Recently we've had SPAM posted to the Boost trac, which I deleted almost immediately. I suspect that the SPAM will increase as the Boost Trac becomes "known" to the spammers. Hence it would be nice to cut off as much of the SPAM as possible now. So I'm requesting that we put in some SPAM filtering into Trac. Specifically there's a plugin from Edgewall that offers a variety of filtering methods <http://trac.edgewall.org/wiki/SpamFilter>. -- -- Grafik - Don't Assume Anything -- Redshift Software, Inc. - http://redshift-software.com -- rrivera/acm.org - grafik/redshift-software.com -- 102708583/icq - grafikrobot/aim - grafikrobot/yahoo
Rene Rivera wrote:
Recently we've had SPAM posted to the Boost trac, which I deleted almost immediately. I suspect that the SPAM will increase as the Boost Trac becomes "known" to the spammers. Hence it would be nice to cut off as much of the SPAM as possible now. So I'm requesting that we put in some
Ah, I think you can write that off -- if you have an open site you're going to get an occasional spammer.
SPAM filtering into Trac. Specifically there's a plugin from Edgewall that offers a variety of filtering methods <http://trac.edgewall.org/wiki/SpamFilter>.
FWIW, from my experience with the User Wiki, the main thing you need is the BadContent filter. 99% of all spam is a link to a site and you can at least prevent second occurrences of a spammer linking to the same site. I currently have 2500 content regex's protecting the user wiki. You're bound to have a massive attack at some point and the content filter is the only thing that will stop it. IP Blacklisting is useless all the spammers have bot nets now. IP Throttling is pretty much useless too - they use lots of different machines with different IPs. Plus, they mass spammers know how to slow down their bot nets to work with the throttling. After 2 hours with 10 machines @ 5 pages/machine they can do alot of damage. Jeff
on Fri Jul 13 2007, Jeff Garland <jeff-AT-crystalclearsoftware.com> wrote:
Rene Rivera wrote:
Recently we've had SPAM posted to the Boost trac, which I deleted almost immediately. I suspect that the SPAM will increase as the Boost Trac becomes "known" to the spammers. Hence it would be nice to cut off as much of the SPAM as possible now. So I'm requesting that we put in some
Ah, I think you can write that off -- if you have an open site you're going to get an occasional spammer.
And there's absolutely no reason we need to have an open site. It has become de-rigeur that you have do a "register with an email address" dance to get into most public fora, and as far as I can tell spam is never a problem when that is set up.
SPAM filtering into Trac. Specifically there's a plugin from Edgewall that offers a variety of filtering methods <http://trac.edgewall.org/wiki/SpamFilter>.
I use SpamBayes (one of those methods) for my email and it works incredibly well.
FWIW, from my experience with the User Wiki, the main thing you need is the BadContent filter. 99% of all spam is a link to a site and you can at least prevent second occurrences of a spammer linking to the same site. I currently have 2500 content regex's protecting the user wiki.
That's exactly why you should use SpamBayes. Who wants to write regexes for every bit of site spam?
You're bound to have a massive attack at some point and the content filter is the only thing that will stop it. IP Blacklisting is useless all the spammers have bot nets now. IP Throttling is pretty much useless too - they use lots of different machines with different IPs. Plus, they mass spammers know how to slow down their bot nets to work with the throttling. After 2 hours with 10 machines @ 5 pages/machine they can do alot of damage.
Another reason to use SpamBayes... *If* you're going to have an open site, which we shouldn't. I know we want to make it easy to enter tickets, but tickets without an attached email address are almost always useless anyhow. -- Dave Abrahams Boost Consulting http://www.boost-consulting.com The Astoria Seminar ==> http://www.astoriaseminar.com
David Abrahams wrote:
And there's absolutely no reason we need to have an open site. It has become de-rigeur that you have do a "register with an email address" dance to get into most public fora, and as far as I can tell spam is never a problem when that is set up.
FWIW, I have experienced spam sent to a roundup tracker, where the spammer had first registered (with the usual reply-to-confirmation-mail-authentication dance). But clearly this is already much better than no authentication at all. Regards, Stefan -- ...ich hab' noch einen Koffer in Berlin...
Stefan Seefeld wrote:
David Abrahams wrote:
And there's absolutely no reason we need to have an open site. It has become de-rigeur that you have do a "register with an email address" dance to get into most public fora, and as far as I can tell spam is never a problem when that is set up.
FWIW, I have experienced spam sent to a roundup tracker, where the spammer had first registered (with the usual reply-to-confirmation-mail-authentication dance). But clearly this is already much better than no authentication at all.
Yes... I think we've discussed the SPAM subject to death in the past. So back to the request. A user with appropriate privileges, please do a: easy_install TracSpamFilter On the server ;-) -- -- Grafik - Don't Assume Anything -- Redshift Software, Inc. - http://redshift-software.com -- rrivera/acm.org - grafik/redshift-software.com -- 102708583/icq - grafikrobot/aim - grafikrobot/yahoo
on Fri Jul 13 2007, Rene Rivera <grafikrobot-AT-gmail.com> wrote:
Stefan Seefeld wrote:
David Abrahams wrote:
And there's absolutely no reason we need to have an open site. It has become de-rigeur that you have do a "register with an email address" dance to get into most public fora, and as far as I can tell spam is never a problem when that is set up.
FWIW, I have experienced spam sent to a roundup tracker, where the spammer had first registered (with the usual reply-to-confirmation-mail-authentication dance). But clearly this is already much better than no authentication at all.
Yes... I think we've discussed the SPAM subject to death in the past. So back to the request. A user with appropriate privileges, please do a:
easy_install TracSpamFilter
On the server ;-)
Actually that's not great advice. The problem with easy_install (and "setup.py install") is that there's no automatic and clean way to uninstall anything. What you should really do is download the TracSpamFilter source, do a python setup.py bdist_egg and then copy the resulting file (in the dist/ subdirectory) to your Trac's plugins/ directory. Then you need to enable the plugin in your Trac's admin panel or config file and restart Trac, which usually means restarting your webserver. AFAIK, there are only two people who can do it: Dong-Inn Kim, who (quite reasonably) doesn't want to field direct requests from Boost anymore, and Doug Gregor, who IIUC is on his way to the C++ committee meeting in Toronto. -- Dave Abrahams Boost Consulting http://www.boost-consulting.com The Astoria Seminar ==> http://www.astoriaseminar.com
On Jul 13, 2007, at 11:54 PM, David Abrahams wrote:
easy_install TracSpamFilter
On the server ;-)
Actually that's not great advice. The problem with easy_install (and "setup.py install") is that there's no automatic and clean way to uninstall anything. What you should really do is download the TracSpamFilter source, do a
python setup.py bdist_egg
and then copy the resulting file (in the dist/ subdirectory) to your Trac's plugins/ directory.
Then you need to enable the plugin in your Trac's admin panel or config file and restart Trac, which usually means restarting your webserver.
I've installed the Trac spam filter. Let's see if that helps... - Doug
on Wed Jul 25 2007, Doug Gregor <dgregor-AT-osl.iu.edu> wrote:
On Jul 13, 2007, at 11:54 PM, David Abrahams wrote:
easy_install TracSpamFilter
On the server ;-)
Actually that's not great advice. The problem with easy_install (and "setup.py install") is that there's no automatic and clean way to uninstall anything. What you should really do is download the TracSpamFilter source, do a
python setup.py bdist_egg
and then copy the resulting file (in the dist/ subdirectory) to your Trac's plugins/ directory.
Then you need to enable the plugin in your Trac's admin panel or config file and restart Trac, which usually means restarting your webserver.
I've installed the Trac spam filter. Let's see if that helps...
Note that if you're using the SpamBayes option, we'll have to train it. -- Dave Abrahams Boost Consulting http://www.boost-consulting.com The Astoria Seminar ==> http://www.astoriaseminar.com
Rene Rivera wrote:
Recently we've had SPAM posted to the Boost trac, which I deleted almost immediately. I suspect that the SPAM will increase as the Boost Trac becomes "known" to the spammers. Hence it would be nice to cut off as much of the SPAM as possible now. So I'm requesting that we put in some SPAM filtering into Trac. Specifically there's a plugin from Edgewall that offers a variety of filtering methods <http://trac.edgewall.org/wiki/SpamFilter>. FWIW, SPAM is the tinned meat product, and is usually spelled "Spam" (see http://en.wikipedia.org/wiki/Spam_%28food%29). In computing, it's "spam" (lower-case "s").
on Mon Jul 16 2007, Paul Giaccone <paulg-AT-cinesite.co.uk> wrote:
Rene Rivera wrote:
Recently we've had SPAM posted to the Boost trac, which I deleted almost immediately. I suspect that the SPAM will increase as the Boost Trac becomes "known" to the spammers. Hence it would be nice to cut off as much of the SPAM as possible now. So I'm requesting that we put in some SPAM filtering into Trac. Specifically there's a plugin from Edgewall that offers a variety of filtering methods <http://trac.edgewall.org/wiki/SpamFilter>.
FWIW, SPAM is the tinned meat product, and is usually spelled "Spam" (see http://en.wikipedia.org/wiki/Spam_%28food%29). In computing, it's "spam" (lower-case "s").
See also http://www.flybynightclub.com/spam.html -- Dave Abrahams Boost Consulting http://www.boost-consulting.com The Astoria Seminar ==> http://www.astoriaseminar.com
participants (6)
-
David Abrahams -
Doug Gregor -
Jeff Garland -
Paul Giaccone -
Rene Rivera -
Stefan Seefeld