On Tue, Aug 28, 2018 at 7:26 AM, David Galloway <dgallowa@xxxxxxxxxx> wrote: > > So it turns out the API isn't actually being used. I had to disable > creating issues for the "Non-members" group which basically includes > every authenticated user except developers. > > I think this is going to be the only surefire way we can prevent this > from happening again. > > Alternatively, I could block certain user agents (one in particular was > used this time) and add a Captcha to the registration page. +1 for captcha that will keep rogue accounts away. > > I'd like the community's input. > > On 08/28/2018 08:57 AM, David Galloway wrote: > > Thank you. I've disabled the API for now. > > > > On 08/28/2018 07:43 AM, Nathan Cutler wrote: > >> This time the spammer appears to be hammering the ceph-ansible project: > >> > >> https://tracker.ceph.com/projects/ceph-ansible/issues > >> > >> Nathan
