POLL, please comment if you have an opinon:
Codeberg.org is being spammed by users using one-time/disposable email services and TOR connections. These spam projects with thousands of bogus issue comments, cause pain for project owners, and spam their notification email inbox. Also, Codeberg's SMTP reputation is harmed.
We consider disabling access via TOR and one-time email providers to maintain smooth operation for all users.
What do you think? Is there a better approach?
Please have your say.
@codeberg please don't block TOR access. Attackers would be able to use legitimate IPs anyway.
A captcha per issue/comment could be a good temporal counter-measure.
@rdg What about API?
@codeberg I don't know, maybe a web of trust or a reputation system would be more suitable in the long term. Then allow trusted users to avoid captcha and use API freely.
@rdg Sounds like a bigger project, contributions absolutely welcome!
But what to do near-term?
@codeberg use captcha and disable API by default. You may want to enable API to some users via a human evaluated petition, similarly as some mastodon instances for newcomers.
Of course is a temporal patch and won't scale, but may stop the SPAM problem.
@codeberg unfortunately yes, for newcomers. Do you have statistics of what is the portion of GitNex users that would be locked? Also federation may need to implement a trust mechanism anyway