View Issue Details
|ID||Project||Category||View Status||Date Submitted||Last Update|
|0021028||mantisbt||administration||public||2016-05-30 05:18||2016-07-19 15:59|
|Summary||0021028: Loosen or remove antispam limit based on user seniority|
As discussed by e-mail following recent wave of spam attacks.
We should implement logic that improves our antispam protection, without negatively affecting "good" users.
One possibility would be to give some kind of "rating" to users, based on how long ago they registered, and/or how many issues / comments they posted. The rule to calculate this rating is to be discussed.
We could then use this rating to have differentiated antispam behavior, e.g. if it's high enough:
|Tags||No tags attached.|
Some thoughts to start discussion
Don't count issues and notes that have been created the last n days.
@atrol the concept makes sense. But doesn't get_user_reputation() return 0 for new users, hence, they can't add any issues or notes to start with?
Joking aside, I got aware of it when going to bed, but too late to correct it.
We could add config_get( 'antispam_max_event_count' ) to the reputation.
How about twisting the logic a bit and marking the issues and comments untrusted users create as private?
Then we could manually 'vet' new users and allow them to create public issues and comments. This of course requires some new admin pages, and maybe a way of making issues that were once private public ... Maybe not the best idea
This is similar to what I have configured in our forum.
I am not sure if using "private" for two different things ("private" or "not published") is a good idea.
|2016-05-30 05:18||dregad||New Issue|
|2016-07-18 17:55||atrol||Note Added: 0053637|
|2016-07-18 17:55||atrol||Note Edited: 0053637||View Revisions|
|2016-07-18 22:55||vboctor||Note Added: 0053639|
|2016-07-19 02:33||atrol||Note Added: 0053640|
|2016-07-19 12:46||rombert||Note Added: 0053657|
|2016-07-19 15:59||atrol||Note Added: 0053659|