e.g. https://bugs.webkit.org/show_bug.cgi?id=168774 Is there a way we can integrate CAPTCHA, etc... to prevent these spammers from getting Bugzilla account? - R. Niwa
4 дек. 2018 г., в 11:21, Ryosuke Niwa <rniwa@webkit.org> написал(а):
e.g. https://bugs.webkit.org/show_bug.cgi?id=168774 <https://bugs.webkit.org/show_bug.cgi?id=168774>
Is there a way we can integrate CAPTCHA, etc... to prevent these spammers from getting Bugzilla account?
We can integrate CAPTCHA, but based on how the spammers operate, it seems unlikely that it would help much. As far as we could find, other Bugzilla instances haven't solved this either. Many of the spam comments look like they were written by humans who skimmed the comments above, and there were a couple where the comments looked quite convincing at first glance. And the registration process includes sending a confirmation link to their e-mail account, which is Gmail most of the time. So it's already taking more dedication than passing a CAPTCHA would require. What I would want to know is what lures spammers to bugzilla. Perhaps we can find a way to decrease bugs.webkit.org page rank or whatever makes it a valuable target. - Alexey
- R. Niwa _______________________________________________ webkit-dev mailing list webkit-dev@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-dev
On Tue, Dec 4, 2018 at 1:30 PM Alexey Proskuryakov <ap@webkit.org> wrote:
4 дек. 2018 г., в 11:21, Ryosuke Niwa <rniwa@webkit.org> написал(а):
e.g. https://bugs.webkit.org/show_bug.cgi?id=168774
Is there a way we can integrate CAPTCHA, etc... to prevent these spammers from getting Bugzilla account?
We can integrate CAPTCHA, but based on how the spammers operate, it seems unlikely that it would help much. As far as we could find, other Bugzilla instances haven't solved this either.
Many of the spam comments look like they were written by humans who skimmed the comments above, and there were a couple where the comments looked quite convincing at first glance. And the registration process includes sending a confirmation link to their e-mail account, which is Gmail most of the time. So it's already taking more dedication than passing a CAPTCHA would require.
What I would want to know is what lures spammers to bugzilla. Perhaps we can find a way to decrease bugs.webkit.org page rank or whatever makes it a valuable target.
I see. Alternatively, is there a way you can make more of us be able to moderate these spammers? I don't mind seeing them as much as if I could mark them as spammers myself right away and hide their comments. - R. Niwa
4 дек. 2018 г., в 16:45, Ryosuke Niwa <rniwa@webkit.org> написал(а):
Alternatively, is there a way you can make more of us be able to moderate these spammers?
Anyone can tag comments to make them invisible, but there is no privilege level in Bugzilla where one can disable user accounts, but cannot grant full admin privileges. - Alexey
On 12/5/18, 8:28 AM, "webkit-dev on behalf of Michael Catanzaro" <webkit-dev-bounces@lists.webkit.org on behalf of mcatanzaro@igalia.com> wrote: On Tue, Dec 4, 2018 at 7:47 PM, Alexey Proskuryakov <ap@webkit.org> wrote: > Anyone can tag comments to make them invisible How? You can click Tag and enter "spam". (There's also the "obsolete" tag for hiding, say, outdated feedback from the EWS bots. Unfortunately tagging is purely by manual entry right now, but it works.) _______________________________________________ webkit-dev mailing list webkit-dev@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-dev
On Wed, Dec 5, 2018 at 10:44 AM, Ross.Kirsling@sony.com wrote:
You can click Tag and enter "spam". (There's also the "obsolete" tag for hiding, say, outdated feedback from the EWS bots. Unfortunately tagging is purely by manual entry right now, but it works.)
Wow, I never noticed this. I thought Apple folks were using superpowers to obsolete comments! If we add rel="nofollow" then I think we should also respond with comments warning the spammers that we are using rel="nofollow" and their spam will not boost their SEO. Maybe that will convince individual spammers to give us a break. Michael
05.12.2018, 20:31, "Michael Catanzaro" <mcatanzaro@igalia.com>:
On Wed, Dec 5, 2018 at 10:44 AM, Ross.Kirsling@sony.com wrote:
You can click Tag and enter "spam". (There's also the "obsolete" tag for hiding, say, outdated feedback from the EWS bots. Unfortunately tagging is purely by manual entry right now, but it works.)
Wow, I never noticed this. I thought Apple folks were using superpowers to obsolete comments!
If we add rel="nofollow" then I think we should also respond with comments warning the spammers that we are using rel="nofollow" and their spam will not boost their SEO. Maybe that will convince individual spammers to give us a break.
Also it might make sense to block comments in issues that attract unhealthy attention, like this one, if bugzilla allows that
Michael
_______________________________________________ webkit-dev mailing list webkit-dev@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-dev
-- Regards, Konstantin
On Wed, Dec 5, 2018 at 11:30 AM, Michael Catanzaro <mcatanzaro@igalia.com> wrote:
Wow, I never noticed this. I thought Apple folks were using superpowers to obsolete comments!
Hi, Recently a spammer added me to his Bugzilla user watchlist (Preferences -> Email Preferences -> User Watching on the bottom left) to follow me across Bugzilla, and has been manually sending me spam emails. I suppose it's retaliation for my tagging several Bugzilla comments as Spam, now that I know how. (I've asked the WebKit admins to ban his account.) Hopefully I'm just unlucky, but you might want to check the list of accounts watching you for suspicious accounts! Michael
On Wed, Dec 5, 2018 at 6:30 AM Alexey Proskuryakov <ap@webkit.org> wrote:
What I would want to know is what lures spammers to bugzilla. Perhaps we can find a way to decrease bugs.webkit.org page rank or whatever makes it a valuable target.
What about adding nofollow. Mozilla bugzilla is using nofollow, for example, <https://bugzilla.mozilla.org/show_bug.cgi?id=1511181> Here is the Goole document about nofollow: Use rel="nofollow" for specific links - Search Console Help https://support.google.com/webmasters/answer/96569?hl=en LLVM bugzilla <https://bugs.llvm.org/> says:
New user self-registration is disabled due to spam.
-- Fujii
participants (6)
-
Alexey Proskuryakov
-
Fujii Hironori
-
Konstantin Tokarev
-
Michael Catanzaro
-
Ross.Kirsling@sony.com
-
Ryosuke Niwa