[FFmpeg-devel] trac spam

Michael Niedermayer michael at niedermayer.cc
Thu Oct 19 21:18:40 EEST 2023 

On Thu, Oct 19, 2023 at 07:49:10PM +0200, Michael Koch wrote:
> 
> > You would have to read the trac source probably and maybe do local tests
> tracing through the code what happens
> but a non spammer posting spam
> setting up trac locally is easy, it comes with its own deamon you dont
> even need a webserver
> 
> That sounds too complicated for me.
> 
> What about my other question? Can it be changed that the spammer gets +20 points from successful captcha?
> The regex filter is useless if a pattern match gives only -10 points, but 20 seconds later the spammer gets +20 points from captcha.

IIRC each regex give -10 so multiple matches give more.

The problem is more fundamental do we allow users to override
spam mis identification ?
we can reduce the captcha score but then someone will hit a case where
she cannot post valid content
That means we then need a method to catch these and do something about them

Its not as if 20 fails and 18 is going to work, the captcha score would
have to be dropped to 8 for this one case you talk about here.

I think the captcha works as intended. It adds cost to the spammer
I doubt its economic for spammers to solve a captcha for having some spam
up for a few hours.

Again we can change all these scores but theres a minimum where its least
work and deleting spam is work as much as dealing with users who cannot post

So if you have some argument that a change in scores would reduce spam with
no valid users lost in the last 12months thats a much stronger argument
Another way would be to try a change and monitor what happens, do you
want to monitor all failed submissions for a few months ?
either way tuning these numbers requires some form of feedback mechanism
otherwise we would not truly know if we did something smart or stupid

thx

[...]

-- 
Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

Rewriting code that is poorly written but fully understood is good.
Rewriting code that one doesnt understand is a sign that one is less smart
than the original author, trying to rewrite it will not make it better.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 195 bytes
Desc: not available
URL: <https://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20231019/9986cf03/attachment.sig>

More information about the ffmpeg-devel mailing list