Re: RFC: How to deal with account creation

Currently I am dealing with 1-3 failed account creations a day due to our spam checking tool, basset. Basset is the tool which sits in the account system creation path and tries to check to see if an account is semi-valid or not. This was written by Patrick Uiterwijk about 4 to 5 years ago to deal with a large increase of spam accounts from a group who were paying people to get past other spam tools versus using scripts. We came up with various heuristics and tools to make for a general 'oh you are using a one-time-email system.. no account for you' and other checks. However it is almost a full time job to keep up with all the various spam groups methods for creating fake accounts for whatever they want. I haven't put much time into since 2018 and the heuristics that basset is using to judge whether a person has a valid account or not are way out of date. The spam groups have also gotten more sophisticated in creating accounts so we are more likely to allow a spammer in than a 'ham'-mer. I am not sure what to do.. I do not know how hard it would be to pull basset out of the system and I do not have the time to update/fix/improve Patrick's code on this. So I figured it would be good to get some feedback on this.

-- Stephen J Smoogen. _______________________________________________ infrastructure mailing list -- infrastructure(a)lists.fedoraproject.org To unsubscribe send an email to infrastructure-leave(a)lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedora...