Gitlab spam has started

Erik Huelsmann ehuels at gmail.com
Mon Dec 10 20:52:38 UTC 2018


Hi Vladimir,

On Mon, Dec 10, 2018 at 3:23 AM Vladimir Sedach <vas at oneofus.la> wrote:

> Hello,
>
> Looks like two-factor authentication is not deterring the spammers:
>

Well, I did kind of expect that *some* spam would come through. However,
what I noticed based on your signal is that I am not getting a notification
about newly created projects and that it's therefor hard to monitor
activity on our instance.


>
>
> https://gitlab.common-lisp.net/Credent/icq-723073191-we-update-daily-sell-cvv-good-fullz-fresh-ssn-dob
>
> https://gitlab.common-lisp.net/Credent/icq-723073191-we-updates-daily-sell-cvv-good-fullz-fresh-ssn-dob
>
>
Removing the user *and* these repositories was extremely easy: one click of
a button by an administrator (which includes me).


> Is there some kind of moderation queue we can set up for new
> projects?


We can set the number of projects people can create to 0 (zero). That means
that everybody who creates an account without further verification will not
be able to create a repository of their own. However, that may then result
in spam tickets or spam snippets being created ...


> I can help moderate.
>

Thanks! The first step would be to identify how we can be notified of any
new repositories which are being created or how we can identify users who
would like to have the ability to create a new repository. We can work from
there to see about the queue. I don't think there is one built-in with
GitLab at the moment...


>
> Thank you,
> Vladimir
>
>
Regards,

-- 
Bye,

Erik.

http://efficito.com -- Hosted accounting and ERP.
Robust and Flexible. No vendor lock-in.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mailman.common-lisp.net/pipermail/clo-devel/attachments/20181210/7851eb52/attachment.html>


More information about the clo-devel mailing list