From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <mark@klomp.org>
Received: from gnu.wildebeest.org (gnu.wildebeest.org [45.83.234.184])
 by sourceware.org (Postfix) with ESMTPS id 252BC3858D28
 for <overseers@sourceware.org>; Fri, 12 Nov 2021 08:55:28 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org 252BC3858D28
Received: from reform (deer0x16.wildebeest.org [172.31.17.152])
 (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by gnu.wildebeest.org (Postfix) with ESMTPSA id C47CA302FBAF;
 Fri, 12 Nov 2021 09:55:26 +0100 (CET)
Received: by reform (Postfix, from userid 1000)
 id 44E872E806BE; Fri, 12 Nov 2021 09:55:26 +0100 (CET)
Date: Fri, 12 Nov 2021 09:55:26 +0100
From: Mark Wielaard <mark@klomp.org>
To: Overseers mailing list <overseers@sourceware.org>
Cc: Andrew Pinski <pinskia@gmail.com>, Joel Brobecker <brobecker@adacore.com>,
 Simon Marchi <simon.marchi@polymtl.ca>, Pedro Alves <pedro@palves.net>
Subject: Re: getting spammed on bugzilla
Message-ID: <YY4r/kPvrr20RsZV@wildebeest.org>
References: <YYyOJhziKpa5jBgo@adacore.com>
 <CA+=Sn1k3GWexDuxMnmbj-zPGboLanzUGNpAH8mth_BH17vuEyA@mail.gmail.com>
 <YY3wQQQ/R/th3Dki@adacore.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <YY3wQQQ/R/th3Dki@adacore.com>
X-Spam-Status: No, score=-3.8 required=5.0 tests=BAYES_00, JMQ_SPF_NEUTRAL,
 KAM_DMARC_STATUS, SPF_HELO_NONE, SPF_PASS,
 TXREP autolearn=no autolearn_force=no version=3.4.4
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on
 server2.sourceware.org
X-BeenThere: overseers@sourceware.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Overseers mailing list <overseers.sourceware.org>
List-Unsubscribe: <https://sourceware.org/mailman/options/overseers>,
 <mailto:overseers-request@sourceware.org?subject=unsubscribe>
List-Archive: <https://sourceware.org/pipermail/overseers/>
List-Post: <mailto:overseers@sourceware.org>
List-Help: <mailto:overseers-request@sourceware.org?subject=help>
List-Subscribe: <https://sourceware.org/mailman/listinfo/overseers>,
 <mailto:overseers-request@sourceware.org?subject=subscribe>
X-List-Received-Date: Fri, 12 Nov 2021 08:55:29 -0000

Hi,

On Fri, Nov 12, 2021 at 08:40:33AM +0400, Joel Brobecker via Overseers wrote:
> My thinking on this is that we should try doing the same for
> sourceware's bugzilla, and see how it goes. I'm hoping the extra
> step will be a high enough barrier that it'll encourage the majority
> of spammers to find somewhere else to go. Even if not perfect, if
> we can block the majority of spam, that'll already be a great win
> for us.

I don't like it, but I don't see another solution.  I did tweak the
spam filters to count http[s]:// and reject any comments containing
10+ urls. That seems to have worked a little. But soon after we saw
even more spam comments that simply use 1 url (and copy/paste some
earlier comment text). Currently I am blocking ~3 users and tagging
~10 comments as spam a day. Which isn't really productive use of my
time, and not really sustainable. So unless someone knows a better way
of automatically detecting spam bugzilla comments and blocking users
that post them I am afraid we will have to restrict who can sign up
for a bugzilla account or explicitly approve first time bug posters.

Cheers,

Mark