Spam is still getting through

[mathiasbynens]

E.g.

https://jsperf.com/manny0899231
https://jsperf.com/https-imgur-com-gallery-bb4dz

Any ideas?

---

It would be nice if we could whitelist admin accounts (i.e. our own + some trusted folks) who could then access e.g. https://jsperf.com/some-test-case/spam to mark https://jsperf.com/some-test-case as spam, i.e. delete the test + blacklist the GitHub account that was used to create this test.

This same whitelist could be used to unlock /delete functionality on tests and comments.

• map pages to GitHub accounts in the database, i.e. add authorGitHub field to pages table (which contains the user’s GitHub identifier) (Cannot edit own test #153 needs this too)
• implement admin safelist (of GitHub identifiers)
• use admin safelist to enable /spam and /delete features

[maxbeatty]

nothing stopping spammers form registering for new github accounts. blacklist creators of spammy tests?

[mathiasbynens]

comment moved to OP

[remy]

Couple of ideas (mostly from my own experience with jsbin):

• Hellban over blacklist (and I'd hellban the user by ip, so they could see their content even if they were signed out but the ip matched)
• potentially use github repo and gist count as an indicator of whether extra validation is required, ie. If no repos or gists, then you need to validate your email address before posts are public
• jsbin has a black list regexp (private) that prevents bins containing certain phrases from saving entirely (again, this is silent, akin to hellbanning)
• I found zero success on reporting spam, but it's worth adding a link to notify (if you don't have it already)
• bins posted on Facebook counted for a lot of spam, so if a bin is loaded and the referrer is facebook, it has a negative flag and potentially spammy mark.

I know the author of rawgit had some post about spam too, you may have read it already, but if you can find it, some useful bits in there too (sorry, typing from mobile so can't easily go hunting).

[bd82]

No relevant experience, but could limiting the max number of actions (editing/posting) per user per time period combined with requiring minimum "age" for the github accounts help?

Example (arbitrary numbers, replace as needed):

• At most 10 new test cases per day.
• At most 50 new test cases per month.
• Github account must be 48 hours old hours old.
• For github accounts younger than 48 hours only a single test case may be created.

If a spammer requires 100,000+ github accounts to be effective won't that (hopefully) cause them difficulties with github's DOS prevention mechanisms(technical and legal)?

[tomByrer]

I vote:

• Need to login with Github/Gitlab/Atlassian account
• filter the test for blacklisted domains
• allow users to flag (also helps with non-functional tests with no results that I keep finding)
• mods as described in OP

[oriadam]

Not sure of related, but I cannot add new tests. Keep getting the "I'm not a robot" screen of cloudflare, pass it successfully, and getting the same page back - without my tests. Tried it tons of times on different computers and locations.
Not sure if my github user is blocked, my country's IP is blocked, or am I just really unlucky.

I suggest that blocked users/IPs (for any reason) will not be able to type in the tests in the first place. It's very frustrating to add 5 tests, hit submit, pass the captcha - only to find out that it was all for nothing.

[farwayer]

I would be happy to have access to delete functionality for regular users also. At least for non-published tests. Just created temp test and can't delete it now 😞

[madskonradsen]

Could we kill the "Latest" page? It's the only place where the spam really is visible, and if the spam isn't visible I guess it takes the fun out of it for the spammers?

[mathiasbynens]

It’s not just /latest, but also /popular and feeds…