Web link spam in Gerrit comments
39 views
Skip to first unread message
James E. Blair
Jul 14, 2016, 8:18:34 AM7/14/16
to repo-d...@googlegroups.com
Hi,
We recently received our first spam Gerrit comments. Someone created a
throwaway account and then, on a couple of changes, copy/pasted an
existing comment from a different user and added a link to an unrelated
site.
We looked around and found some similar comments on other public
Gerrits.
In order to negate the value of this to the spammer, we deleted the
comments from the database. I wrote a quick script for this in case
it's helpful for anyone else:
https://git.openstack.org/cgit/openstack-infra/system-config/tree/tools/delete-gerrit-spam.py
-Jim
We recently received our first spam Gerrit comments. Someone created a
throwaway account and then, on a couple of changes, copy/pasted an
existing comment from a different user and added a link to an unrelated
site.
We looked around and found some similar comments on other public
Gerrits.
In order to negate the value of this to the spammer, we deleted the
comments from the database. I wrote a quick script for this in case
it's helpful for anyone else:
https://git.openstack.org/cgit/openstack-infra/system-config/tree/tools/delete-gerrit-spam.py
-Jim
Doug Kelly
Jul 19, 2016, 7:34:54 PM7/19/16
to Repo and Gerrit Discussion
This will work great for now (while comments are in the DB), but how will we handle this in the future, when comments are instead stored in the git repository? Removing said comments becomes much less clean perhaps (or maybe simpler?)...
Also, account management itself isn't exactly Gerrit's domain, is there value in third-party authentication schemes (i.e. GitHub) for removing throwaway/junk accounts (I assume they already have some decent spam detection, such as recaptcha in place), or are you rolling your own authentication/signup?
--Doug
Reply all
Reply to author
Forward
0 new messages