As a general lesson, what we learnt is these are not bots. These are real humans working in some poor country manually creating accounts (always gmail accounts) and pasting all sorts of random text. Some of these people even setup 2FA and open issues with junk text, it's amazing. Unfortunately, GitLab from what I can tell cannot make issues read-only to non project members (i.e I only want project members to open issues, others can just read and watch issues).
Currently, our forum spam (https://forum.cloudron.io) is way more than GitLab spam. On the forum, we even have Captcha enabled (something we despise) but even that doesn't help when there are real humans at work.
We implemented a filter anyway.
(This was not Gitlab, but a specific form on our unique website.)
What... why? What is their goal???
Also you'll find spambots posting on any open form on the internet even if it doesn't do them any good, because much of it is automated, so even if you hide the results the spam will still come in.
See my proposal here: https://gitlab.com/gitlab-org/gitlab/-/issues/14156#note_258...
Google no longer treats "nofollow" as strongly as it used to: https://webmasters.googleblog.com/2019/09/evolving-nofollow-...
Just so that I can follow - URLs posted by non-admins should not render as HTML URLs at all? Wouldn't that be quite limiting for OSS project members for example?
I think being able to link to related issues and link into the code is still important, for example.
It's certainly a trade off, but spammers want it to be rendered as a link.
It appears as though they want to mark these links in order to prevent inorganic SEO, not help it.
When they have to set up a new email account and maybe even a new IP address for every few accounts, it gets to be a lot of work soon.
1. Ban a burgeoning tech industry which has produced over 20 unicorns,receives billions in funding from across the world and produces world-class tech talent;
2. Ban millions of other OSS developers from contributing; and
3. Just lead to SEO spammers picking out other impoverished countries to spam from, which means finally you'll end up with only people from the "west" being able to contribute in any way.
On my backlog of projects to do is to make a browser extension that solves the more obnoxious captchas for me, as I'm regularly behind vpn and fall into ridiculously long solve loops.
On the most popular api i could find, $10 buys you a shockingly LOT of solves (not that I've tested it yet). It is automatable but ultimately still powered by humans.
Personally, I suspect there would be more without at least some speed bumps to raise the cost of spamming. I would absolutely love for there to be better options than recaptcha that meets the same needs around bot-detection, price, implementation effort, and accessibility. It is, sadly, the best option I've seen on offer.
You're right. The scenario we're in is incredibly sad. It would be wonderful if the individual actors involved had better options to meet their needs.
All the maturely developed bot filters frequently throw me in an endless battery of tests that have me giving up in frustration before finally making it through to content I'm requesting.
> aren't the ones destroying the internet
IMO they are every bit as much destroying it as the abusers they're claiming to fend off.
In the meantime, i hope to have the savviness to program my own way out of unsolvable captchas.
Edit: on re-read, you meant solving using humans. Buster uses speech-to-text APIs to solve.