Timo, List, hello. I've been discussing this issue with Sameer over IM, and here is quick summary of the different options we have: * Clean the trac database with a tool like this one: http://sourceforge.net/projects/sqlitemanager/ Since we're not getting *that* much spam yet, this could be a viable solution. Timo, could you install that tool on the svn server and password-protect it? * Hack trac and add a captcha to the key forms. I could take care of this, I think. * Ban spammers on an IP basis. This is unreliable, actually. We'd have to take a look at apache's logfile and see where the spammers have been coming from. * Ban spammers at apache configuration level, by checking the POST data against some keywords. This is rather effective, and doesn't require much work. * Hide the Trac web interface behind a HTTP Basic Auth form and give out the password to everyone, hoping the spams are automated and not hand-crafted. What do you guys think of these solutions? Timo, do you think I could get ssh access to the server and take a look around? -m