On Fri, May 15, 2020 at 1:58 PM Stephen John Smoogen <smooge(a)gmail.com> wrote:
Currently I am dealing with 1-3 failed account creations a day due to our spam checking
tool, basset.
Basset is the tool which sits in the account system creation path and tries to check to
see if an account is semi-valid or not. This was written by Patrick Uiterwijk about 4 to 5
years ago to deal with a large increase of spam accounts from a group who were paying
people to get past other spam tools versus using scripts. We came up with various
heuristics and tools to make for a general 'oh you are using a one-time-email system..
no account for you' and other checks.
However it is almost a full time job to keep up with all the various spam groups methods
for creating fake accounts for whatever they want. I haven't put much time into since
2018 and the heuristics that basset is using to judge whether a person has a valid account
or not are way out of date. The spam groups have also gotten more sophisticated in
creating accounts so we are more likely to allow a spammer in than a 'ham'-mer.
I am not sure what to do.. I do not know how hard it would be to pull basset out of the
system and I do not have the time to update/fix/improve Patrick's code on this. So I
figured it would be good to get some feedback on this.
Disabling it is very simple.
Just remove all the config lines at
https://infrastructure.fedoraproject.org/cgit/ansible.git/tree/roles/fas_...
.
An alternative could be to just increase the required spam-score from
Basset to *very* high numbers (in the thousands), so it never sees
someone as spam.
That last one would mean it also doesn't need changes in the other
apps that might be integrated with it, and it would still get all the
useful info.
--
Stephen J Smoogen.
_______________________________________________
infrastructure mailing list -- infrastructure(a)lists.fedoraproject.org
To unsubscribe send an email to infrastructure-leave(a)lists.fedoraproject.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedora...