Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Influx of spam participant joiners #1733

Open
Oddtwang opened this issue Jan 17, 2025 · 6 comments
Open

Influx of spam participant joiners #1733

Oddtwang opened this issue Jan 17, 2025 · 6 comments
Labels
Discussion Needs to be discussed before we can come up with specifications and begin the issue

Comments

@Oddtwang
Copy link

In the last 12h or so, I've had a lot of spammy usernames join an ongoing competition (https://www.codabench.org/competitions/4345/).

They all have email addresses which look to be programatically created at 2925 . com

I could change the competition settings to require authorisation, but then I would need to wade through the emails generated to identify any genuine join requests, which seems like a worse option than simply ignoring them.
I don't know what they might be hoping to achieve (other than annoying me!) but I have denied the access for the ones I could see. Incidentally, this probably doesn't need to generate an email notification to the competition organiser for every individual user I've revoked!

Is there anything which can be done to prevent this, or at least make managing it less time-consuming?

Thanks

Image
@ihsaan-ullah
Copy link
Collaborator

Hi @Oddtwang, Thank you for reporting this.

We will discuss this problem and come up with a solution soon. In the meantime if you think of a solution, do not hesitate to share it with us.

@ihsaan-ullah ihsaan-ullah added the Discussion Needs to be discussed before we can come up with specifications and begin the issue label Jan 18, 2025
@Didayolo
Copy link
Member

Hi @Oddtwang, sorry this is happening to your competition.

@ihsaan-ullah Maybe we could have a black list of emails (accepting regex) in the same way we have the whitelist?

@Oddtwang
Copy link
Author

Thanks both. I've not had any more notifications of these joiners since then, so hopefully it's not a big and widespread problem.

Allowing benchmark admins to blacklist with regex (and maybe a tool to mass deny any already registered and matching the blacklist) would probably do the trick as far as managing it's concerned.

Only sending one email to notify admins of multiple denied participants would also be nice - especially when it was me clicking the deny button, I probably didn't need to get an email for each of them individually :)

@Oddtwang
Copy link
Author

Small update - the same issue has now affected another benchmark running in parallel: https://www.codabench.org/competitions/4814/. Email addresses and usernames have the same pattern and domain.

@Didayolo
Copy link
Member

Thank you for reporting. Another addition that could help is to add a captcha during sign up.

@Didayolo
Copy link
Member

Didayolo commented Feb 4, 2025

Thoughts about the double authentification (phone verification):

Instead of forcing it, we could give incentives by increasing the storage quota. For instance:

  • Base user (email verified): 200 MB storage
  • After phone verification: 15 GB storage
  • Filling up info (github account, etc.): Up to 30 GB

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Discussion Needs to be discussed before we can come up with specifications and begin the issue
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@Didayolo @ihsaan-ullah @Oddtwang