[Pulp-dev] Spam on plan.io

Daniel Alley dalley at redhat.com
Wed Oct 31 18:13:28 UTC 2018 

Maybe the first comment / issue posted by an account would need to be
approved, but once approved they could post subsequent comments / issues
without delay?

On Wed, Oct 31, 2018 at 1:28 PM, Brian Bouterse <bbouters at redhat.com> wrote:

> Below is what plan.io got back to me with. I list some options below that.
>
> ===== start message =======
>
> Due to the structure of our regular plans, where each additional user
> comes with a price attached, running Planio in combination with self
> registration is a very rare use case. Consequently, the problems you're
> seeing are more or less unique to pulp.plan.io.
>
> Nevertheless I would like to assure you, that we are 100 % committed to
> support the open source projects, which are hosted on Planio.
>
> In order to find out, what might be done to improve your situation, I had
> a closer look at our web server logs. In the following table you may see
> the user registrations on pulp.plan.io over the last 7 days.
> Time of Registration (Berlin time) Comment
> 2018-10-30 11:02 Failed at email activation
> 2018-10-30 10:41 Spam account - see ashutoshweb3.txt
> 2018-10-29 10:55 Failed at email activation
> 2018-10-28 14:38 Spam account - see rrbb45.txt
> 2018-10-27 11:03 Did not post anything - see Himanshu0709.txt
> 2018-10-26 19:43 Failed at email activation
> 2018-10-26 12:27 Spam account - see itsalina.txt
> 2018-10-26 11:49 Spam account - see peterjobs.txt
> 2018-10-25 13:46 Spam account - see ketty33.txt
> 2018-10-25 11:54 Spam account - see johnrenfroe.txt
> 2018-10-25 07:10 Failed at email activation
> 2018-10-24 22:37 Failed at email activation
> 2018-10-24 22:19 Failed at email activation
> 2018-10-24 14:39 Regular user
>
> After taking a closer look at the user sessions of the successful
> spammers, I think it's safe to say that pulp.plan.io is not attacked by
> automated scripts, but by human users. Each sessions is very different. The
> time spent on the registration page is relatively long. They are not only
> requesting the plain web pages, but also additional assets.
>
> Consequently, the obvious solution, i.e. adding a capture to the
> registration page, would not help with your situation.
>
> Do you maybe have alternative ideas of how Planio could be more helpful in
> addressing these issues? How would you address this situation in a
> self-hosted environment?
>
> ===== end message =======
>
> They make a compelling point that we probably won't do better on our own
> since these are real humans they will be able to beat the captchas and
> other bayesian systems we would put into place in a self-hosted
> environment. I think this leaves only two choices:
>
> a) manage the spam better
>
> b) create a "trusted users" group and have that allow users to either post
> comments, post issues, or both and then disable those permissions for
> "other accounts". This would prevent a new user from filing a bug in a
> self-service way though.
>
> c) add an approval step to the self-service registration
>
> d) $other_idea
>
> What should we do?
>
>
>
> On Tue, Oct 30, 2018 at 9:50 AM Brian Bouterse <bbouters at redhat.com>
> wrote:
>
>> I've contacted plan.io support about the untenable spam situation [0] in
>> the Redmine tracker. I'll let you know what they say, and we can take it
>> from there.
>>
>> [0]: https://pulp.plan.io/issues/67
>>
>
> _______________________________________________
> Pulp-dev mailing list
> Pulp-dev at redhat.com
> https://www.redhat.com/mailman/listinfo/pulp-dev
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/pulp-dev/attachments/20181031/150caf03/attachment.htm>

More information about the Pulp-dev mailing list