New Accounts are Back. But so are the spammers.

New account creation is once again available on the Open Hub.  You may have already been asked for your SMS capable device when logging back into the Open Hub. 

This marks a few milestones. Of course, re-enabling new account creation is a big one. We shut off new account creation back around April and have been responding to users who have requested accounts.  But we know that a modern community-oriented web site needs to let users signup when they wish.  We promised that after working something out, we would re-enable new account creation.  What we worked out is that Twitter Digits (discussed back in April in Update: New Account Creation, PURR, and Project Analyses) to validate users when signing up.  We have a few more ideas about working the sign-up flow and handling existing accounts.  More on that in a bit.

Another milestone is that we’ve been running the Open Hub on the new Ohloh-UI code upon which we have been working.  The new code has been in production for about a month and we’ve closed all critical and urgent issues that were discovered after we started handling traffic.  Most major issues are now closed and we’ve moved into only the low priority fixes.  When the database isn’t loaded with analyses, the new UI code runs about 20% faster than the old code base.  We’re really pleased with this work.  In addition to the slight performance lift, the new code base is just a pleasure to read and in which to work.  Plus, the entire team is now familiar with nearly every aspect of the new code. This will be a big help as we start building new features.

Back to new accounts for a moment.  We’ve gotten tweets and emails from some folks who will never use our site if we require them to enter a SMS number to verify their account.  We respect the difficulty this decision will cause some folks such as those who don’t have an SMS number or who are blocked from accessing the service. We don’t know if and how we can help them right now.  We are in agony that some folks who want to use our site legitimately choose not to or can not because of our decision to use Twitter Digits.

We really want everyone who wants to legitimately use our site have an account.  The tricky part is how to block those users who have only ill intent for the use of the site.  Of our 757,896 accounts, the vast majority of them are spammers.  Ah, but how to tell?  How to get rid of them?  How to keep more from signing up?  Oh, we should mention that within mere seconds of new account creation being enabled, they were back.

We should first even confirm that blocking these users is important.  We posit that it is.  Spammers can use 30% or more of our site resources.  This blocks legitimate users accessing our site via our web pages and our API.  Spammers sometimes create empty projects so that can have more links for the link farming. Then they direct their spam traffic to their spammy links to get someone to land on their “money site”.

So, we don’t want them to sign up.  Many web site don’t deal with this because they don’t offer publicly searchable user profiles.  We feel this is an important aspect of the Open Hub; that open source members can claim their work and get aggregated analysis that is publicly available.  The best advice in the development community is to provide multiple levels of verification and then additional regular checks.  Hence the addition of Twitter Digits to replace the easily defeatable captcha (even Google’s new improved reCaptcha).

The next part is cleaning up existing accounts. Any account that isn’t verified with via twitter digits will get an email requiring re-verification.  We’re going to have to send these out on regular basis — maybe annually. Any account that isn’t re-verified will be flagged as a spammer and, after some period of time, will be deleted.

We imagine this will also ruffle some feathers.  We’re sorry about that.  We’re also thinking about using external services such as StackExchange, GitHub and LinkedIn OAuth to verify an account for those users who can’t or don’t want to use Twitter Digits.  But there will have to be something else because you, the valued users of the Open Hub site, deserve to have us, the developers, focus on keeping your project analyses up to date, making it possible for your to get recognition of everything you do in the open source community, discover and discuss great up-and-coming open source projects, and have new ways of looking at open source software invented for you.

About Peter Degen-Portnoy

Mars-One Round 3 Candidate. Engineer on the Open Hub development team at Black Duck Software. Family man, athlete, inventor

26 Responses to New Accounts are Back. But so are the spammers.