Re: Trac seems to think I'm a spambot...? - ghc-devs - Haskell.org

newer
Re: ghc-7.8-rc2 in -O2 mode eats...

Re: Trac seems to think I'm a spambot...?

older
ghc-7.8-rc2 in -O2 mode eats all...

Kyle Van Berendonck

7 Apr 2014 7 Apr '14

5:43 a.m.

Hmm. I just got flagged as a spambot trying to reply to a ticket too. It did give me a captcha option though.

Attachments:

attachment.html (text/html — 153 bytes)

Reply

Sign in to reply online Use email software

Show replies by date

Herbert Valerio Riedel

7 Apr 7 Apr

5:50 a.m.

New subject: Trac seems to think I'm a spambot...?

On 2014-04-07 at 11:43:23 +0200, Kyle Van Berendonck wrote:

I just got flagged as a spambot trying to reply to a ticket too. It did give me a captcha option though.

It's surprisingly difficult to discriminate between humans and bots; I've enabled http://trac.edgewall.org/wiki/SpamFilter and I've tried tweaking its score weightings, but it still gets some false positives, and is tends to annoy with reCaptcha interaction (and to my surprise, even spambots seem to be able to outsmart reCaptcha these days) Does anyone here have more experience with spam-filtering who could help set up the Trac spam-filtering?

Reply

Sign in to reply online Use email software

Edward Z. Yang

5:56 a.m.

New subject: Trac seems to think I'm a spambot...?

Is the Akismet filter enabled? In my experience, combining it with a technique like NoSpamNX (some sort of "honey-pot" field which wide range spambots are susceptible to) lowers spam hits to a level where manually moderating the rest is fine. If it is too hard for contributors to mark entries as spam, maybe that's what needs to be fixed. Edward Excerpts from Herbert Valerio Riedel's message of 2014-04-07 02:50:26 -0700:

On 2014-04-07 at 11:43:23 +0200, Kyle Van Berendonck wrote:

...
I just got flagged as a spambot trying to reply to a ticket too. It did give me a captcha option though.

It's surprisingly difficult to discriminate between humans and bots; I've enabled http://trac.edgewall.org/wiki/SpamFilter and I've tried tweaking its score weightings, but it still gets some false positives, and is tends to annoy with reCaptcha interaction (and to my surprise, even spambots seem to be able to outsmart reCaptcha these days)

Does anyone here have more experience with spam-filtering who could help set up the Trac spam-filtering?

Reply

Sign in to reply online Use email software

Kim-Ee Yeoh

6:17 a.m.

New subject: Trac seems to think I'm a spambot...?

Herbert, Off the top of my head: What email addresses are attached to the spamming trac accounts? Is there any pattern to them? More importantly, are external links nofollow'd [1] to reduce spam incentive? Doesn't appear so [2] if you view html source and search for "reddit thread". There's a whole bunch of material when I search for "trac nofollow", so maybe that's the answer. [1] https://support.google.com/webmasters/answer/96569?hl=en [2] https://ghc.haskell.org/trac/ghc/ticket/8955 -- Kim-Ee On Mon, Apr 7, 2014 at 4:50 PM, Herbert Valerio Riedel wrote:

On 2014-04-07 at 11:43:23 +0200, Kyle Van Berendonck wrote:

...
I just got flagged as a spambot trying to reply to a ticket too. It did give me a captcha option though.

It's surprisingly difficult to discriminate between humans and bots; I've enabled http://trac.edgewall.org/wiki/SpamFilter and I've tried tweaking its score weightings, but it still gets some false positives, and is tends to annoy with reCaptcha interaction (and to my surprise, even spambots seem to be able to outsmart reCaptcha these days)

Does anyone here have more experience with spam-filtering who could help set up the Trac spam-filtering?

_______________________________________________ ghc-devs mailing list ghc-devs@haskell.org http://www.haskell.org/mailman/listinfo/ghc-devs

Reply

Sign in to reply online Use email software

Kim-Ee Yeoh

6:45 a.m.

New subject: Trac seems to think I'm a spambot...?

On Mon, Apr 7, 2014 at 5:17 PM, Kim-Ee Yeoh wrote:

More importantly, are external links nofollow'd [1] to reduce spam incentive? Doesn't appear so [2] if you view html source and search for "reddit thread". There's a whole bunch of material when I search for "trac nofollow", so maybe that's the answer.

Apparently 'nofollow' is not the answer, according to: http://trac.edgewall.org/ticket/1145 This guy has a lot of success leaning on Akismet and captcha for this tracspam setup: http://news.thedigitalmachine.com/2012/07/26/howto-configure-tracspam-to-all... -- Kim-Ee

Reply

Sign in to reply online Use email software

Herbert Valerio Riedel

7:54 a.m.

New subject: Trac seems to think I'm a spambot...?

On 2014-04-07 at 12:45:49 +0200, Kim-Ee Yeoh wrote:

On Mon, Apr 7, 2014 at 5:17 PM, Kim-Ee Yeoh wrote:

...
More importantly, are external links nofollow'd [1] to reduce spam incentive? Doesn't appear so [2] if you view html source and search for "reddit thread". There's a whole bunch of material when I search for "trac nofollow", so maybe that's the answer.

Apparently 'nofollow' is not the answer, according to:

http://trac.edgewall.org/ticket/1145

This guy has a lot of success leaning on Akismet and captcha for this tracspam setup:

http://news.thedigitalmachine.com/2012/07/26/howto-configure-tracspam-to-all...

well, it was actually Akismet (as well as others) that declared Gergo's content (which was basically a pasted commit message) to be spam (ultimately giving it such a low scoring that even reCaptcha wouldn't compensate for it) Here's the score-computation: Akismet (-5): Akismet says content is spam AuthenticatedUserScore (4): User is authenticated BotScout (-2): BotScout says this is spam (Y|MULTI|IP|0|MAIL|0|NAME|3) Captcha (10): Human verified via CAPTCHA (Recaptcha) Defensio (2): Defensio says content is allowed (legitimate, 0.2, none) Session (0): Existing session found StopForumSpam (0): StopForumSpam says this is spam (username [0.01]) As for the previous question of whether the email-addresses of spammers follow any obvious pattern, not always; we've had a few spammers with ordinary looking gmail.com addresses as well; in the cases they do, one of the external anti-spam service usually classifies it as potential spam...

Reply

Sign in to reply online Use email software

Kim-Ee Yeoh

10:27 a.m.

New subject: Trac seems to think I'm a spambot...?

Could we try something? I'm thinking that recaptcha can be a PITA if only because it disrupts one's state of flow but people will put up with it to save trac from spam. What if we replace captcha with a short, static question, the web form equivalent of a secret handshake? And give it enough weighting to override akismet? E.g. * What is Haskell's middle name? * What is SPJ's middle name? The main drawback to this is that it'll only be a matter of time before spammers wise up. But that interval might be long enough for something better on the horizon, e.g. akismet gets a lot smarter, better blog posts on tracspam, etc. Also, spammers might be deterred enough to give up and look elsewhere. Another drawback is that some folks won't actually know the secret handshake. Hopefully those numbers are very small. p.s. A variant to this that's more search-proof is some trivial haskell: E.g. let fibs = 0:1: ... fibs in fibs !! n where n is randomly chosen from 2, 3, or 4; where the answer is an instantaneous n-1.

Reply

Sign in to reply online Use email software

Joachim Breitner

10:51 a.m.

New subject: Trac seems to think I'm a spambot...?

Hi, Am Montag, den 07.04.2014, 21:27 +0700 schrieb Kim-Ee Yeoh:

What if we replace captcha with a short, static question, the web form equivalent of a secret handshake? And give it enough weighting to override akismet?

E.g.

* What is Haskell's middle name? * What is SPJ's middle name?

I made good experience with such checks on my blog. The answer can be really simple, „What is SPJ’s first name?“ tends to be sufficient. Greetings, Joachim -- Joachim “nomeata” Breitner mail@joachim-breitner.de • http://www.joachim-breitner.de/ Jabber: nomeata@joachim-breitner.de • GPG-Key: 0x4743206C Debian Developer: nomeata@debian.org

Reply

Sign in to reply online Use email software

Daniel Trstenjak

10:53 a.m.

New subject: Trac seems to think I'm a spambot...?

On Mon, Apr 07, 2014 at 09:27:32PM +0700, Kim-Ee Yeoh wrote:

What if we replace captcha with a short, static question, the web form equivalent of a secret handshake? And give it enough weighting to override akismet?

E.g.

* What is Haskell's middle name? * What is SPJ's middle name?

Yeah, I thought about something similar like: what's the result of 'map (+1) [1,2]'.

The main drawback to this is that it'll only be a matter of time before spammers wise up. But that interval might be long enough for something better on the horizon, e.g. akismet gets a lot smarter, better blog posts on tracspam, etc.

I don't think that the ghc wiki is of particular interest for spammers or that they gain a lot by understanding Haskell specifics. Most likely they will never notice it. Greetings, Daniel

Reply

Sign in to reply online Use email software

Edward Kmett

1:07 p.m.

New subject: Trac seems to think I'm a spambot...?

What is Simon's middle name? Is Peyton not part of his surname? Oh crap. I'm a bot. Sent from my iPad

On Apr 7, 2014, at 10:53 AM, Daniel Trstenjak wrote:

...
On Mon, Apr 07, 2014 at 09:27:32PM +0700, Kim-Ee Yeoh wrote: What if we replace captcha with a short, static question, the web form equivalent of a secret handshake? And give it enough weighting to override akismet?

E.g.

* What is Haskell's middle name? * What is SPJ's middle name?

Yeah, I thought about something similar like: what's the result of 'map (+1) [1,2]'.

...
The main drawback to this is that it'll only be a matter of time before spammers wise up. But that interval might be long enough for something better on the horizon, e.g. akismet gets a lot smarter, better blog posts on tracspam, etc.

I don't think that the ghc wiki is of particular interest for spammers or that they gain a lot by understanding Haskell specifics. Most likely they will never notice it.

Greetings, Daniel _______________________________________________ ghc-devs mailing list ghc-devs@haskell.org http://www.haskell.org/mailman/listinfo/ghc-devs

Reply

Sign in to reply online Use email software

Joachim Breitner

2:19 p.m.

New subject: Trac seems to think I'm a spambot...?

Hi, Am Montag, den 07.04.2014, 13:07 -0400 schrieb Edward Kmett:

What is Simon's middle name? Is Peyton not part of his surname?

It is, he has a middle name, and that is the reason I don’t find https://ghc.haskell.org/trac/ghc/wiki/Status/SLPJ-Tickets without looking in my browser history :-) Greetings, Joachim -- Joachim “nomeata” Breitner mail@joachim-breitner.de • http://www.joachim-breitner.de/ Jabber: nomeata@joachim-breitner.de • GPG-Key: 0x4743206C Debian Developer: nomeata@debian.org

Reply

Sign in to reply online Use email software

Kim-Ee Yeoh

2:53 p.m.

New subject: Trac seems to think I'm a spambot...?

On Mon, Apr 7, 2014 at 9:53 PM, Daniel Trstenjak

wrote:

Yeah, I thought about something similar like: what's the result of 'map (+1) [1,2]'.

Oooh, if we're going that route, I want to see 'succ <$> [1,2,3]'. I reckon we'd get [4,5,6] with some frequency. -- Kim-Ee

Reply

Sign in to reply online Use email software

Artyom Kazak

8 Apr 8 Apr

2:08 p.m.

New subject: Trac seems to think I'm a spambot...?

Look what I've found: http://codecha.org/ . It might be an easy solution to the Haskell-specific CAPTCHA problem. On 04/07/2014 06:53 PM, Daniel Trstenjak wrote:

On Mon, Apr 07, 2014 at 09:27:32PM +0700, Kim-Ee Yeoh wrote:

...
What if we replace captcha with a short, static question, the web form equivalent of a secret handshake? And give it enough weighting to override akismet?

E.g.

* What is Haskell's middle name? * What is SPJ's middle name?

Yeah, I thought about something similar like: what's the result of 'map (+1) [1,2]'.

...
The main drawback to this is that it'll only be a matter of time before spammers wise up. But that interval might be long enough for something better on the horizon, e.g. akismet gets a lot smarter, better blog posts on tracspam, etc.

I don't think that the ghc wiki is of particular interest for spammers or that they gain a lot by understanding Haskell specifics. Most likely they will never notice it.

Greetings, Daniel _______________________________________________ ghc-devs mailing list ghc-devs@haskell.org http://www.haskell.org/mailman/listinfo/ghc-devs

Reply

Sign in to reply online Use email software

Andrew Farmer

2:11 p.m.

New subject: Trac seems to think I'm a spambot...?

That moment when spammers start pushing language research forward by generating functions from natural language specifications. On Tue, Apr 8, 2014 at 1:08 PM, Artyom Kazak wrote:

Look what I've found: http://codecha.org/ . It might be an easy solution to the Haskell-specific CAPTCHA problem.

On 04/07/2014 06:53 PM, Daniel Trstenjak wrote:

...
On Mon, Apr 07, 2014 at 09:27:32PM +0700, Kim-Ee Yeoh wrote:

...
What if we replace captcha with a short, static question, the web form equivalent of a secret handshake? And give it enough weighting to override akismet?

E.g.

* What is Haskell's middle name? * What is SPJ's middle name?

Yeah, I thought about something similar like: what's the result of 'map (+1) [1,2]'.

The main drawback to this is that it'll only be a matter of time before

...
spammers wise up. But that interval might be long enough for something better on the horizon, e.g. akismet gets a lot smarter, better blog posts on tracspam, etc.

I don't think that the ghc wiki is of particular interest for spammers or that they gain a lot by understanding Haskell specifics. Most likely they will never notice it.

Greetings, Daniel _______________________________________________ ghc-devs mailing list ghc-devs@haskell.org http://www.haskell.org/mailman/listinfo/ghc-devs

_______________________________________________ ghc-devs mailing list ghc-devs@haskell.org http://www.haskell.org/mailman/listinfo/ghc-devs

Reply

Sign in to reply online Use email software

Edward Z. Yang

10 Apr 10 Apr

2:17 a.m.

New subject: Trac seems to think I'm a spambot...?

Did the spamchecker get turned off? I just deleted a ticket (#8982; check your mail archives) which should have been caught by essentially any spamchecker worth its salt. Also, do we have any facilities for permanently banning spammers? Excerpts from Kyle Van Berendonck's message of 2014-04-07 02:43:23 -0700:

Hmm.

I just got flagged as a spambot trying to reply to a ticket too. It did give me a captcha option though.

Reply

Sign in to reply online Use email software

4058

Age (days ago)

4061

Last active (days ago)

Download

14 comments

9 participants

tags

participants (9)

Andrew Farmer
Artyom Kazak
Daniel Trstenjak
Edward Kmett
Edward Z. Yang
Herbert Valerio Riedel
Joachim Breitner
Kim-Ee Yeoh
Kyle Van Berendonck