On 11/27/2010 01:39 AM, Colin Barrett wrote: > Rudy Richter reports that the earliest spam ticket was #14656 and the last > was #14814.
The Cappuccino announcements made it look like there's at least one good ticket in that range, so a massive ticket range killing might not be a good idea. > John Bailey suggests installing TracSpamFilter filter, limiting the number of > tickets per hour (for the authenticated group, presumably), requiring email > addresses <snip> Actually, the spam filter plugin makes no distinction among groups, except that TICKET_ADMIN users are exempt from spam filtering on tickets. There are some other interesting filters in there such as Akismet, TypePad, an external links filter, and a regex-based filter that uses a wiki page called BadContent (that only WIKI_ADMINs can edit). I don't know if it's possible to change the threshold for the external links filter, but the default value has worked extremely well for me. In the trac environment I have this plugin installed in, I have the max_posts_by_ip option set to 5. I had this set to 3 originally, but ran into a few cases where it was not enough. The other settings will likely need significantly different values for your trac than for mine. I also have the spam filter configured such that a user is required to provide a name and e-mail address. If neither are provided, the submission is always treated as spam. This pretty much enforces that the user must fork over some information even if he/she gets around the e-mail verification without providing a valid address. Requiring e-mail verification (AccountManager plugin) was the single most effective spam deterrent I discovered. External Links filtering was the second most effective. The throttling was the next most effective, but it only limited the damage when a successful attack was made. John
signature.asc
Description: OpenPGP digital signature
