$table = new PhabricatorUser();
$cache_path = 'progress.json';

I just deleted the users above and am backing away from D19933, at least for now, since it doesn't feel like an especially great fit for either secure or admin.

On admin, basically every user with a blurb is abusive. I've just disabled the field as a coarse reaction.

I'm planning to banish these users from secure. This is mostly: polish (?) SEO bots; printer fax spam; and "security researchers":

A couple of narrow ideas here:

D19485 fixed one small remaining bug; I deployed that to admin.

• I cherry-picked to stable and deployed to admin.
• I launched a test instance, invited 32 users, and saw only 20 invites actually go out.
• After accepting two invites, I saw more invites go out.
• I cancelled some invites, for good measure.

I think my plan here is basically:

The "Pending Invites" counter didn't seem to work correctly for this instance.

We got a printer fax spam support request into the completely private Support app today. 😑

As @avivey suggests, the remaining cache can be cleared with:

Anecdotally, Disqus uses Akismet and the hit rate isn't great (I've observed both a high false positive rate, and a high false negative rate).

Mooooooo

We've closed registration on this install, mooting this.

The new paid support application is now in closed beta. This will become publicly available in the relatively near future, then become then channel for SAAS support after that. It may later become the channel for some types of free/community support (most likely bug reports, per above) but this probably won't happen for a while.

https://secure.phabricator.com/conpherence/1336/#42940

FWIW we have seen several users attempting to distribute l33t w4r3z via Wikimedia's instance of Phabricator. I had to set file upload limits to < 8MB in order to prevent chunked file storage.

lol, sigh

A handful of users had created Conpherence threads to help the community find HP printer fax support. I destroyed these threads manually. There's currently no "Can Create Threads" permission and I probably wouldn't want to lock this down today since we get some legit uses out of it too.

You could pay reviewers with Mana ;)

As a small step towards a more general solution I think it would be very helpful to allow the admins to easily revert changes, where revert means that there will be no traces left of the vandal action after the revert.

Good job triggering the spam filter.

In T11989#203781, @epriestley wrote:

Press F to pay respects.

FWIW I think this is pretty genius. Especially the repro-or-it-didn't-happen aspect.

Here's an attempt to manually classify recent feature requests. I'm not sure how much value we're really getting out of this channel except from users who are already part of Community:

Recently, we've started seeing a handful of attacks where human users appear to read a discussion, formulate a human-sounding, contextual reply (e.g., discussing the thread topic in what appears to be a human way, just with a very shallow understanding of the issue), and then include a link to a site offering various services (mostly essay writing?) in the footer.

• Add unit tests.
• Match "o" and "O" for 0, etc.

In T10215#197801, @epriestley wrote:

We can also let installs send us all their data, we'll decide if it's spam or not, then we remotely delete any data that we feel like deleting. But we'd have to charge like a gorillion dollars per message to make this sustainable today.