[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Savannah-cvs] [SavaneTasks] (edit) antispam ideas

From: Beuc
Subject: [Savannah-cvs] [SavaneTasks] (edit) antispam ideas
Date: Fri, 15 Aug 2008 19:28:57 +0000

-Check for an analysis after ~1 day:

- -- Validated post (captcha or login)
 -- Validated post (validated captcha or authentified)

Check for an analysis after ~1 day:

Conclusion: distributed and dumb for the most part (95%), and %5 remaining 
distributed and clever.

Apparently we need to be a bit more challenging for the 5% one. Or, we need to 
accept there will be 5% clever spam anyway and filter them after-the-fact.

TODO: better analyse 5% remaining posts

Ideas (more challenging):

 * text captcha or textcha - 

   * beware: i18n

 * randomized text fields:

  * beware: pre-filling the fields on error

  * cons: needs cookie for anonymous users (not implemented)

 * reduce number of links per posts + surge protection (limit msgs/min)

 * URL block-lists?

Ideas (post-moderation):

 * Currently requires 5 spam points (user=1, tracker admin=2, project admin=5), 
but often normal users don't reach 5 points. Implement a moderation form for 
admins or site-admins, which would be able to quickly moderate the spam.

  * Beware: lack of moderation team, lots of dead projects

Rejected ideas:

 * captcha:

  * accessibility issues

  * clever spammers (the 5% we track) know how to read captcha

  * I don't like decrypting numbers on screen 20 times per day

 * recaptcha: graphic or sound captcha via a webservice: no server-side source 

 * give less privileges to anonymous users:

  * it discourages contribution (forces to create an account, remember 
password, etc.)

  * some spammers already create accounts, so don't feel safe because the user 
is authenticated, it can very well be a spammer nevertheless

 * akisnet (or something, no need to advertise): interesting idea based on 
centralization and cross-site analysis, via webservice (somewhat similar to 
Razor/Pyzor); but this is essentially a proprietary external solution; we would 
also need to paid a monthly fee since we're bigger than a classic blog. A free 
software implementation would need a huge traffic too to get consistent and 
reactive detection.

forwarded from

reply via email to

[Prev in Thread] Current Thread [Next in Thread]