I get a 404 error when I login with my github account (user in gitea is: Hermann)
@Isaac that should be fixed now
1 Like
May I ask who is responsible for all this spam and why the group or person is doing that?
The login restriction kind of makes the hurdle to contribute to this project larger than it already is with the selfhosted git-remote (instead of like GitHub or GitLab).
@benedikt-weyer Iāve enabled your account.
Here is what the spam account looks like:
From what I heard, a lot of public Gitea instances have the same problem. They usually use this to create fake issues or repos with low-effort seo spam. Itās unclear where they are from, but captchas do not stop them. Based on the spam they produce, I guess they are some kind of click farms operated from India.
And they donāt stop, just because they need to register. Just today, there have been 20 new registrations. Yesterday 50.
Thank you!
Okay that sounds indeed quiet annoyingā¦
Few ideas:
-
Maybe switch from reCaptcha to hCaptcha or similar. (reCaptchas can be passed automaticaly, for example using this plugin: https://chromewebstore.google.com/detail/buster-captcha-solver-for/mpbjkejclgfgadiemmefgebjfooflfhl . I use it too.) HCaptchas are a bit more resilient to bots from my knowledge. (https://docs.gitea.cn/en-us/administration/config-cheat-sheet?_highlight=captcha#service-service)
-
Adding the need for verifying the email.
-
Only allowing registration via a social login like github.
Changing the catptcha would probably only work, if the scamers automated the process. Because when real humans are responsible for the account creation, captchas obviously fail.
Thatās already the case. The emails are verified. I assume humans are doing all of this.
Iām trying to register to your Gitea instance too, my user name is MedaiP90; could I ask for account activation?
@MedaiP90 Iāve just enabled your account.
Oh true, I overlooked that. And crazy to think that this has to be profitable in a way, despite paying for human labor.
Could maybe preventing google from indexing the pages that contain the backlinks be an option?
I donāt think theyāre getting paid by pages indexed on Google, rather links placed on other sites.
No, I donāt think so either. And yes I also think that they are paid for liks placed on other sites, to give them a boost in the (google) search engine ranking. To my knowledge that happens because google and other search engine providers give pages with more backlinks a higher rating.
As far as I found out is that backlinks are only counted on pages indexed by google. (Otherwise google could not verify the existence of those links). So when the indexing of those repository/issue pages is prevented (for example over the noindex meta tag), then placing those links there would have no effect, and maybe it would stop the scammers from coming here.
A bit of a challange might be to make them aware that their efforts are useless.