my website allee is now hosted on drupal

This issue queue is for issues on drupal.org and its sub-domains; it is not a support queue for every site running on Drupal. For any issue on sites you maintain/develop, please post on the forums.

The user is blocked from posting here, including the Forums. I've no idea why.

Looks like they were automatically blocked for not submitting to the anti spam account creation measures. Their profile also looks a little spammy, but that wasn't the cause for the block as far as I can tell.

IMHO, the JavaScript based spam-blocker appears to be rather error-prone.

I have JavaScript enabled, I don't use any ad-blockers, and I don't use any automated scraping tools, but once a month or so when I log in on Drupal.org, I get a message like "We think you're using automated tools to browse this site. Please prove you're human by pressing here and hold." (Can't quote verbatim, since I didn't record it, but you get the idea.) I am always allowed to enter after going through this press&hold exercise, but IMHO, this sort of thing creates a very bad UX for new users who are falsely targeted. For an example: see this forum post (which I believe is grounded in the same anti-spam feature): https://www.drupal.org/forum/general/general-discussion/2023-10-02/your-... Both users (Ratspeed and Aelfendir) are now blocked, like the OP of this issue.

Can you (i.e. the DA) consider suspending this anti-spam mis-feature until the bugs in it are squashed?

The volume of spam getting through before the tool was implemented was quite high, so we're making a trade off for the amount of false positives at the moment. It can be frustrating for sure. No system will be perfect and it's a matter of whether we have much more spam to clean or more false positives to correct.

I'm not sure what the best resolution will be. It's certainly not something I think we can revisit prior to DrupalCon Lille next week.

My perception is that very few of these false positives are corrected. For example, these users are still blocked:

• Ratspeed
• alleekhan

I had the opportunity to monitor the posts created by Ratspeed for the full 60 minutes before the automatic block were enforced, and I spotted nothing that indicated that this was a spammer.

Blocking a user is a very dramatic sanction because: 1) Being blocked, the user cannot create a post to appeal the sanction; 2) being kicked off the site, it is very unlikely that these users ever return 3) even if the blocked user manage to file an appeal, very few people can reverse a blockage (I am not sure who can, outside employees of the DA, but as a humble site moderator, I cannot do it).

If there really is a need for some measure to stop spam from 'bots (which I assume is the purpose of using a JavaScript-disabled-sniffer), it would be better to raise a flag that automatically unpublished every new post by a suspected 'bot until a site moderator has had the time to manually review the account in order to to block the account, or to remove the flag (in the case of a false positive).

OK, both are unblocked now, so someone with the required amount of user-moderator-fu probably saw my previous post and decided to lift the blockage.

Oh yeah, that was me, I forgot to hit save when I commented right after I did it. My apologies.

I'm thinking on ways we can make the protections less aggressive while still protecting us from spam account creation. Probably a mash up of the un-publish all posts idea with some other stuff mixed in.