On 08/29/2018 12:38 PM, David Galloway wrote: > > On 08/28/2018 04:33 PM, Nathan Cutler wrote: >>> I think this is going to be the only surefire way we can prevent this >>> from happening again. >>> >>> Alternatively, I could block certain user agents (one in particular was >>> used this time) and add a Captcha to the registration page. >>> >>> I'd like the community's input. >> >> Non-member issue creation is widely used. It would suck if one had to be >> a developer to create Redmine issues (i.e., report bugs). >> >> So, my vote goes to the second option. >> >> Thanks, David, for fighting this anti-social behavior. >> > > > Okay, I've added a Captcha to the registration page, blocked the User > Agent that was creating spammy issues, and re-enabled issue creation for > regular users. > > Fingers crossed. > The spammers are somehow successfully passing the Captcha on the registration page so more spam issues have been created over the past week. I just created a fail2ban rule to block excessive issue creation (I'm intentionally leaving details out so they can't be used against me/us). This will reduce but not block spam entirely. I'm not sure adding a Captcha to the issue creation page would help but that's next.
