Thanks for the account data, Timo. Since I don't have enough permissions to install sqlitemanaget I've manually deleted the spam comments from the trac database. Reminder for future cleanups: delete from ticket_change where ticket=183 and newvalue like '%http%'; Please alert me of any other spam comment you may notice. And, as a matter of fact, of the seven deleted spam message, the first two came from 148.244.150.xxx (Mexico) and the latter from 195.175.37.xxx (Turkey) I think that running "sudo iptables -I INPUT -s 195.175.37.0/24 -j DROP" on the svn server would be a good short-term strategy. -m On 11/25/05, Sameer D'Costa <sameerslists at gmail.com> wrote: > Hi Timo, > Thanks for doing this. If needed, I am willing to babysit the trac > installation for routine things like deleting spam. My IM contacts are > available if you click on my username in the forums. > > The other spam ticket on the trac website is at > http://projects.edgewall.com/trac/ticket/1145 > It doesnt look very promising.... > > Sameer > > > > On Fri, Nov 25, 2005 at 09:16:53PM +0100, SUGLIANI Timo wrote: > > > Date: Fri, 25 Nov 2005 21:16:53 +0100 > > From: SUGLIANI Timo <rannis at free.fr> > > To: gregarius-dev at sinless.org > > Subject: Re: [greg-dev] spam in the trac tickets > > Reply-To: gregarius-dev at sinless.org > > > > Hi all, > > > > I was thinking about some of these solutions too, but first of all to > > keep clear, this server is used by some more projects, so i can't just > > fix trac here, then here just for this purpose, it's also a packaged > > trac version from debian "stable" release, so it's would actually > > be system-wide changes. > > > > The IP ban possibility and apache configuration will not be possible > > on this server, but as i just told, anything in "gregarius" userspace > > is possible :) (for example installing sqlitemanager for now and > > deleting manually every spam until trac correct this ;) or another > > hack based on trac 0.9 like captchas if you wanna try it, etc...) > > > > At the moment i don't have "much time" to work on this but Marco, > > I will forward you an ssh account for this project :) If you have > > some time just do as you please :) > > > > Anyway you could forward me your "im" contacts too ;) it would be > > easier to ask me anything quickly :) > > > > I'm "complaining" on the trac website about this issue too it this > > ticket for the possibility to edit/delete comments, if you want to > > follow it : > > http://projects.edgewall.com/trac/ticket/454 > > > > There is another ticket about spam but the link is at work, i will post > > it later ;) (just search anyway it should be findable) > > > > SUGLIANI Timo. > > > > PS: check your mail, account informations should be mailed soon. > > > > > > Marco Bonetti wrote: > > >Timo, List, hello. > > > > > >I've been discussing this issue with Sameer over IM, and here is quick > > >summary of the different options we have: > > > > > >* Clean the trac database with a tool like this one: > > >http://sourceforge.net/projects/sqlitemanager/ > > >Since we're not getting *that* much spam yet, this could be a viable > > >solution. > > > > > >Timo, could you install that tool on the svn server and password-protect > > >it? > > > > > > > > >* Hack trac and add a captcha to the key forms. I could take care of > > >this, I think. > > > > > >* Ban spammers on an IP basis. This is unreliable, actually. We'd have > > >to take a look at apache's logfile and see where the spammers have > > >been coming from. > > > > > >* Ban spammers at apache configuration level, by checking the POST > > >data against some keywords. This is rather effective, and doesn't > > >require much work. > > > > > >* Hide the Trac web interface behind a HTTP Basic Auth form and give > > >out the password to everyone, hoping the spams are automated and not > > >hand-crafted. > > > > > > > > > > > >What do you guys think of these solutions? Timo, do you think I could > > >get ssh access to the server and take a look around? > > > > > > -m > > > > > >_______________________________________________ > > >gregarius-dev mailing list > > >gregarius-dev at sinless.org > > >http://sinless.org/mailman/listinfo/gregarius-dev > > > > > _______________________________________________ > > gregarius-dev mailing list > > gregarius-dev at sinless.org > > http://sinless.org/mailman/listinfo/gregarius-dev > _______________________________________________ > gregarius-dev mailing list > gregarius-dev at sinless.org > http://sinless.org/mailman/listinfo/gregarius-dev >