Re: trac ticket spam

On 12/03/11 09:00, Max Bolingbroke wrote:

On 31 January 2011 16:54, Simon Marlow wrote:

...

On 31/01/2011 16:45, Claus Reinke wrote:

...

...

...

Is there any way to have a "moderate first comment by new submitter" policy for trac, to avoid the kind of ticket spam we have at the moment?

They seem to have started commenting on existing tickets now (#4510), which could turn into a real mess really quickly, if the currently known spam accounts aren't blocked soon, btw.

We've deleted all the spam tickets and ticket changes. Ian blocked a few IPs, and I've added some more patterns to the spam filter:

http://hackage.haskell.org/trac/ghc/wiki/BadContent

Thanks! You've been using trac's spam filter for a while now, and these still got through. Also, I hadn't seen the commenting and "make random changes to fields" aspect before - it could be that someone is improving/testing trac spamming tools (as trac is in wide-spread use).

From checking the spam filter plugin description, and since spammers hardly ever make a useful contribution before posting spam, adopting the mailing list trick of moderating the first post for each new account might help a little (and might be easy to implement for a trac hacker).

If such a thing is already available as a plugin then we can drop it in, but otherwise it's unlikely - we don't really have the brain-cycles available for hacking Trac itself.

(Since the spam problem doesn't seem to be getting better, I'm resurrecting this thread)

There is this plugin: https://software.sandia.gov/trac/fast/wiki/TicketModerator

""" The TicketModerator plugin is an extension for the Trac project management and bug/issue tracking system. It supports the human moderation of new tickets and ticket comments for unprivileged users within Trac. When an unprivileged user submits a ticket or ticket comment, their submission is recorded in a "moderation queue" and is not visible on the main Trac site until a Moderator reviews their submission and either accepts or rejects it. Accepted submissions are then inserted into the main Trac ticket database. """

So someone would have to volunteer to moderate but it would prevent spam showing up immediately. After a first valid ticket by a new user account they can be assigned the MODERATOR_PASS_* privileges so they can contribute freely.

Possibly useful?

Maybe. Before we look into that, I've also mentioned to Ian that I'm somewhat suspicious about the current spam plugin - I don't think it's actually working properly. The log is supposed to list every content submission, but it only has a paultry few, suggesting that most content submissions are not actually being piped through the spam filter. Cheers, Simon