Spam countermeasures?


#1

Our phabricator instance is suffering from chinese spam posts. Always 10 tasks created at the same time by a random character/digit newly created username. Example: https://lab.apertus.org/p/pti0520pa/
It happens every couple of days and requires an admin to manually clean out the tasks from the CLI - very annoying.

Now I am quite surprised that there are zero posts/reports/mentions of other people receiving spam in phabricator or any countermeasures here on this forum or the internet in general. Are we really the only ones?
Enabling Recaptcha has had no success in stopping the spam posts.


#2

See https://secure.phabricator.com/T10215 for general discussion.


#3

@apertus: You definitely are not alone in dealing with spam. Wikimedia has seen some spam and vandalism, and quite a lot recently. We’ve resorted to requiring approval for new accounts, unfortunately, due to the lack of adequate countermeasures in Phabricator when configured as a public / open system.


#4

Very interesting, thanks for the feedback!

I now also switched our phabricator to requiring approval for new accounts.

Do your admins just go through the approval queue and delete obvious random character spam accounts or do you ask real people to contact you for getting their accounts approved?