Hello, It turns out that Savannah gets considerable amounts of spam in people_resume of newly created accounts [0]. starting from 2011, spammer activity has been growing, and now it's 1000 to 2000 accounts a month [1] (in contrast, spam in trackers is quite rare).
[0] https://savannah.nongnu.org/support/?109597 [1] https://savannah.nongnu.org/support/download.php?file_id=46323 Most these accounts are easy to detect automatically with a very low false positive ratio, but then they'll still have to be removed manually: checking the text and visiting a single link per account. As an alternative, we could block enabling the resume (as opposed to the set of skills) unless the user, say, is a member of any group or has taken part in any discussion on a tracker. This would prevent most spam if not spam accounts themselves, however, some accounts look like user_name: pillsbestprices realname: jim, matt, sam, mike (people_resume is NULL) (the fields are typically _not_ in English). if we'd like to deal with this kind of spam, I think we'll have to remove the records from the database (not just set the status to 'S' and clear the fields) when a new account hasn't been used, for example, for 10 months. What do people think?
signature.asc
Description: Digital signature
