2025-07-25T11:04:41 acidsys: who on the IDP side can sort out these spammers or spam bots to stop letting them through? 2025-07-25T11:06:32 I'm not sure what kind of answer you expect 2025-07-25T11:06:34 acidsys: looks like at least 20 new accounts that some don't meet IDP critera as spammers, or they have created actual spam, will start going through them soon... 2025-07-25T11:06:55 acidsys: just random letters for accounts 2025-07-25T11:07:56 that the self-service registration is lacking protection is a long known problem. it will be addressed with the new IDP solution because there is no effort spent on improving univention 2025-07-25T11:09:36 acidsys: ok, so change the rules then and just block them, so i don't have to spend hours justifying these MoFo's? 2025-07-25T11:09:50 which rules? 2025-07-25T11:10:12 that they have to create spam 2025-07-25T11:10:25 ??? 2025-07-25T11:11:25 acidsys: then domains and usernames and SFS clearly show them as spammers, so lets just block them ad IDP? 2025-07-25T11:12:38 acidsys: go have a look at all the carp being posted? Turn off IDP? 2025-07-25T11:16:14 it seems your "rules" refer to my comment last week that we should not block purely based on third party information. as I thought I explained in the same discussion, my comment is merely my opinion and if others think it is not justified or practicable, I am fine to adapt and to do with community accounts whatever the community deems right 2025-07-25T11:17:19 my perception was that some people agreed with my opinion and hence we stuck with it but maybe chat is not the best place to gather conclusive quorum 2025-07-25T11:22:15 *** teepee_ is now known as teepee 2025-07-25T11:22:39 acidsys: ahh ok, so can we turn off univention, it's going to take me some time to clean up all the carp? 2025-07-25T11:23:40 there is something like 50+ accounts on hold, let alone the spam? 2025-07-25T11:27:33 turn off? no that we cannot do. 2025-07-25T11:31:02 acidsys: bummer, ok. 2025-07-25T11:49:09 I was checking if there's an easy way to implement some stupid "enter cheesecake if you are not a robot" prompt as an intermediary solution in https://github.com/univention/univention-corporate-server/blob/release-5.0-7/management/univention-self-service/www/CreateAccount.js but I'm afraid it looks a bit complicated 2025-07-25T11:50:58 acidsys: ok, thanks for checking :smile: "cheesecake" 2025-07-25T11:51:24 * πŸ˜„ 2025-07-25T13:22:04 <_Marcus_> fyi: for christian boltz and other mail admmins: my email announcer for openSUSE Leap was not working since mid May, and will send out announcements starting now to security-announce and updates lists 2025-07-25T14:49:21 cboltz, hello. 2025-07-25T14:49:21 Can I get a developer maintainer role at the openSUSE:infrastructure:wiki repository? 2025-07-25T17:05:31 Yoshio: just use osc reqms 2025-07-25T17:26:15 acidsys: Is there a way to do the account verification not by emailing a link to click to validate the account, but rather something that involves a user action - enter a OTP code that's sent via e-mail, or something like that? I suspect that these spammers are automating receiving the e-mail and clicking the link. Or maybe add the 'proof of work' verification to the user registration page? 2025-07-25T17:26:38 hendersj: no, this is not possible with the current software. 2025-07-25T17:26:54 Shoot. What about adding proof of work to the login page? 2025-07-25T17:29:55 I thought about it for the self service portal but it is not easy because there is no existing infrastructure for this in SUSE 2025-07-25T17:31:43 there's not much incentive to change anything in UCS because it doesn't have a future 2025-07-25T17:32:37 so most feasible is on reverse proxy but whilst in openSUSE we can easily enable POW for hosts in SUSE I don't have access to this 2025-07-25T17:35:18 there is also the issue of the UCS self-service portal dying every few days until someone restarts it, maybe in this context it can be seen as an anti-spam feature?