Mailinglist Archive: opensuse-project (80 mails)

< Previous Next >
Re: [opensuse-project] New members procedure
Hi,

I think this is a big issue, because if you visit connect.o.o it looks like a
big mess and massive insecure. In this state you cannot want that someone
should logon to this website and maybe it's a security risk.

Carlos, thank you for your cry to help. I don't think that you have any chance
to fight the spam only with two people. I am willing to help but what can we do
to clean connect.o.o from the spam and to make the plattform more secure? How
can we seperate real users from spam bots? And how can we implement a 2FA?

We cannot leave connect.o.o in this state.

Best
Christian



Am 19. September 2019 10:14:36 MESZ schrieb "Carlos E. R."
<robin.listas@xxxxxxxxxxxxxx>:
Hi,

I just learned that the recommended procedure for prospective new
members is to write a profile on <https://connect.opensuse.org/>

It is described here:
<https://en.opensuse.org/openSUSE:Members#Detailed_steps_to_follow>

You know that I am one of the two volunteers that watch for spam on the
connect platform. I have been told that the platform is insecure, and
in
fact people remove their profile. I don't know if this claims are true
or not, but I ask here for your consideration.


For example, the other day a new user appeared, "rose25". Within a day,
she made "friends" with possibly everybody on the platform, surely
using
a script, there is no other way to do thousands of friends. A few
corresponded.

Subsequently I banned her.

Quickly another user appeared, "rose2525", but so far no activity I can
can undoubtedly classify as "spam". However, some real users have made
friends with her (like Malcolm Lewis, or Stefan Seyfried, but not
listed
later as such). I am suspicious and undecided.


The point: I highly suspect that this "rose25" got the emails and
personal data on the profiles of everybody.

Thus I ask if would it not be better to modify the procedure for
prospective new members to provide their "resume" in some other secure
manner.

I am a bit worried. I do not want to be blamed for breach of privacy
(EU
regulations etc) as I am 50% the active admin of that platform, which I
barely understand. I do not take responsibility in such an event.
--
To unsubscribe, e-mail: opensuse-project+unsubscribe@xxxxxxxxxxxx
To contact the owner, email: opensuse-project+owner@xxxxxxxxxxxx

< Previous Next >
Follow Ups
References