$table = new PhabricatorUser();
$cache_path = 'progress.json';

I just deleted the users above and am backing away from D19933, at least for now, since it doesn't feel like an especially great fit for either secure or admin.

On admin, basically every user with a blurb is abusive. I've just disabled the field as a coarse reaction.

I'm planning to banish these users from secure. This is mostly: polish (?) SEO bots; printer fax spam; and "security researchers":

A couple of narrow ideas here:

D19485 fixed one small remaining bug; I deployed that to admin.

• I cherry-picked to stable and deployed to admin.
• I launched a test instance, invited 32 users, and saw only 20 invites actually go out.
• After accepting two invites, I saw more invites go out.
• I cancelled some invites, for good measure.

I think my plan here is basically:

The "Pending Invites" counter didn't seem to work correctly for this instance.

We got a printer fax spam support request into the completely private Support app today. 😑

As @avivey suggests, the remaining cache can be cleared with:

Anecdotally, Disqus uses Akismet and the hit rate isn't great (I've observed both a high false positive rate, and a high false negative rate).

Mooooooo

We've closed registration on this install, mooting this.

The new paid support application is now in closed beta. This will become publicly available in the relatively near future, then become then channel for SAAS support after that. It may later become the channel for some types of free/community support (most likely bug reports, per above) but this probably won't happen for a while.

https://secure.phabricator.com/conpherence/1336/#42940

FWIW we have seen several users attempting to distribute l33t w4r3z via Wikimedia's instance of Phabricator. I had to set file upload limits to < 8MB in order to prevent chunked file storage.

lol, sigh

A handful of users had created Conpherence threads to help the community find HP printer fax support. I destroyed these threads manually. There's currently no "Can Create Threads" permission and I probably wouldn't want to lock this down today since we get some legit uses out of it too.

You could pay reviewers with Mana ;)

As a small step towards a more general solution I think it would be very helpful to allow the admins to easily revert changes, where revert means that there will be no traces left of the vandal action after the revert.

Good job triggering the spam filter.

In T11989#203781, @epriestley wrote:

Press F to pay respects.

FWIW I think this is pretty genius. Especially the repro-or-it-didn't-happen aspect.

Here's an attempt to manually classify recent feature requests. I'm not sure how much value we're really getting out of this channel except from users who are already part of Community:

Recently, we've started seeing a handful of attacks where human users appear to read a discussion, formulate a human-sounding, contextual reply (e.g., discussing the thread topic in what appears to be a human way, just with a very shallow understanding of the issue), and then include a link to a site offering various services (mostly essay writing?) in the footer.

• Add unit tests.
• Match "o" and "O" for 0, etc.

In T10215#197801, @epriestley wrote:

We can also let installs send us all their data, we'll decide if it's spam or not, then we remotely delete any data that we feel like deleting. But we'd have to charge like a gorillion dollars per message to make this sustainable today.

A while ago on some Phab instance I experienced people uploading copyrighted material as either files or Pholio mockups, then creating custom panels embedding those files plus creating a dashboard. Very creative and convenient. :) My guts also tell me that Conpherence rooms only accessible to specific users were involved to communicate/coordinate, but as admins are not all-powerful no-one could prove, I'm afraid.

That one is somewhat interesting because the user created a safe-looking object, then edited the objectionable content into it. I had hoped we might see a few years of uneasy peace before things escalated so far.

Endless war continues with E1323 😉

Users @techhelpuk and @antivirussupportuk each created one new Calendar event this morning, offering help with anti-virus software instead of printers and encouraging users to call new numbers.

We scored our first kill today. @dgdfgdg slipped through our defenses in his initial volley, but we reacted quickly and the system automatically deflected his second salvo.

I have a not-so-bad version of this in mind but it seems that the printer faxers are too terrified of our advanced defenses to even attack us any more.

OK, so just unfortunate timing then. Ignore the smell of smoke, there's no fire apparently. :)

I turned on email verification if you previously made an account here and never verified it, you were probably prompted.

In T11989#203387, @epriestley wrote:

If you are not an administrator and create a task with THE FAX SUPPORT NUMBER THAT SHALL NOT BE NAMED in the title or body, you will now be immediately logged out of all your sessions and your task will be quarantined.

I thought it was OK for us to test various revenue streams?

If you are not an administrator and create a task with THE FAX SUPPORT NUMBER THAT SHALL NOT BE NAMED in the title or body, you will now be immediately logged out of all your sessions and your task will be quarantined.

That is quite hard to protect against real people dedicating their time on spamming projects. As @epriestley mentioned, there are paid systems for that.

In T10215#197817, @epriestley wrote:

From what we've seen on this install, the "printer fax support" spammers are humans willing to go to significant lengths to overcome access barriers (they fill out Captchas, register and link GitHub/Google accounts, validate email addresses, successfully navigate workflow changes, originate from different remote addresses, and take actions slowly), so I suspect no automated system designed to deter bots will be effective against them. My best guess is that they're being recruited through Mechanical Turk or some similar system.

I can't remember if Phabricator already requires a confirmed e-mail address to do anything.

In T10215#197805, @brechtvl wrote:

• Custom Blender specific captcha or question that bots can't answer

Of course there's no totally automatic and reliable system, we're just trying to find something better than manually removing dozens of spam tasks every day.

We can also let installs send us all their data, we'll decide if it's spam or not, then we remotely delete any data that we feel like deleting. But we'd have to charge like a gorillion dollars per message to make this sustainable today.

Nuance (Phabricator Help Desk) is the only reasonable way forward here I can think of, which puts new tasks into a private queue). Anything else is cat & mouse with spammers and that's just a huge time sink for us with no obvious benefit (99% of installs are private).

What sort of reliable and automatic solution are you hoping for? How could the system reliably, automatically detect that a user is a spammer or that a task assignment is unwanted?

The past few days we've had a lot of spam on the Blender phabricator instance. These spammers are also assigning tasks to random users, who then get emailed. See here for examples:
https://developer.blender.org/maniphest/query/all/

As far as I know, no users have actually gone berserk and deleted all their comments in nearly two years now, so I don't plan to specifically build comment removal rate limiting: this action does not seem particularly more dangerous or abuse-prone in practice than other actions like adding comments, merging tasks, etc. If a user did do this, recovery is likely not very difficult even without limiting.

This is enormously complex to implement in the general case.

Suggestion from one chat I had:

I mean even having just a "Revert" button for each change would be easier
Even if you had 50 to click, it's better than manually undoing :)