Forum spam #1878

timurmobi commented 2025年04月24日 08:21:40 +02:00

Comment

Hi. In the last hours I received forum spam from several bot accounts. The posts look almost kind of real, which is bothering. Maybe a limit to the number of new issues a user can create (per hour?) can solve this to a large extend? Most users do not need to create many issues per hour. Thank you.

### Comment Hi. In the last hours I received forum spam from several bot accounts. The posts look almost kind of real, which is bothering. Maybe a limit to the number of new issues a user can create (per hour?) can solve this to a large extend? Most users do not need to create many issues per hour. Thank you.

DemocracyPilgrim commented 2025年04月24日 09:19:53 +02:00

Yes.

I appreciate Codeberg for fighting hard against these orchestrated attacks. We just saw a big number of accounts who each created hundreds of issues within hours, all seemingly posting a coherent message about documentation/installation etc. but soon switching to issues with a racial slur in the title. Such issues were posted in my project as well.
Apparently Codeberg has regularly been targeted by such vicious attacks from extreme right movements precisely because Codeberg took a stance against hate speech and racism.
https://blog.codeberg.org/we-stay-strong-against-hate-and-hatred.html

So, this is the first thing we ought to acknowledge: the hard work expanded by the Codeberg team in order to keep this platform clean. Thank you.

Having said that, what the OP proposes makes sense, if feasible and if someone has the time to implement it.

Yes. I appreciate Codeberg for fighting hard against these orchestrated attacks. We just saw a big number of accounts who each created hundreds of issues within hours, all seemingly posting a coherent message about documentation/installation etc. but soon switching to issues with a racial slur in the title. Such issues were posted in my project as well. Apparently Codeberg has regularly been targeted by such vicious attacks from extreme right movements precisely because Codeberg took a stance against hate speech and racism. https://blog.codeberg.org/we-stay-strong-against-hate-and-hatred.html So, this is the first thing we ought to acknowledge: the hard work expanded by the Codeberg team in order to keep this platform clean. Thank you. Having said that, what the OP proposes makes sense, if feasible and if someone has the time to implement it.

natkr commented 2025年04月24日 12:24:29 +02:00

One kind of adjacent thing is that it feels very confusing to get the original notifications, think they're legitimate, go to the issue, and just get slapped with a "generic" this-never-existed-404 page. Maybe it would be viable to differentiate in the 404 page somehow (at least to the repo owner/contributors) that it was banned by moderation/anti-spam?

One kind of adjacent thing is that it feels very confusing to get the original notifications, think they're legitimate, go to the issue, and just get slapped with a "generic" this-never-existed-404 page. Maybe it would be viable to differentiate in the 404 page somehow (at least to the repo owner/contributors) that it was banned by moderation/anti-spam?

Gusted commented 2025年04月24日 13:53:31 +02:00

@natkr wrote in #1878 (comment):

Maybe it would be viable to differentiate in the 404 page somehow (at least to the repo owner/contributors) that it was banned by moderation/anti-spam?

Forgejo don't keep records if spam is removed, however if you look closely at the 404 page it already mentioned this:

The page you are trying to reach either does not exist, has been removed or you are not authorized to view it.

@natkr wrote in https://codeberg.org/Codeberg/Community/issues/1878#issuecomment-3932780: > Maybe it would be viable to differentiate in the 404 page somehow (at least to the repo owner/contributors) that it was banned by moderation/anti-spam? Forgejo don't keep records if spam is removed, however if you look closely at the 404 page it already mentioned this: > The page you are trying to reach either does not exist, **has been removed** or you are not authorized to view it.

Wuzzy commented 2025年04月24日 13:55:35 +02:00

My repositories have been spammed with nonsense issues as well. Somehow the contents of the texts sound like real bug reports at first, but if you look at the details and know the game, they don't make sense.

For reference, here's a fake bug report I received for Repixture (it's already deleted by Codeberg, I only know about it due to the e-mail notification):

---

BEGIN OF FAKE BUG REPORT

---

🚨 Issue Overview 🚨

Hey team! 🙋‍♂️ I'm having a MAJOR problem with the crafting system in Repixture! 😤 I just discovered that the Welder tool isn't listed in the crafting guide! 🤯 🤦‍♀️

📝 Steps to Reproduce 📝

• Open the game 🌍
• Check the crafting guide 📜 (I've attached a screenshot for reference! 📷 )
• Search for "Welder" 🔍 (No results found! 😤 )

🤔 Expected Behavior 🤔

I expected to see the Welder listed as a craftable item! 🛠️ It’s so important for building! 🚧 I mean, how are we supposed to build without it?! 😩 🤷‍♂️

😞 Actual Behavior 😞

The crafting guide doesn’t show the Welder at all! 😱 This feels like a huge oversight! 📉 I thought I'd gone crazy, but I checked twice! 😵

🏷️ Additional Info 🏷️

• Version : 3.17.2 📅
• Platform : Luanti 5.8.0 🖥️

🆘 Urgent Fix Needed! 🆘

I really think this needs to be fixed ASAP! ⏰ If you could add the Welder to the crafting guide, that would be SUPER helpful! 🙏 🔥 Please let me know if you need any more info from my side! 🚀

Thanks for your hard work on this game! 🎮 Keep it up! 💪 💖

P.S. I found this bug while trying to craft a boat! 🛶 And now I'm stuck paddling without a Welder! 😩 Let's fix this so everyone can boat happily! 😂

---

END OF FAKE BUG REPORT

The problem? My game doesn't have a welder, never had one. But the rest is correct: The version number, the platform, there is a crafting guide, there are boats (well, almost: there is a log boat and a raft). The excessive use of emojis also kinda gives it away, because it's rare for me to get issues with so many emojis. I assume this text was generated by a LLM and the README and game manual were used as input. I received multiple such nonsense issues with a similar writing style. Multiple accounts were used.

BUT! The important takeaway is, the spammers still lost. 😁 All nonsense issues I've received are already 404'ed, so good work by the moderation team!

My repositories have been spammed with nonsense issues as well. Somehow the contents of the texts sound like real bug reports at first, but if you look at the details and know the game, they don't make sense. For reference, here's a fake bug report I received for Repixture (it's already deleted by Codeberg, I only know about it due to the e-mail notification): ----- BEGIN OF FAKE BUG REPORT ----- > ------------------ > 🚨 Issue Overview 🚨 > ------------------ > > Hey team! 🙋‍♂️ I'm having a MAJOR problem with the crafting system in Repixture! 😤 I just discovered that the *Welder* tool isn't listed in the crafting guide! 🤯 🤦‍♀️ > > 📝 Steps to Reproduce 📝 > ---------------------- > > * Open the game 🌍 > * Check the crafting guide 📜 (I've attached a screenshot for reference! 📷 ) > * Search for "Welder" 🔍 (No results found! 😤 ) > > 🤔 Expected Behavior 🤔 > --------------------- > > I expected to see the Welder listed as a craftable item! 🛠️ It’s so important for building! 🚧 I mean, how are we supposed to build without it?! 😩 🤷‍♂️ > > 😞 Actual Behavior 😞 > ------------------- > > The crafting guide doesn’t show the Welder at all! 😱 This feels like a huge oversight! 📉 I thought I'd gone crazy, but I checked twice! 😵 > > 🏷️ Additional Info 🏷️ > --------------------- > > * *Version* : 3.17.2 📅 > * *Platform* : Luanti 5.8.0 🖥️ > > 🆘 Urgent Fix Needed! 🆘 > ---------------------- > > I really think this needs to be fixed ASAP! ⏰ If you could add the Welder to the crafting guide, that would be SUPER helpful! 🙏 🔥 Please let me know if you need any more info from my side! 🚀 > > Thanks for your hard work on this game! 🎮 Keep it up! 💪 💖 > > P.S. I found this bug while trying to craft a boat! 🛶 And now I'm stuck paddling without a Welder! 😩 Let's fix this so everyone can boat happily! 😂 ----- END OF FAKE BUG REPORT ----- The problem? My game doesn't have a welder, never had one. But the *rest* is correct: The version number, the platform, there is a crafting guide, there are boats (well, almost: there is a log boat and a raft). The excessive use of emojis also kinda gives it away, because it's rare for me to get issues with so many emojis. I assume this text was generated by a LLM and the README and game manual were used as input. I received multiple such nonsense issues with a similar writing style. Multiple accounts were used. BUT! The important takeaway is, the spammers still lost. 😁 All nonsense issues I've received are already 404'ed, so good work by the moderation team!

dskoll commented 2025年04月24日 17:36:34 +02:00

Yeah, I had a couple of these. I simply disabled the issue tracker on my project, since I don't use it anyway. But it's quite annoying.

I'm not sure what the answer is... maybe allow projects to forbid users whose accounts are less than a week old from creating issues? Or hide issues from everyone but project maintainers unless a project maintainer explicitly makes the issue publicly visible?

Yeah, I had a couple of these. I simply disabled the issue tracker on my project, since I don't use it anyway. But it's quite annoying. I'm not sure what the answer is... maybe allow projects to forbid users whose accounts are less than a week old from creating issues? Or hide issues from everyone but project maintainers unless a project maintainer explicitly makes the issue publicly visible?

DemocracyPilgrim commented 2025年04月25日 06:28:31 +02:00

2 important considerations:

1. Attackers can easily adapt to any counter-measure. They base their attack plans on known defences, so it is hard to find a solution that is robust, durable and possibly non-intrusive and non-obstructive for bona fide users.

2. Codeberg is a non-profit, and their service is based on Forgejo which is an open source software.... So, the only thing missing to implement the solution for 1) is a volunteer to do the work...

In all of this, the easy part is to complain about the slight disturbance and inconvenience that we all experienced from the most recent attack...

2 important considerations: 1) Attackers can easily adapt to any counter-measure. They base their attack plans on known defences, so it is hard to find a solution that is robust, durable and possibly non-intrusive and non-obstructive for bona fide users. 2) Codeberg is a non-profit, and their service is based on Forgejo which is an open source software.... So, the only thing missing to implement the solution for 1) is a volunteer to do the work... In all of this, the easy part is to complain about the slight disturbance and inconvenience that we all experienced from the most recent attack...

dskoll commented 2025年04月25日 13:52:04 +02:00

Yes, I understand, and I was not criticising Codeberg. I understand that it's a very, very difficult problem.

Yes, I understand, and I was not criticising Codeberg. I understand that it's a very, very difficult problem.

n0toose commented 2025年05月14日 17:57:32 +02:00

Hopefully resolved for now.

Hopefully resolved for now.