| From: | Magnus Hagander <magnus(at)hagander(dot)net> |
|---|---|
| To: | Greg Stark <stark(at)mit(dot)edu> |
| Cc: | "Joshua D(dot) Drake" <jd(at)commandprompt(dot)com>, PostgreSQL WWW Mailing List <pgsql-www(at)postgresql(dot)org> |
| Subject: | Re: Wiki 2FA |
| Date: | 2016-01-23 21:50:26 |
| Message-ID: | CABUevEzxhe9JJH9NASs=Se3zGW1pdH66iKY=JmfN3wGo9HP-vQ@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-www |
On Sat, Jan 23, 2016 at 10:43 PM, Greg Stark <stark(at)mit(dot)edu> wrote:
> On Sat, Jan 23, 2016 at 8:41 PM, Magnus Hagander <magnus(at)hagander(dot)net>
> wrote:
> > It does not protect against people signing up for multiple accounts.
> Unless
> > you were actually planning to send out hardware 2FA tokens to each actual
> > contributor, but I'm pretty sure you didn't mean that?
>
> We could put a captcha which would at least prevent spammers from
> scripting attacks. I'm not sure what type of spamming we've had. I
> expect we would still see one-off spam by humans though.
>
We have a captcha for account singups already. That increased the signup
time by 30-45 seconds on average.
We also have a 7 day grace period, so new accounts could not use the wiki
for 7 days. It took *exactly* 7 days before the spam started again.
To me it's pretty clear that it did not come from scripts. Another hint of
that it that a couple of those "scripts" emailed us asking for us to let
them bypass the 7 day grace period.
--
Magnus Hagander
Me: http://www.hagander.net/
Work: http://www.redpill-linpro.com/
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Joshua D. Drake | 2016-01-23 23:25:52 | Re: Wiki 2FA |
| Previous Message | Greg Stark | 2016-01-23 21:43:44 | Re: Wiki 2FA |