From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <carlos@redhat.com>
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [216.205.24.124])
 by sourceware.org (Postfix) with ESMTPS id 44BE33858402
 for <overseers@sourceware.org>; Fri, 12 Nov 2021 13:26:17 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org 44BE33858402
Received: from mail-qv1-f69.google.com (mail-qv1-f69.google.com
 [209.85.219.69]) (Using TLS) by relay.mimecast.com with ESMTP id
 us-mta-475-NSzuFNNcOFiJHvxUUFDmpQ-1; Fri, 12 Nov 2021 08:26:16 -0500
X-MC-Unique: NSzuFNNcOFiJHvxUUFDmpQ-1
Received: by mail-qv1-f69.google.com with SMTP id
 ib13-20020a0562141c8d00b003958b43bcf2so8368934qvb.1
 for <overseers@sourceware.org>; Fri, 12 Nov 2021 05:26:16 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20210112;
 h=x-gm-message-state:message-id:date:mime-version:user-agent:subject
 :content-language:to:cc:references:from:organization:in-reply-to
 :content-transfer-encoding;
 bh=yQAvVC/kl0A9IPGk+x22x3/dinKGEZrG/M/rNNaqZ4g=;
 b=fbeiWklgFby/9lVeBxP3kh7nuk2vZQ894/tiZAdbIo2LscGQAj1gdiFfn6BWApxNui
 Fl7P0B7Fb6fSzxLuQtZQsXbYMoIOmwMkSFS9ItxppD4yB+SXKj2xPBOTBr2vV0R9tCUk
 Ak4zN9QbzFI/aEmZ/kGKJGRWpBYaXieeP4GlXnXb85b5q/y+tSfK8J+gGTipO1rAtRsb
 NVQMbAqqh/n/BUJIDSexrIJpnXP/50FPm+nET1cABdA/7U7S13BkG2amPPtkHk3eu7Px
 +tfjv+MUaxZxfKPMwG3BJ5Z2dxfU2uH/TFRht/+ngC7D0H7J6xC4gYm3tRmXfsDrZOID
 r6Dg==
X-Gm-Message-State: AOAM532FYBowRoDz+iSz+Dzt/MlkMQXk8uXj0xupi92YY6XPYYN0M4gv
 cA/9OMzaSYYH2ncNt0Jb7LC1FbaNkW1GwbIGRRwYosRUgpKgzk/1QHWq89KBcGwxqTLq6hSiWvl
 IhvpEccD9iKDKrxjeA8rOjnltsKu3aEmF4TXG99gqq30LvvZQUR8Ax/ynX13p79xSasOO
X-Received: by 2002:a05:6214:21ae:: with SMTP id
 t14mr14264593qvc.66.1636723575382; 
 Fri, 12 Nov 2021 05:26:15 -0800 (PST)
X-Google-Smtp-Source: ABdhPJy2eLe6zYNs/WGw0ivxBW2lKv/SyZMFDp3EE30J1SEcJiRRP+DsEatiDdR4VRZ3LdysMUtSEQ==
X-Received: by 2002:a05:6214:21ae:: with SMTP id
 t14mr14264563qvc.66.1636723575151; 
 Fri, 12 Nov 2021 05:26:15 -0800 (PST)
Received: from [192.168.1.16] (198-84-214-74.cpe.teksavvy.com. [198.84.214.74])
 by smtp.gmail.com with ESMTPSA id de40sm1009059qkb.99.2021.11.12.05.26.14
 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128);
 Fri, 12 Nov 2021 05:26:14 -0800 (PST)
Message-ID: <6bf0f483-ce3a-3c03-f889-15c8b2eef14f@redhat.com>
Date: Fri, 12 Nov 2021 08:26:13 -0500
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101
 Thunderbird/91.1.0
Subject: Re: getting spammed on bugzilla
To: Overseers mailing list <overseers@sourceware.org>
Cc: Mark Wielaard <mark@klomp.org>, Pedro Alves <pedro@palves.net>,
 Simon Marchi <simon.marchi@polymtl.ca>,
 Joel Brobecker <brobecker@adacore.com>
References: <YYyOJhziKpa5jBgo@adacore.com>
 <CA+=Sn1k3GWexDuxMnmbj-zPGboLanzUGNpAH8mth_BH17vuEyA@mail.gmail.com>
 <YY3wQQQ/R/th3Dki@adacore.com> <YY4r/kPvrr20RsZV@wildebeest.org>
From: Carlos O'Donell <carlos@redhat.com>
Organization: Red Hat
In-Reply-To: <YY4r/kPvrr20RsZV@wildebeest.org>
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Language: en-US
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
X-Spam-Status: No, score=-7.9 required=5.0 tests=BAYES_00, DKIMWL_WL_HIGH,
 DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, NICE_REPLY_A,
 RCVD_IN_DNSWL_LOW, RCVD_IN_MSPIKE_H2, SPF_HELO_NONE, SPF_NONE,
 TXREP autolearn=ham autolearn_force=no version=3.4.4
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on
 server2.sourceware.org
X-BeenThere: overseers@sourceware.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Overseers mailing list <overseers.sourceware.org>
List-Unsubscribe: <https://sourceware.org/mailman/options/overseers>,
 <mailto:overseers-request@sourceware.org?subject=unsubscribe>
List-Archive: <https://sourceware.org/pipermail/overseers/>
List-Post: <mailto:overseers@sourceware.org>
List-Help: <mailto:overseers-request@sourceware.org?subject=help>
List-Subscribe: <https://sourceware.org/mailman/listinfo/overseers>,
 <mailto:overseers-request@sourceware.org?subject=subscribe>
X-List-Received-Date: Fri, 12 Nov 2021 13:26:18 -0000

On 11/12/21 03:55, Mark Wielaard via Overseers wrote:
> Hi,
> 
> On Fri, Nov 12, 2021 at 08:40:33AM +0400, Joel Brobecker via Overseers wrote:
>> My thinking on this is that we should try doing the same for
>> sourceware's bugzilla, and see how it goes. I'm hoping the extra
>> step will be a high enough barrier that it'll encourage the majority
>> of spammers to find somewhere else to go. Even if not perfect, if
>> we can block the majority of spam, that'll already be a great win
>> for us.
> 
> I don't like it, but I don't see another solution.  I did tweak the
> spam filters to count http[s]:// and reject any comments containing
> 10+ urls. That seems to have worked a little. But soon after we saw
> even more spam comments that simply use 1 url (and copy/paste some
> earlier comment text). Currently I am blocking ~3 users and tagging
> ~10 comments as spam a day. Which isn't really productive use of my
> time, and not really sustainable. So unless someone knows a better way
> of automatically detecting spam bugzilla comments and blocking users
> that post them I am afraid we will have to restrict who can sign up
> for a bugzilla account or explicitly approve first time bug posters.

I'd say we disable new account creation.

It saddens me, but it's the only solution.

For the glibc wiki new account creation requires EditGroup and that requires talking
to the community and that solved all spam problems.

-- 
Cheers,
Carlos.