937821 - comment flood protection

Status: NEW

(Bugzilla :: Creating/Changing Bugs, enhancement)

Description

[Dave Garrett]

New BMO accounts should have some sort of flood restriction in place preventing them from posting more than twice in a row to a bug other than their own within some reasonable timeframe. One person should not be able to abuse the system to send out a thousand emails of spam as easily as they apparently can.

If such a feature does not currently exist in Bugzilla please move this to the Bugzilla component as a feature request.

Additionally, duplicate comment detection and blocking wouldn't hurt.

Comment 1

[David Lawrence [:dkl]]

FWIW, this would need to extend to new bug creation as well as the abuser could just create a massload of new bugs with similar descriptions which generates quite a bit of spam to the people watching the component.

So basically the customization would need to rate limit comments, new bugs, and attachments to users designated as "new" which we have the capability to do with the TagNewUser extension currently in place.

dkl

Comment 2

[Dave Garrett]

Protecting people watching components would be nice, but I'm more concerned with the hundreds of people CCed on major feature bugs. We've got a flood of bad stuff ending up in the inboxes of people who are not directly connected to Mozilla. Lots of obscenities in this recent spat of junk and I remember seeing another one a while back full of rather disgusting conspiracy theories. Some web developer who just wanted to keep up with the status of something being added to Firefox shouldn't have to deal with this mess. If every aspect of posting available to new users was protected against flooding that would be wonderful, but just limiting consecutive comments in unowned bugs is what's needed to deal with this specific type of case.

Comment 4

[Dave Garrett]

This isn't really a dupe of bug 704753 unless you expand the scope of both of them beyond their initial issue. Again, I'm suggesting a very narrow scope of a fix here: flood protection for comments in unowned bugs. That is all. A full spam resistance system would be nice, but is apparently the sort of thing that isn't going to get fixed any time soon (as indicated by the lack of progress in bug 704753). That bug is very generalized and largely went nowhere, so I'll list this as a blocker instead as I'm just suggesting a small subset of what could be done.

Comment 5

[:glob ✱]

even with the limited scope, this isn't something that can be quickly thrown together :(
regardless, this would be better implemented upstream, moving.

Comment 6

[Dave Garrett]

Well, I and over a hundred other users just got 23 emails in a row full of rage, obscenity, and Hitler references from a guy with severe mental issues. (probably the same guy who did this sort of thing before) Bugzilla is not like a forum; the comments can be deleted by an admin, but the emails still all go out. It is too easy to abuse the current system and it reflects badly on Mozilla.

Please, Bugzilla needs *basic* flood protection. Yeah, it'd be nice to have a full suite of ways to deal with all types of spamming, but at the moment I'd just like Bugzilla to avoid relaying thousands of emails rambling about goat rape.

Comment 7

[Dave Garrett]

Oh look, another 10 or so emails chanting "white power" and "seig hiel" posted with a new account as I'm typing this. (I've lost count now)

Somewhere around the 30th comment, the comment restriction flag was finally turned on by an admin. There needs to be an automated way to deal with this better.

The filing of new spam bugs is a contained annoyance. The only people who have to deal with that are the people listening to the components and the triagers. Comment spam is a far more serious issue. We've got regular users CCed on high-profile bugs getting waves of hate, all from one disturbed guy putting in a minor amount of effort.