[tor-bugs] #31052 [Internal Services/Services Admin Team]: Guest accounts in the ticketing system
Tor Bug Tracker & Wiki
blackhole at torproject.org
Mon Jul 1 18:21:38 UTC 2019
#31052: Guest accounts in the ticketing system
---------------------------------------------------+---------------------
Reporter: gaba | Owner: qbi
Type: project | Status: new
Priority: Medium | Milestone:
Component: Internal Services/Services Admin Team | Version:
Severity: Normal | Resolution:
Keywords: ticket-system-migration | Actual Points:
Parent ID: #30857 | Points:
Reviewer: | Sponsor:
---------------------------------------------------+---------------------
Comment (by gaba):
From irc on how riseup manage the anti-spam in their gitlab instance.
- limiting domains that can signup to ones we know (whitelist), limiting
projects/group creation to a low number unless requested to increase, and
then searching on the internet for links to our gitlab instance in order
to find spam
on spam:
'snippets' are the most common way (eg. https://0xacab.org/snippets/776) .
Even with monthly cleanup, we have been put into RBL lists for email
delivery blacklisting because of the spam on gitlab. Spam goes in so many
different possible ways, its mostly impossible to control, unless you
dedicate a HUGE amount of time to it. Its extremely easy to miss spammers.
If they don't have access to snippits, they make comments, or user pages,
etc
The only thing that works is to close/limit registration (which is what
gitlab.com does) or turn on google captcha/akismet
about the amount of labor on fighting spam:
You will spend at minimum 6 hours a week dealing with spam, with an open
gitlab. It is not simple as just click a delete button, since you have to
copy and paste the names as conformation
Not only will you spend a huge amount of time dealing with the spam, but
you will also get the domain blacklisted :(
A huge amount of our spam came from gmail accounts even
We played 'whack a mole' for a while by blocking domains that were
spamming but we ended up going crazy, and so we only whitelist domains
now.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/31052#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list