[GMG-Devel] Trac spam - action required

Christopher Allan Webber cwebber at dustycloud.org
Thu Feb 19 22:39:49 EST 2015


Simon Fondrie-Teitler writes:

> Hey all,
>
> Sorry about this!
>
> Rodrigo Rodrigues da Silva <rsilva at metamaquina.com.br> writes:
>> My experience with this: disable registration and purge the spamming
>> users ASAP. Then look for a solution. A captcha[0] in the registration
>> form seems to be fine.
>
> Thanks for the advice. I've disabled the new user registration. However,
> the trac instance has been getting hit by 30-40 different IPs fairly
> frequently. I've blocked a little over 20 of the IPs with IPtables, but
> it's still causing a noticeable slowdown on trac. This makes user
> cleanup dificult, since the user view is even slower. It has what looks
> like thousands of users, which takes a while to load.
>
> It seems stabilized now, and I really need to get into work, so I'm
> leaving it as is. I'll try to get back to it this evening with a more
> permanent solution. In the meantime, if someone wants to take a shot at
> cleaning up existing users and spam, that would be awesome.
>
>
> Simon

Thanks to your help on this Simon (as well as from the participation and
heads up from all involved in the thread!)

I spent today working on this.  Through a series of hacks, I was able to
figure out what the abusive tickets and updates were and clean them
out.  The timeline looks nice again:

  https://issues.mediagoblin.org/timeline

I've also installed the SpamFilter plugin in Trac:

  http://trac.edgewall.org/wiki/SpamFilter

... which seems pretty robust, and contains a bayesian filter to boot,
so when we delte spam in the future, it should count towards identifying
abuse.

There's also an option to set a registration captcha, but I'm going to
put off doing that until it appears needed, if at all.

Thanks for your patience and help, everyone!

 - Chris


More information about the devel mailing list