Open mathiasbynens opened 7 years ago
nothing stopping spammers form registering for new github accounts. blacklist creators of spammy tests?
comment moved to OP
Couple of ideas (mostly from my own experience with jsbin):
I know the author of rawgit had some post about spam too, you may have read it already, but if you can find it, some useful bits in there too (sorry, typing from mobile so can't easily go hunting).
No relevant experience, but could limiting the max number of actions (editing/posting) per user per time period combined with requiring minimum "age" for the github accounts help?
Example (arbitrary numbers, replace as needed):
If a spammer requires 100,000+ github accounts to be effective won't that (hopefully) cause them difficulties with github's DOS prevention mechanisms(technical and legal)?
I vote:
Not sure of related, but I cannot add new tests. Keep getting the "I'm not a robot" screen of cloudflare, pass it successfully, and getting the same page back - without my tests. Tried it tons of times on different computers and locations. Not sure if my github user is blocked, my country's IP is blocked, or am I just really unlucky.
I suggest that blocked users/IPs (for any reason) will not be able to type in the tests in the first place. It's very frustrating to add 5 tests, hit submit, pass the captcha - only to find out that it was all for nothing.
I would be happy to have access to delete functionality for regular users also. At least for non-published tests. Just created temp test and can't delete it now :disappointed:
Could we kill the "Latest" page? It's the only place where the spam really is visible, and if the spam isn't visible I guess it takes the fun out of it for the spammers?
It’s not just /latest
, but also /popular
and feeds…
I just found out about the project and was really excited (starting with javascript) but the amount of spam is really discouraging so +1 for adding any form of validation (mail/github)
There must be a successful jsperf test run with some code before it can be published publicly. Edits to tests must also adhere to the requirement.
This will work against straight link dropping form filler spam.
Stopping by to drop a specific example of one account, if that helps you out any.
@mathiasbynens Oh, and after about ~30 min of perusing, here's a list of Google searches to try, which amount to near-100% spam. Oh, and you might notice quite a few spam networks in that mix (and you might want to start looking at the GH usernames in the database to spot patterns and start banning them and targeting their posts/comments more effectively).
Just as a heads up, most of those are safe to nuke from orbit without much interpretation.
@isiahmeadows
and you might want to start looking at the GH usernames in the database to spot patterns and start banning them and targeting their posts/comments more effectively
The GitHub usernames are currently not tracked in the database. See https://github.com/jsperf/jsperf.com/issues/312.
@mathiasbynens I read that after I made the comment... (Probably should've edited that to clarify...)
But yeah, if you have any sort of identifying info, you might be able to figure out some of them.
I'll note that comments seem to have their GH users tracked, though - otherwise, I wouldn't have been able to click the "aa" username from some of those comments and trace it to the particular deleted GitHub user.
Recaptcha and CloudFlare are two great solutions
E.g.
Any ideas?
It would be nice if we could whitelist admin accounts (i.e. our own + some trusted folks) who could then access e.g.
https://jsperf.com/some-test-case/spam
to markhttps://jsperf.com/some-test-case
as spam, i.e. delete the test + blacklist the GitHub account that was used to create this test.This same whitelist could be used to unlock
/delete
functionality on tests and comments.authorGitHub
field topages
table (which contains the user’s GitHub identifier) (#153 needs this too)/spam
and/delete
features