Increase in spam in the past few weeks

[jezdez]

It seems as if there is a lot of new spam coming in from people using Twitter (IIUC) to sign up for djangosnippets. I would suggest to increase the bar for submission by

1. adding recaptcha
2. allowing signup only for users with verified email addresses

• either via SOCIALACCOUNT_EMAIL_VERIFICATION (which would require a separate email verification upon signup via twitter and github)
• and definitely SOCIALACCOUNT_QUERY_EMAIL and maybe SOCIALACCOUNT_EMAIL_REQUIRED (which would make the whole thing required)
  https://django-allauth.readthedocs.io/en/latest/configuration.html

@carltongibson @felixxm @stephrdev Does anyone have some spare cycles to take a look at this?

[carltongibson]

Hey @jezdez. I'll take a look. Thanks for the report!

[jezdez]

Much appreciated!

[bartTC]

I'd also consider dropping Twitter for registration and only allow Github and Bitbucket.

I think our audience that does have Twitter, but does not have Github goes towards zero.

[jezdez]

Yeah, agreed.

[carltongibson]

Hi @jezdez.

• Can you give me staff status on the site? (I'm carltongibson.) I'd like to see the account statuses...
• It looks like verification is already required. (Going though the steps, with GitHub, I'm sent the email, and need to click it etc.) — I'll double check this.
• Legitimate folks may already be signed up with Twitter, so I can't just disable it I think? (A glance at the admin would help me clarify this... — if all users have emails, which they might looking at the settings, then we can just make then login like that next time...)

We'll get it sorted. Thanks.

[jezdez]

@carltongibson Done.

[carltongibson]

Ta. Just a thought... should I delete the spam posts whilst I'm in there? (I know that's a loosing battle but...)

[jezdez]

When you mark them from the website as spam (https://dsc.cloud/a46d84/6iAe6iikIpEqkNDcTPNA) you can then go into the "snippet flags" section and select the "remove snippet and ban user" admin action.

[carltongibson]

Super. Thanks. I'll do a bit of that as I go. 🙂

[carltongibson]

OK, follow-up here with interim conclusions.

• Emails are already being validated. I'm not sure disabling Twitter would solve it... But...

• We could implement a rate-limit, between sign-up and first post, and between posts. (I think that would be quite effective, at least the between-posts one — I need to check the gap for the first-post thought...)

• I see Auto hide snippet when snippet flag with "spam" is created #38: auto-hide on flag. Yes, super.

• An admin action to mark as spam from the Snippet list-view would be great. It's easy to see it's spam, but you have to find the snippet on the main site to flag it.

• When Deleting and Banning a spam user, it would be good to delete their other posts too, or be given a list of those to select from. (Then a single flag lets you get them all.) This might not be necessary if mark as spam from the Snippet list-view was in place.

• Finally, it would be good to clear the cache on the Front Page of the list of recent snippets when deleting as spam, so that they don't keep showing there.

• Recaptcha might help. But it's recaptcha.

If anyone wants to help with any of these, super. But I'll potter away at them too.

[chriswedgwood]

Im happy to pick up this work, should I start with #38 ?

[carltongibson]

Hi @chriswedgwood. Yes. That would be super. Thanks!

[santos22]

Hi @carltongibson 👋

Just learned about https://djangosnippets.org/ and was hoping I could start contributing right away.

For the following interim conclusion:
An admin action to mark as spam from the Snippet list-view would be great. It's easy to see it's spam, but you have to find the snippet on the main site to flag it.

Is the area enclosed in red something you had in mind?

[chriswedgwood]

Hi @santos22

Great timing I was just about to start working on this feature and thankfully hadn't started.

I think that is exactly what we are looking for!

Once a snippet is flagged it should only be visible to staff and not to normal users?

[chriswedgwood]

I'll start working on adding recaptha. May as well give it a go

[carltongibson]

Hi @santos22. Rather an Admin Action. From the admin list view, it's easy to see spam, so it would be good to mark them from there. I hope that makes sense.

[santos22]

Makes sense to me - currently working on that item 👍

Thanks for clearing that up!