Topics

Suggestions on countering spammers?


David A. Wheeler
 

Sadly, spammers have started to add nonsense "projects" to the CII Best Practices site
at a higher rate than before. It appears to be all SEO-related fraud.
I suppose that was inevitable, and I guess it's good that we're "worth" their time.

If anyone has ideas on how to automatically help counter spammers, please
let us know via reply to this mailing list, private email, or this issue:
https://github.com/coreinfrastructure/best-practices-badge/issues/1377

Thanks!

--- David A. Wheeler


Mark Rader
 

Require them to validate their email address.

On Dec 20, 2019, at 11:13 AM, David A. Wheeler <@dwheeler> wrote:

Sadly, spammers have started to add nonsense "projects" to the CII Best Practices site
at a higher rate than before. It appears to be all SEO-related fraud.
I suppose that was inevitable, and I guess it's good that we're "worth" their time.

If anyone has ideas on how to automatically help counter spammers, please
let us know via reply to this mailing list, private email, or this issue:
https://github.com/coreinfrastructure/best-practices-badge/issues/1377

Thanks!

--- David A. Wheeler




David A. Wheeler
 

Mark Rader:
Require them to validate their email address.
Good idea, but for local accounts we already do that, and I believe GitHub also requires email validation for their accounts.

So we're going to have to go beyond that.

--- David A. Wheeler


Trevor Vaughan
 

Pretty sure if you report them the GitHub they'll get banned.


On Fri, Dec 20, 2019 at 3:14 PM David A. Wheeler <dwheeler@...> wrote:
Mark Rader:
> Require them to validate their email address.

Good idea, but for local accounts we already do that, and I believe GitHub also requires email validation for their accounts.

So we're going to have to go beyond that.

--- David A. Wheeler





--
Trevor Vaughan
Vice President, Onyx Point, Inc
(410) 541-6699 x788

-- This account not approved for unencrypted proprietary information --


Mark Rader
 

What I’m thinking is when they create a project or account automatically send them an email with a passcode for verification so you do it for each new project.

On Dec 20, 2019, at 2:14 PM, Wheeler, David A <@dwheeler> wrote:

Mark Rader:
Require them to validate their email address.
Good idea, but for local accounts we already do that, and I believe GitHub also requires email validation for their accounts.

So we're going to have to go beyond that.

--- David A. Wheeler


David A. Wheeler
 

Mark Rader:
What I’m thinking is when they create a project or account automatically send them an email with a passcode for verification so you do it for each new project.
I don't think that will be enough of a deterrent. The spammers are already willing to do an email confirmation.

One possibility would be to *require* a repo URL, and then require that it really be a public repo. In many cases it's easy to detect if a repo is really a repo (e.g., allow certain patterns of GitHub/GitLab URLs, and if that doesn't work, load that one page & see if it's repo of a recognized version control system). But that could cause more problems than it solves.

--- David A. Wheeler