On Tue, Aug 28, 2018 at 7:26 AM, David Galloway <dgallowa@xxxxxxxxxx> wrote: > So it turns out the API isn't actually being used. I had to disable > creating issues for the "Non-members" group which basically includes > every authenticated user except developers. > > I think this is going to be the only surefire way we can prevent this > from happening again. > > Alternatively, I could block certain user agents (one in particular was > used this time) and add a Captcha to the registration page. > > I'd like the community's input. We can talk about blocking off the general public from our bug tracker in the Ceph Leadership Team, but instinctively I don't like the idea — it forces people to go through the mailing list and attract attention from somebody to report any issues. :/ I haven't dug into this, but perhaps it's also possible to rate-limit particular groups in Redmine? Developers need to be able to scrub bugs or transcribe things, but non-members probably aren't discovering a bug more often than every ten minutes or whatever. ;) -Greg > On 08/28/2018 08:57 AM, David Galloway wrote: >> Thank you. I've disabled the API for now. >> >> On 08/28/2018 07:43 AM, Nathan Cutler wrote: >>> This time the spammer appears to be hammering the ceph-ansible project: >>> >>> https://tracker.ceph.com/projects/ceph-ansible/issues >>> >>> Nathan
