Mailinglist Archive: opensuse-project (80 mails)

< Previous Next >
Re: [opensuse-project] New members procedure
On 19/09/2019 16.54, Christian Imhorst wrote:
Hi,

I think this is a big issue, because if you visit connect.o.o it looks like a
big mess and massive insecure. In this state you cannot want that someone
should logon to this website and maybe it's a security risk.

Carlos, thank you for your cry to help. I don't think that you have any
chance to fight the spam only with two people. I am willing to help but what
can we do to clean connect.o.o from the spam and to make the plattform more
secure? How can we seperate real users from spam bots? And how can we
implement a 2FA?

We cannot leave connect.o.o in this state.

As far as I know, there is currently no spam in that platform. There are
some attempts per day, but at least once a day we remove it, it just
takes a few minutes. Of course, a spammer may be alive some hours.

We do not remove them: instead the default action is "ban". The
reasoning is that a removed user comes back, while a banned one has to
create a new one with different name. Which means that their names
remain visible, and some times the name itself is the spam action. You
can click on those names, but no action happens.

Examples:

KSP Chartered Surveyors
Area Dental Clinic
IBC Carpentry

...



But I'm worried most about real people writing private information there
and spammers collecting it. If registration wouldn't be automatic, but
had to be human reviewed first...

Help is welcomed, but I think it is more important to replace it with
something else. I do not participate in that, not my skill set. There
was a thread about it months ago, and other people can fill you in on
the current state of things.

The basic requirement is hold a list of members, that's all. With some
features. Not a friendship platform.

--
Cheers / Saludos,

Carlos E. R.

(from openSUSE 15.1 (Legolas))

< Previous Next >