[Localization] Pootle registrations under attack

[Chris Leonard]

Dear Localizers,

Our Pootle instance has come to the attention of what appears to be
several forum spam-registration bots.   There have been a flood of
dozens per day of registrations from e-mail addresses that are
identifiable as clearly spam-related (e.g. listed on botscout and
stopforumspam sites).  Unfortunately, one or more of them are fairly
sophisticated and have been able to parse the activation URL out of
the registration e-mail and activate their accounts.  Whereas
unregistered users are typically only able to make suggestions,
registered users are generally able to actually submit translations.

This is a real problem with a tool like Pootle, which does not (yet)
have an easy capability to rollback changes or identify changes by
source (like MediaWiki or a VCS).  In order to preserve the integrity
of our hard-earned translations, I have disabled self-service
registration on our Pootle instance while I seek a solution for the
registration issue.  This will not effect existing users, only new
users seeking to register.

If you are recruiting new localizers (and I hope you are), please have
them contact me, ideally via this list, to be registered on Pootle.

cjl
Sugar Labs Translation Team Coordinator