Hi all, I was thinking about some of these solutions too, but first of all to keep clear, this server is used by some more projects, so i can't just fix trac here, then here just for this purpose, it's also a packaged trac version from debian "stable" release, so it's would actually be system-wide changes. The IP ban possibility and apache configuration will not be possible on this server, but as i just told, anything in "gregarius" userspace is possible :) (for example installing sqlitemanager for now and deleting manually every spam until trac correct this ;) or another hack based on trac 0.9 like captchas if you wanna try it, etc...) At the moment i don't have "much time" to work on this but Marco, I will forward you an ssh account for this project :) If you have some time just do as you please :) Anyway you could forward me your "im" contacts too ;) it would be easier to ask me anything quickly :) I'm "complaining" on the trac website about this issue too it this ticket for the possibility to edit/delete comments, if you want to follow it : http://projects.edgewall.com/trac/ticket/454 There is another ticket about spam but the link is at work, i will post it later ;) (just search anyway it should be findable) SUGLIANI Timo. PS: check your mail, account informations should be mailed soon. Marco Bonetti wrote: > Timo, List, hello. > > I've been discussing this issue with Sameer over IM, and here is quick > summary of the different options we have: > > * Clean the trac database with a tool like this one: > http://sourceforge.net/projects/sqlitemanager/ > Since we're not getting *that* much spam yet, this could be a viable solution. > > Timo, could you install that tool on the svn server and password-protect it? > > > * Hack trac and add a captcha to the key forms. I could take care of > this, I think. > > * Ban spammers on an IP basis. This is unreliable, actually. We'd have > to take a look at apache's logfile and see where the spammers have > been coming from. > > * Ban spammers at apache configuration level, by checking the POST > data against some keywords. This is rather effective, and doesn't > require much work. > > * Hide the Trac web interface behind a HTTP Basic Auth form and give > out the password to everyone, hoping the spams are automated and not > hand-crafted. > > > > What do you guys think of these solutions? Timo, do you think I could > get ssh access to the server and take a look around? > > -m > > _______________________________________________ > gregarius-dev mailing list > gregarius-dev at sinless.org > http://sinless.org/mailman/listinfo/gregarius-dev >