Trac Spam
John Bailey
rekkanoryo at rekkanoryo.org
Sat Nov 27 07:30:50 UTC 2010
On 11/27/2010 01:39 AM, Colin Barrett wrote:
> Rudy Richter reports that the earliest spam ticket was #14656 and the last was #14814.
The Cappuccino announcements made it look like there's at least one good ticket
in that range, so a massive ticket range killing might not be a good idea.
> John Bailey suggests installing TracSpamFilter filter, limiting the number of tickets per hour (for the authenticated group, presumably), requiring email addresses <snip>
Actually, the spam filter plugin makes no distinction among groups, except that
TICKET_ADMIN users are exempt from spam filtering on tickets. There are some
other interesting filters in there such as Akismet, TypePad, an external links
filter, and a regex-based filter that uses a wiki page called BadContent (that
only WIKI_ADMINs can edit). I don't know if it's possible to change the
threshold for the external links filter, but the default value has worked
extremely well for me.
In the trac environment I have this plugin installed in, I have the
max_posts_by_ip option set to 5. I had this set to 3 originally, but ran into a
few cases where it was not enough. The other settings will likely need
significantly different values for your trac than for mine. I also have the
spam filter configured such that a user is required to provide a name and e-mail
address. If neither are provided, the submission is always treated as spam.
This pretty much enforces that the user must fork over some information even if
he/she gets around the e-mail verification without providing a valid address.
Requiring e-mail verification (AccountManager plugin) was the single most
effective spam deterrent I discovered. External Links filtering was the second
most effective. The throttling was the next most effective, but it only limited
the damage when a successful attack was made.
John
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: OpenPGP digital signature
URL: <http://adium.im/pipermail/devel_adium.im/attachments/20101127/a26a09a9/attachment.sig>
More information about the devel
mailing list