From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-ua1-x929.google.com (mail-ua1-x929.google.com [IPv6:2607:f8b0:4864:20::929]) by sourceware.org (Postfix) with ESMTPS id F40093858400 for ; Thu, 11 Nov 2021 03:47:39 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org F40093858400 Received: by mail-ua1-x929.google.com with SMTP id i6so9259613uae.6 for ; Wed, 10 Nov 2021 19:47:39 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=o7xb/UDU9jjNXy+pxoOxUDANM8RUXRth4WjqVnWQzQQ=; b=VxccEVPEhbCs9HrJDv3SG9V6TiWgfSbZyeIeV8kgN9tJtNX8ooNg/cJg5RbgoPfcr4 FR5Q4fwksvCJDO0vPIxTAp2GXM9JPIXf5ySLpB4MEDOJaACeUuIwGvp7Tb+WQqjtn64o q99kWfMmYxUmdVnzCu6Esz8+gShtp6AkKtSOh+ijkTHDOuElKf2y4N5+XLHzRdJEjJmj sydUI5gn2bx5mMKuk8AQ7efzoU1ajJd2N1eDTte1FjCXr6k5Iv9Jyy4NPWyBD7SYOysK a/Am1Gk1Uj2Uy3Cyire2N4mDqiiTxC1t3YXHJtHLgcOsfnxP9oV0QlhZA0RvYGM+WTyd x+XQ== X-Gm-Message-State: AOAM530c2D6wVt8k1CUiOO/4OwsxZw5ip+BVqTpPdNdDJ8lJm+nzWncQ OPVVX0NgzZy7Q9iZQQQc1DhZyLhM6T1o+VAItLpt39M6eCw= X-Google-Smtp-Source: ABdhPJwBJxYjkp9huNF0zrCnTqdRyTxXSdtpCaLvoIwm07Fm/i/ZKtr1b0ea44Fq767QaB3f1fwwYlEhgcY1xp2kqLg= X-Received: by 2002:ab0:74c2:: with SMTP id f2mr6078636uaq.21.1636602459264; Wed, 10 Nov 2021 19:47:39 -0800 (PST) MIME-Version: 1.0 References: In-Reply-To: From: Andrew Pinski Date: Wed, 10 Nov 2021 19:47:27 -0800 Message-ID: Subject: Re: getting spammed on bugzilla To: Overseers mailing list Cc: Joel Brobecker , Simon Marchi , Pedro Alves Content-Type: text/plain; charset="UTF-8" X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, FREEMAIL_FROM, RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_PASS, TXREP autolearn=ham autolearn_force=no version=3.4.4 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on server2.sourceware.org X-BeenThere: overseers@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Overseers mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 11 Nov 2021 03:47:41 -0000 On Wed, Nov 10, 2021 at 7:29 PM Joel Brobecker via Overseers wrote: > > Hello, > > Our bugzilla instance is being used as a spamming platform. > Spammers do so by just posting answers to random PRs. > > As a result of this: > > - The PRs gets polluted with these annoying messages that > we cannot remove (just mark as spam, which is a game of > wack-a-mole and personally a waste of our precious time); > > - People on the Cc: list get emails about them. > > I wouldn't be exagerating if I said that 95% of emails I am > getting from bugzilla, at the moment, is spam. > > I think the problem is that spammers can create their account > without any form of validation. > > Is there something we could do about this? > > Pedro tells us that: > > LLVM has solved this by disabling new user self-registration: > > > > https://bugs.llvm.org/enter_bug.cgi > > > > "New user self-registration is disabled due to spam. For an account please email > > bugs-admin@lists.llvm.org > > with your e-mail address and full name." > > I'm happy to help with answering those legitimate account > creations, if that makes a differnce. > > Any other ideas, perhaps? GCC already disables new account creation; while sourceware does not. I know the gcc bugzilla did get some spam last week and even at that point, the account had been created manually too (GCC has had new accounts disable for over a few years now even). So what looked like a legitimate request and turned out not to be, did slip through. Fixing that is hard really. Thanks, Andrew Pinski > > Thank you! > -- > Joel