Due to recent and ongoing spam bots targeting phabricator.whonix.org, I set to manually enable all accounts.
If you want to contribute to phabricator.whonix.org, please drop me an e-mail to adrelanos@riseup.net and I’ll enable your account.
Otherwise phabricator discussions have been exemplary and no restrictions on who can post what are needed. Anyone is still welcome to contribute there, but real persons and no advertisement bots only.
Update:
Anyone up to help out with the approval queue? Which ones of this list are the legitimate ones? Could you contact them by e-mail and see if they make a sensible reply what they are going to report?
Hi Patrick
Anyone up to help out with the approval queue?
Is this something only privileged users can do? I don’t have a phabricator account but if this is something I can help with please let me know.
0brand:
Hi
PatrickAnyone up to help out with the approval queue?
Is this something only privileged users can do? I don’t have a phabricator account but if this is something I can help with please let me know.
Yes. Please sign up.
Hi Patrick
Sent out e-mails to all on the https://phabricator.whonix.org/people/query/approval/
If you would like I can take on this responsibility long term (check people/query/approval every day - send out are_you_bot_or_human e-mails ). Also If you like I can post my e-mail on the forum so there is another POC for anyone who needs phabricator approval.
Sounds awesome!
If these are “90%” suspected spam, it may even be better not to mail them.
Relax about this. Doesn’t have to be super quick. Happy about any support on this front even if just occasionally. (The idea is to keep expectations low so this doesn’t generate any unnecessary pressure.)
Btw we could also ask them to verify their mail if that helps to find out if they are real.
How is this going? Have there been any real users?
By the way, obviously users who post useful stuff the forums first and then confirm here they created a phabricator account, can skip being asked by e-mail if these are real.
Also users from unlikely being hacked domains such as for example someone@qubes-os could be let through without questions.
Hi Patrick
Surprisingly haven’t had anything other than bots . There have been a few that verified their e-mail through the auto-verify but they were temporary e-mail addresses (i.e sharklaser.com ) but no one has responded to any of my emails. I just ask if they could very briefly describe what they would like to report + look forward to working with you etc …
Ok
No problem. Hopefully we will get some real people. : )
Things are going much better in regard to the bot situation. Since the 1st of March there has been only 9 account creation attempts by bots. This is down from an average of 2 a day prior to that. To top it all of there have been several real users that have created accounts. 
Tried 2x to send a phabricator Verify email.
Hi. This is the qmail-send program at vfemail.net.
I’m afraid I wasn’t able to deliver your message to the following addresses.
XXXXXXXXXThis is a permanent error; I’ve given up. Sorry it didn’t work out.
TLS connect failed: error:1407742E:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert protocol version
Could you briefly (in a sentence or two) give a few details on what you would like to report. Thank you
Related:
I don’t have any issues to report. @TNT_BOM_BOM asked me if I’d be able to contribute to phabricator issues, but I’m not a developer I just do user support on the irc channel.
Hi Lilias
Thats good enough for me. Your phabricator account has been approved. I just had to confirm that you were a human (not a bot) and the same user requesting the account on phabricator. If you have any problems with login please let me know.
Use captcha (there are alot in the internet you can download and use) and email verification.
not appropriate to ask user what you want to report , because he might have nothing in atm hand but wanting to contribute by looking at the tickets first then later contribute.
not attractive for contribution, imagine lilas or any other user dont have account in the forum nor willing to contribute in the forum why they should come and say something here or register?
any user/contributor maybe have a patch to upload but not willing to answer what hes going to report/do …etc, there is no rational reason to answer any of that.
its horrible mechanism to get rid of bots by doing this step.
just dropping email to adrelanos looks ok BUT this should be set as an alert or tag message in phabricator when user registering NOT here. (i cant imagine how anonymous/foreign user going to know this)
I’ve since forgotten about this thread. The problem is that the actual policy that is being implemented is different from the one described in the first post in this thread.
How it works currently:
I see , to that level the spammers reached just to spam our phabricator? thats just wow.
so sad , hope the contributors understand this confirmation method.
I don’t suspect a targeted attack. It’s mostly just bots that search the internet and attempt spam wherever possible.
hmm Discourse doesnt contain any captcha , only email verification why would phabricator differ in this case?