Discussion:
wxTrac spams
Eran Ifrah
2014-08-28 12:50:05 UTC
Permalink
Hi,

In the past view days, I got many spam emails from wxTrac, looking at the
messages, many of them are coming from the user "linaroy1"
Can someone please ban him?
--
Eran Ifrah
Author of codelite, a cross platform open source C/C++ IDE:
http://www.codelite.org
wxCrafter, a wxWidgets RAD: http://wxcrafter.codelite.org
--
Please read http://www.wxwidgets.org/support/mlhowto.htm before posting.

To unsubscribe, send email to wx-users+***@googlegroups.com
or visit http://groups.google.com/group/wx-users
Vadim Zeitlin
2014-08-28 13:10:56 UTC
Permalink
On Thu, 28 Aug 2014 15:50:05 +0300 Eran Ifrah wrote:

EI> In the past view days, I got many spam emails from wxTrac, looking at the
EI> messages, many of them are coming from the user "linaroy1"
EI> Can someone please ban him?

It's not as simple as that :-(

First, there is more than one spammer. Someone/something uses names ending
with "roy1": linaroy1, cyrisroy1, fintanroy1, ... These spams come from
different IPs from Netherlands and Germany, so I don't know if it's the
same spammer or not. This accounts for 90% of the recent spam. But there
are also others, e.g. udass7 (Pakistan), Ausiout5085 (Canada), ...

Second, Trac spam filtering is frankly bad. There is no way to ban a
particular user (not very useful anyhow, they clearly do it manually, so
they would just create another one with a similar name) nor a particular
IP. Worse, there is no middle ground: either we trust spam detection and
throw away potentially legitimate submissions, or we allow people to
override it by submitting a CAPTCHA. Former doesn't work, my own comment
just got detected as spam by two different external services (Defensio and
FSpamList) for completely unknown reasons. And we got several emails from
people who couldn't submit tickets because of it. But the latter doesn't
work neither because there are idiots like linaroy1 who are too stupid to
understand that their spam gets deleted the same day (and most often the
same hour) it gets submitted and so that it's completely useless to persist
with it.

Third, CAPTCHA also has the same weight for Trac when it's entered at the
registration page and on ticket submission one. Which means that it's even
trickier to ensure that anybody can register (because there is really no
fool proof way to recognize spammers at this level and not allowing real
users to register is pretty bad) but make more difficult for spammers to
submit spam later.

Anyhow, I've tweaked Trac filters again: it looks like Akismet recognizes
all spams submitted so far as spams and doesn't seem to have any false
positives, so I'll let it override the CAPTCHA score. So if any of the
simple minded checks like FSpamList or BotScout identify your content as
spam, you would be able to solve a CAPTCHA to still submit it. But if
Akismet does, it won't pass it at all.

Let's see how it goes...
VZ
--
TT-Solutions: wxWidgets consultancy and technical support
http://www.tt-solutions.com/
Loading...