POLL, please comment if you have an opinon:

Codeberg.org is being spammed by users using one-time/disposable email services and TOR connections. These spam projects with thousands of bogus issue comments, cause pain for project owners, and spam their notification email inbox. Also, Codeberg's SMTP reputation is harmed.

We consider disabling access via TOR and one-time email providers to maintain smooth operation for all users.

What do you think? Is there a better approach?
Please have your say.

@codeberg Maybe some text analysis could help? For example if more than 10 issues are created with at least 90% matching contents, automatically mark it as spam and make users request approval in some way.

Maybe you could also setup spamassassin on your outgoing server and have it learn what the spam messages look like to limit email spam, but that won't get rid of the issues that are created inside gitea.


@hugot This particular spammer was posting the content of random-not-so-random birdsite posts.

@codeberg Right. This needs some thought. You want to stay accessible to software users who just want to create an account and make an issue right away so a lot of manual setup for users or blocking tor would suck.

I think you need a solution that lets new users participate, but lets existing users maintain the peace of codeberg.org.

@codeberg How about this:

- New users are allowed to create a maximum of X issues/comments per 24 hours through the web UI by default. No API use allowed.

- Optional: They are allowed to use the API to create issues on their own repos, but creating them on other repo's is not allowed.

- To be allowed to use the API and create more than X issues per 24h, a user needs to be approved by at least 2 already approved users.

@codeberg You'd need to make some sort of UI for users to grant/request approval but with something like this in place you can let your users take care stuff as a community.

@hugot Seems this would involve significant changes within gitea. Long-term a built-in trust-scoring system will surely be great, the gitea core developers will surely like this as well?

Anybody volunteering?

@codeberg Well I'd like to help out but my time is limited and my knowledge of gitea is nonexistent.

If you can find more people who are willing I'd be happy to take part and see what I can take on.

Sign in to participate in the conversation
Mastodon for Tech Folks

This Mastodon instance is for people interested in technology. Discussions aren't limited to technology, because tech folks shouldn't be limited to technology either!