<div dir="ltr">Maybe the first comment / issue posted by an account would need to be approved, but once approved they could post subsequent comments / issues without delay?<br></div><div class="gmail_extra"><br><div class="gmail_quote">On Wed, Oct 31, 2018 at 1:28 PM, Brian Bouterse <span dir="ltr"><<a href="mailto:bbouters@redhat.com" target="_blank">bbouters@redhat.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div>Below is what <a href="http://plan.io" target="_blank">plan.io</a> got back to me with. I list some options below that.<br></div><div><br></div><div>===== start message =======<br></div><div><p>Due to the structure of our regular plans, where each additional user comes with a price attached, running Planio in combination with self registration is a very rare use case. Consequently, the problems you're seeing are more or less unique to <a href="http://pulp.plan.io" target="_blank">pulp.plan.io</a>.</p> <p>Nevertheless I would like to assure you, that we are 100 % committed to support the open source projects, which are hosted on Planio.</p> <p>In order to find out, what might be done to improve your situation, I had a closer look at our web server logs. In the following table you may see the user registrations on <a href="http://pulp.plan.io" target="_blank">pulp.plan.io</a> over the last 7 days.</p> <table> <tbody><tr> <th>Time of Registration (Berlin time) </th> <th>Comment </th> </tr> <tr> <td>2018-10-30 11:02</td> <td>Failed at email activation</td> </tr> <tr> <td>2018-10-30 10:41</td> <td>Spam account - see ashutoshweb3.txt</td> </tr> <tr> <td>2018-10-29 10:55</td> <td>Failed at email activation</td> </tr> <tr> <td>2018-10-28 14:38</td> <td>Spam account - see rrbb45.txt</td> </tr> <tr> <td>2018-10-27 11:03</td> <td>Did not post anything - see Himanshu0709.txt</td> </tr> <tr> <td>2018-10-26 19:43</td> <td>Failed at email activation</td> </tr> <tr> <td>2018-10-26 12:27</td> <td>Spam account - see itsalina.txt</td> </tr> <tr> <td>2018-10-26 11:49</td> <td>Spam account - see peterjobs.txt</td> </tr> <tr> <td>2018-10-25 13:46</td> <td>Spam account - see ketty33.txt</td> </tr> <tr> <td>2018-10-25 11:54</td> <td>Spam account - see johnrenfroe.txt</td> </tr> <tr> <td>2018-10-25 07:10</td> <td>Failed at email activation</td> </tr> <tr> <td>2018-10-24 22:37</td> <td>Failed at email activation</td> </tr> <tr> <td>2018-10-24 22:19</td> <td>Failed at email activation</td> </tr> <tr> <td>2018-10-24 14:39</td> <td>Regular user</td> </tr> </tbody></table> <p>After taking a closer look at the user sessions of the successful spammers, I think it's safe to say that <a href="http://pulp.plan.io" target="_blank">pulp.plan.io</a> is not attacked by automated scripts, but by human users. Each sessions is very different. The time spent on the registration page is relatively long. They are not only requesting the plain web pages, but also additional assets.</p> <p>Consequently, the obvious solution, i.e. adding a capture to the registration page, would not help with your situation.</p> <p>Do you maybe have alternative ideas of how Planio could be more helpful in addressing these issues? How would you address this situation in a self-hosted environment?</p><p>===== end message =======</p><p>They make a compelling point that we probably won't do better on our own since these are real humans they will be able to beat the captchas and other bayesian systems we would put into place in a self-hosted environment. I think this leaves only two choices:</p><p>a) manage the spam better</p><p>b) create a "trusted users" group and have that allow users to either post comments, post issues, or both and then disable those permissions for "other accounts". This would prevent a new user from filing a bug in a self-service way though.</p><p>c) add an approval step to the self-service registration<br></p><p>d) $other_idea<br></p><p>What should we do?<br></p><p><br></p></div></div><br><div class="gmail_quote"><div dir="ltr">On Tue, Oct 30, 2018 at 9:50 AM Brian Bouterse <<a href="mailto:bbouters@redhat.com" target="_blank">bbouters@redhat.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div dir="ltr"><div>I've contacted <a href="http://plan.io" target="_blank">plan.io</a> support about the untenable spam situation [0] in the Redmine tracker. I'll let you know what they say, and we can take it from there.<br></div><div><br></div><div>[0]: <a href="https://pulp.plan.io/issues/67" target="_blank">https://pulp.plan.io/issues/67</a><br></div></div></div> </blockquote></div> <br>______________________________<wbr>_________________<br> Pulp-dev mailing list<br> <a href="mailto:Pulp-dev@redhat.com">Pulp-dev@redhat.com</a><br> <a href="https://www.redhat.com/mailman/listinfo/pulp-dev" rel="noreferrer" target="_blank">https://www.redhat.com/<wbr>mailman/listinfo/pulp-dev</a><br> <br></blockquote></div><br></div>