trac ticket spam

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
11 messages Options
Reply | Threaded
Open this post in threaded view
|

trac ticket spam

Claus Reinke
Is there any way to have a "moderate first comment by new submitter"
policy for trac, to avoid the kind of ticket spam we have at the moment?

They seem to have started commenting on existing tickets now (#4510),
which could turn into a real mess really quickly, if the currently known
spam accounts aren't blocked soon, btw.

Claus

_______________________________________________
Glasgow-haskell-users mailing list
[hidden email]
http://www.haskell.org/mailman/listinfo/glasgow-haskell-users
Reply | Threaded
Open this post in threaded view
|

Re: trac ticket spam

Simon Marlow-7
On 28/01/2011 21:08, Claus Reinke wrote:
> Is there any way to have a "moderate first comment by new submitter"
> policy for trac, to avoid the kind of ticket spam we have at the moment?
>
> They seem to have started commenting on existing tickets now (#4510),
> which could turn into a real mess really quickly, if the currently known
> spam accounts aren't blocked soon, btw.

We've deleted all the spam tickets and ticket changes.  Ian blocked a
few IPs, and I've added some more patterns to the spam filter:

   http://hackage.haskell.org/trac/ghc/wiki/BadContent

Cheers,
        Simon

_______________________________________________
Glasgow-haskell-users mailing list
[hidden email]
http://www.haskell.org/mailman/listinfo/glasgow-haskell-users
Reply | Threaded
Open this post in threaded view
|

Re: trac ticket spam

Claus Reinke
>> Is there any way to have a "moderate first comment by new submitter"
>> policy for trac, to avoid the kind of ticket spam we have at the moment?
>>
>> They seem to have started commenting on existing tickets now (#4510),
>> which could turn into a real mess really quickly, if the currently known
>> spam accounts aren't blocked soon, btw.
>
> We've deleted all the spam tickets and ticket changes.  Ian blocked a
> few IPs, and I've added some more patterns to the spam filter:
>
>   http://hackage.haskell.org/trac/ghc/wiki/BadContent

Thanks!

You've been using trac's spam filter for a while now, and
these still got through. Also, I hadn't seen the commenting
and "make random changes to fields" aspect before - it
could be that someone is improving/testing trac spamming
tools (as trac is in wide-spread use).

From checking the spam filter plugin description, and since
spammers hardly ever make a useful contribution before
posting spam, adopting the mailing list trick of moderating
the first post for each new account might help a little (and
might be easy to implement for a trac hacker).

Claus
 

_______________________________________________
Glasgow-haskell-users mailing list
[hidden email]
http://www.haskell.org/mailman/listinfo/glasgow-haskell-users
Reply | Threaded
Open this post in threaded view
|

Re: trac ticket spam

Simon Marlow-7
On 31/01/2011 16:45, Claus Reinke wrote:

>>> Is there any way to have a "moderate first comment by new submitter"
>>> policy for trac, to avoid the kind of ticket spam we have at the moment?
>>>
>>> They seem to have started commenting on existing tickets now (#4510),
>>> which could turn into a real mess really quickly, if the currently known
>>> spam accounts aren't blocked soon, btw.
>>
>> We've deleted all the spam tickets and ticket changes. Ian blocked a
>> few IPs, and I've added some more patterns to the spam filter:
>>
>> http://hackage.haskell.org/trac/ghc/wiki/BadContent
>
> Thanks!
> You've been using trac's spam filter for a while now, and these still
> got through. Also, I hadn't seen the commenting
> and "make random changes to fields" aspect before - it
> could be that someone is improving/testing trac spamming
> tools (as trac is in wide-spread use).
>
>  From checking the spam filter plugin description, and since
> spammers hardly ever make a useful contribution before
> posting spam, adopting the mailing list trick of moderating
> the first post for each new account might help a little (and
> might be easy to implement for a trac hacker).

If such a thing is already available as a plugin then we can drop it in,
but otherwise it's unlikely - we don't really have the brain-cycles
available for hacking Trac itself.

Cheers,
        Simon

_______________________________________________
Glasgow-haskell-users mailing list
[hidden email]
http://www.haskell.org/mailman/listinfo/glasgow-haskell-users
Reply | Threaded
Open this post in threaded view
|

ghc trac login and email verification

John Lask
In reply to this post by Claus Reinke
relating to the ghc trac discussion ...

for some time I have had a ghc trac login, but every time I login it
asks for an email verification token
(http://hackage.haskell.org/trac/ghc/verify_email) but no token has ever
been sent to me, nor when I change my email or request a resend is one
sent. I am convinced that there is something wrong with the ghc trac config.

http://hackage.haskell.org/trac/ghc/trac/ghc/register is broken as well.

_______________________________________________
Glasgow-haskell-users mailing list
[hidden email]
http://www.haskell.org/mailman/listinfo/glasgow-haskell-users
Reply | Threaded
Open this post in threaded view
|

Re: ghc trac login and email verification

Simon Marlow-7
On 01/02/2011 03:28, John Lask wrote:
> relating to the ghc trac discussion ...
>
> for some time I have had a ghc trac login, but every time I login it
> asks for an email verification token
> (http://hackage.haskell.org/trac/ghc/verify_email) but no token has ever
> been sent to me, nor when I change my email or request a resend is one
> sent. I am convinced that there is something wrong with the ghc trac
> config.

I just tested this with a fresh account on a fresh Firefox profile, and
it worked fine, the verification email came through immediately and Trac
accepted the token.

Maybe the email is getting dropped somewhere between hackage.haskell.org
and your email account?

> http://hackage.haskell.org/trac/ghc/trac/ghc/register is broken as well.

Where did you find that URL?  The correct one is:

http://hackage.haskell.org/trac/ghc/register

Cheers,
        Simon

_______________________________________________
Glasgow-haskell-users mailing list
[hidden email]
http://www.haskell.org/mailman/listinfo/glasgow-haskell-users
Reply | Threaded
Open this post in threaded view
|

Re: trac ticket spam

Max Bolingbroke-2
In reply to this post by Simon Marlow-7
On 31 January 2011 16:54, Simon Marlow <[hidden email]> wrote:

> On 31/01/2011 16:45, Claus Reinke wrote:
>>>>
>>>> Is there any way to have a "moderate first comment by new submitter"
>>>> policy for trac, to avoid the kind of ticket spam we have at the moment?
>>>>
>>>> They seem to have started commenting on existing tickets now (#4510),
>>>> which could turn into a real mess really quickly, if the currently known
>>>> spam accounts aren't blocked soon, btw.
>>>
>>> We've deleted all the spam tickets and ticket changes. Ian blocked a
>>> few IPs, and I've added some more patterns to the spam filter:
>>>
>>> http://hackage.haskell.org/trac/ghc/wiki/BadContent
>>
>> Thanks!
>> You've been using trac's spam filter for a while now, and these still
>> got through. Also, I hadn't seen the commenting
>> and "make random changes to fields" aspect before - it
>> could be that someone is improving/testing trac spamming
>> tools (as trac is in wide-spread use).
>>
>>  From checking the spam filter plugin description, and since
>> spammers hardly ever make a useful contribution before
>> posting spam, adopting the mailing list trick of moderating
>> the first post for each new account might help a little (and
>> might be easy to implement for a trac hacker).
>
> If such a thing is already available as a plugin then we can drop it in, but
> otherwise it's unlikely - we don't really have the brain-cycles available
> for hacking Trac itself.

(Since the spam problem doesn't seem to be getting better, I'm
resurrecting this thread)

There is this plugin: https://software.sandia.gov/trac/fast/wiki/TicketModerator

"""
The TicketModerator plugin is an extension for the  Trac project
management and bug/issue tracking system. It supports the human
moderation of new tickets and ticket comments for unprivileged users
within Trac. When an unprivileged user submits a ticket or ticket
comment, their submission is recorded in a "moderation queue" and is
not visible on the main Trac site until a Moderator reviews their
submission and either accepts or rejects it. Accepted submissions are
then inserted into the main Trac ticket database.
"""

So someone would have to volunteer to moderate but it would prevent
spam showing up immediately. After a first valid ticket by a new user
account they can be assigned the MODERATOR_PASS_* privileges so they
can contribute freely.

Possibly useful?

Cheers,
Max

_______________________________________________
Glasgow-haskell-users mailing list
[hidden email]
http://www.haskell.org/mailman/listinfo/glasgow-haskell-users
Reply | Threaded
Open this post in threaded view
|

Re: trac ticket spam

Simon Marlow-7
On 12/03/11 09:00, Max Bolingbroke wrote:

> On 31 January 2011 16:54, Simon Marlow<[hidden email]>  wrote:
>> On 31/01/2011 16:45, Claus Reinke wrote:
>>>>>
>>>>> Is there any way to have a "moderate first comment by new submitter"
>>>>> policy for trac, to avoid the kind of ticket spam we have at the moment?
>>>>>
>>>>> They seem to have started commenting on existing tickets now (#4510),
>>>>> which could turn into a real mess really quickly, if the currently known
>>>>> spam accounts aren't blocked soon, btw.
>>>>
>>>> We've deleted all the spam tickets and ticket changes. Ian blocked a
>>>> few IPs, and I've added some more patterns to the spam filter:
>>>>
>>>> http://hackage.haskell.org/trac/ghc/wiki/BadContent
>>>
>>> Thanks!
>>> You've been using trac's spam filter for a while now, and these still
>>> got through. Also, I hadn't seen the commenting
>>> and "make random changes to fields" aspect before - it
>>> could be that someone is improving/testing trac spamming
>>> tools (as trac is in wide-spread use).
>>>
>>>   From checking the spam filter plugin description, and since
>>> spammers hardly ever make a useful contribution before
>>> posting spam, adopting the mailing list trick of moderating
>>> the first post for each new account might help a little (and
>>> might be easy to implement for a trac hacker).
>>
>> If such a thing is already available as a plugin then we can drop it in, but
>> otherwise it's unlikely - we don't really have the brain-cycles available
>> for hacking Trac itself.
>
> (Since the spam problem doesn't seem to be getting better, I'm
> resurrecting this thread)
>
> There is this plugin: https://software.sandia.gov/trac/fast/wiki/TicketModerator
>
> """
> The TicketModerator plugin is an extension for the  Trac project
> management and bug/issue tracking system. It supports the human
> moderation of new tickets and ticket comments for unprivileged users
> within Trac. When an unprivileged user submits a ticket or ticket
> comment, their submission is recorded in a "moderation queue" and is
> not visible on the main Trac site until a Moderator reviews their
> submission and either accepts or rejects it. Accepted submissions are
> then inserted into the main Trac ticket database.
> """
>
> So someone would have to volunteer to moderate but it would prevent
> spam showing up immediately. After a first valid ticket by a new user
> account they can be assigned the MODERATOR_PASS_* privileges so they
> can contribute freely.
>
> Possibly useful?

Maybe.  Before we look into that, I've also mentioned to Ian that I'm
somewhat suspicious about the current spam plugin - I don't think it's
actually working properly.  The log is supposed to list every content
submission, but it only has a paultry few, suggesting that most content
submissions are not actually being piped through the spam filter.

Cheers,
        Simon


_______________________________________________
Glasgow-haskell-users mailing list
[hidden email]
http://www.haskell.org/mailman/listinfo/glasgow-haskell-users
Reply | Threaded
Open this post in threaded view
|

Re: trac ticket spam

Ian Lynagh
On Sat, Mar 12, 2011 at 10:13:07PM +0000, Simon Marlow wrote:

> On 12/03/11 09:00, Max Bolingbroke wrote:
> >
> >There is this plugin: https://software.sandia.gov/trac/fast/wiki/TicketModerator
> >
> >The TicketModerator plugin is an extension for the  Trac project
> >
> >Possibly useful?
>
> Maybe.  Before we look into that, I've also mentioned to Ian that
> I'm somewhat suspicious about the current spam plugin - I don't
> think it's actually working properly.  The log is supposed to list
> every content submission, but it only has a paultry few, suggesting
> that most content submissions are not actually being piped through
> the spam filter.

I was looking at this earlier today. Those that are in the monitor list
have "anonymous" as the author (prsumably due to people getting logged
out), so I wonder if comments from authenticated users are going via a
different path. I fiddled with various things, and enabled logging, but
am no further forward. The easiest way forward would probably be to
upgrade to trac 0.12, except it's not packaged for Debian (even in
unstable).

Maybe installing trac from source is the best way forward.


Thanks
Ian


_______________________________________________
Glasgow-haskell-users mailing list
[hidden email]
http://www.haskell.org/mailman/listinfo/glasgow-haskell-users
Reply | Threaded
Open this post in threaded view
|

Re: trac ticket spam

Krzysztof Skrzętnicki
On page: http://hackage.haskell.org/trac/ghc/wiki/ReportABug

There is a certain paragraph which says:

To report a bug, either:

  • Preferred:
    • register an account on this Trac
    • Create a new bug, and enter your bug report. You can also search the bug database here to make sure your bug hasn't already been reported (if it has, it might still help to add information from your experience to the existing report).
  • Less preferred:
    • To submit an anonymous bug: use login "guest", password "guest"
    • Bug reports can also be emailed to <glasgow-haskell-bugs@…>.

Perhaps one of these ways is being exploited?

Best regards,
Krzysztof Skrzętnicki

On Sat, Mar 12, 2011 at 23:27, Ian Lynagh <[hidden email]> wrote:
On Sat, Mar 12, 2011 at 10:13:07PM +0000, Simon Marlow wrote:
> On 12/03/11 09:00, Max Bolingbroke wrote:
> >
> >There is this plugin: https://software.sandia.gov/trac/fast/wiki/TicketModerator
> >
> >The TicketModerator plugin is an extension for the  Trac project
> >
> >Possibly useful?
>
> Maybe.  Before we look into that, I've also mentioned to Ian that
> I'm somewhat suspicious about the current spam plugin - I don't
> think it's actually working properly.  The log is supposed to list
> every content submission, but it only has a paultry few, suggesting
> that most content submissions are not actually being piped through
> the spam filter.

I was looking at this earlier today. Those that are in the monitor list
have "anonymous" as the author (prsumably due to people getting logged
out), so I wonder if comments from authenticated users are going via a
different path. I fiddled with various things, and enabled logging, but
am no further forward. The easiest way forward would probably be to
upgrade to trac 0.12, except it's not packaged for Debian (even in
unstable).

Maybe installing trac from source is the best way forward.


Thanks
Ian


_______________________________________________
Glasgow-haskell-users mailing list
[hidden email]
http://www.haskell.org/mailman/listinfo/glasgow-haskell-users


_______________________________________________
Glasgow-haskell-users mailing list
[hidden email]
http://www.haskell.org/mailman/listinfo/glasgow-haskell-users
Reply | Threaded
Open this post in threaded view
|

Re: trac ticket spam

Simon Marlow-7
In reply to this post by Ian Lynagh
On 12/03/2011 22:27, Ian Lynagh wrote:

> On Sat, Mar 12, 2011 at 10:13:07PM +0000, Simon Marlow wrote:
>> On 12/03/11 09:00, Max Bolingbroke wrote:
>>>
>>> There is this plugin: https://software.sandia.gov/trac/fast/wiki/TicketModerator
>>>
>>> The TicketModerator plugin is an extension for the  Trac project
>>>
>>> Possibly useful?
>>
>> Maybe.  Before we look into that, I've also mentioned to Ian that
>> I'm somewhat suspicious about the current spam plugin - I don't
>> think it's actually working properly.  The log is supposed to list
>> every content submission, but it only has a paultry few, suggesting
>> that most content submissions are not actually being piped through
>> the spam filter.
>
> I was looking at this earlier today. Those that are in the monitor list
> have "anonymous" as the author (prsumably due to people getting logged
> out), so I wonder if comments from authenticated users are going via a
> different path.

Could be, or maybe our database is wonky in some way?  e.g. maybe we
have some old cruft in the database of spam filter logs that is
preventing it from working.  Perhaps a suitable "DROP TABLE" would fix it.

The page about TracSpamFilter mentions something like this:

   "Upgrading the environment is necessary to install the database
    table required for this logging."

I fiddled with various things, and enabled logging, but
> am no further forward. The easiest way forward would probably be to
> upgrade to trac 0.12, except it's not packaged for Debian (even in
> unstable).
>
> Maybe installing trac from source is the best way forward.

Fine by me...

Cheers,
        Simon

_______________________________________________
Glasgow-haskell-users mailing list
[hidden email]
http://www.haskell.org/mailman/listinfo/glasgow-haskell-users