribution (forces to create an account, remember 
password, etc.)

  * some spammers already create accounts, so don't feel safe because the user 
is authenticated, it can very well be a spammer nevertheless

 * akisnet (or something, no need to advertise): interesting idea based on 
centralization and cross-site analysis, via webservice (somewhat similar to 
Razor/Pyzor); but this is essentially a proprietary external solution; we would 
also need to paid a monthly fee since we're bigger than a classic blog. A free 
software implementation would need a huge traffic too to get consistent and 
reactive detection.



--
forwarded from 
https://savannah.gnu.org/maintenance/address@hidden://savannah.gnu.org/maintenance

[Prev in Thread]

Current Thread

[Next in Thread]

[Savannah-cvs] [SavaneTasks] (edit) antispam ideas, Beuc <=
- [Savannah-cvs] [SavaneTasks] (edit) antispam ideas, Beuc, 2008/08/15

Prev by Date: [Savannah-cvs] [SavaneTasks] (edit) Average number of different apparently-spamming IP adresses per day
Next by Date: [Savannah-cvs] [SavaneTasks] (edit) antispam ideas
Previous by thread: [Savannah-cvs] [SavaneTasks] (edit) Average number of different apparently-spamming IP adresses per day
Next by thread: [Savannah-cvs] [SavaneTasks] (edit) antispam ideas
Index(es):
- Date
- Thread