ChiliProject is not maintained anymore. Please be advised that there will be no more updates.

We do not recommend that you setup new ChiliProject instances and we urge all existing users to migrate their data to a maintained system, e.g. Redmine. We will provide a migration script later. In the meantime, you can use the instructions by Christian Daehn.

Implement solution for spam prevention (Feature #636)


Added by Daniel Nauck at 2011-09-22 08:27 am. Updated at 2011-09-23 08:10 am.


Status:Open Start date:2011-09-22
Priority:Normal Due date:
Assignee:- % Done:

0%

Category:User accounts
Target version:-
Remote issue URL: Affected version:

Description

Hello,

as discussed in the forum post chiliprojects needs a solid spam prevention method.

Since the recaptcha plugin is only targeted agains redmine and was incompatible with every version of chiliproject it would be a good idea to have such spam prevention method directly in chiliproject.

I think most users uses chili project as public installations for open source projects, so spam bots a a real problem. Had the same problems with Trac in the past.

Thanks.


History

Updated by Holger Just at 2011-09-22 08:45 am

Please describe a bit more detailed what exactly you are currently missing. "Spam prevention" is a very generic term so please provide one or more actual use cases where an applied measure can prevent a spam vector. Most important would be the description of the spam vector.

In my personal experience, the most successful anti-spam measure so far was to require registration and email verification. Stuff that goes through is 99% human source and can't be prevented by automated anti-spam measures.

  • (deleted custom field) deleted (https://www.chiliproject.org/boards/1/topics/218)
  • Target version deleted (3.0.0)

Updated by Holger Just at 2011-09-22 09:14 am

  • Status changed from Open to Needs more information

Updated by Daniel Nauck at 2011-09-23 08:10 am

Hello,

to write a bot that automaticly register and check an POP3 account to visit the email verify link is a work of 15 minutes.

There're 2 areas where we need to prevent spam:

Registration

Implement an entry point for a verification provider. A default included one could be a captcha (e.g. ReCaptcha) or some Q&A module (answer "1 + 5 = ?", ), etc. This will prevent automatic registration. The email verification is in this case just a check that the email address is correct, so chili does not spam wrong users with ticket changes & co.

Creating/modifing content

As we all know, spammers sometimes register accounts by hand to work around captchas & co and add them to their "spam pool". Some time later these accounts will start to spam the issues, wiki, etc. Then its too late and we have a lot of work to delete this spam content and the users.

So here again, implement a entry point for a verification provider that will verify every change to content for non admins, non developers & co.

  • a captcha
  • a Q&A module
  • some public useable content filter, e.g. Akismet & others (Mollom, AntiSpam Bee, Defensio and Typepad Antispam, etc)

I recommend to implement first a registration verify provider with an captcha (e.g. ReCaptcha) and/or a Q&A module.
This could be easily included into the chili core.

  • Status changed from Needs more information to Open

Also available in: Atom PDF