On Thu, Oct 19, 2023 at 07:49:10PM +0200, Michael Koch wrote: > > > You would have to read the trac source probably and maybe do local tests > tracing through the code what happens > but a non spammer posting spam > setting up trac locally is easy, it comes with its own deamon you dont > even need a webserver > > That sounds too complicated for me. > > What about my other question? Can it be changed that the spammer gets +20 points from successful captcha? > The regex filter is useless if a pattern match gives only -10 points, but 20 seconds later the spammer gets +20 points from captcha. IIRC each regex give -10 so multiple matches give more. The problem is more fundamental do we allow users to override spam mis identification ? we can reduce the captcha score but then someone will hit a case where she cannot post valid content That means we then need a method to catch these and do something about them Its not as if 20 fails and 18 is going to work, the captcha score would have to be dropped to 8 for this one case you talk about here. I think the captcha works as intended. It adds cost to the spammer I doubt its economic for spammers to solve a captcha for having some spam up for a few hours. Again we can change all these scores but theres a minimum where its least work and deleting spam is work as much as dealing with users who cannot post So if you have some argument that a change in scores would reduce spam with no valid users lost in the last 12months thats a much stronger argument Another way would be to try a change and monitor what happens, do you want to monitor all failed submissions for a few months ? either way tuning these numbers requires some form of feedback mechanism otherwise we would not truly know if we did something smart or stupid thx [...] -- Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB Rewriting code that is poorly written but fully understood is good. Rewriting code that one doesnt understand is a sign that one is less smart than the original author, trying to rewrite it will not make it better.