On Sun, Jul 08, 2007 at 01:51:11PM +0200, Ralph Passgang wrote: > I think captchas for "anonymous" users that are not logged in is a good idea > in general, because the simple question is what is harming our project more. > This kind of spam attacks every week or maybe one or two users that don't > submit a bug report because of the captcha "feature", but for the registered > users (mainly developer) that would be a pain in the ass and absolutly > unneeded for them.
For sure. Seems like tg's browser doesn't support sessions, too. :) > But if captcha's, then please some kind of captcha that is easy to read. Some > captchas used today in the web are even to hard even for humans. Well, I also would appreciate a solution using figlet, and it's wonderfully readable, too. > Another possibilty would be some timing based algorithm. No "human" anonymous > user can update 50+ tickets within just 1-2 seconds. Allowing 1 update per > minute and ip would be a resonable value (for anonymous users) in my opinion. This is already checked by trac's Spamfilter. Maybe we should raise the points for it, though. > And last but not least. Have I understood it correctly, that anonymous users > can send mail though our ticketing system? If so, we should disable the > possibility to use the ticketing system for sending mails (at least again for > the anonymous users). One can specify a "Cc" address when submitting a ticket. Maybe we should disable this feature? I think it's worse enough that all developers get the spam by email. > Sounds like hacking trac is needed :) What about upstream? They should know > about this kind of spam problem. Haven't they a working solution? Before sending my email I checked trac's settings regarding spam filtering. As you are also member of the trac_admin group, you can check them yourself. But besides adding some keywords to the "bad content" page, I have no idea what to change to make it more efficient. Greetings, Phil _______________________________________________ freewrt-developers mailing list [email protected] https://www.freewrt.org/lists/listinfo/freewrt-developers
