Re: [Openvpn-devel] SPAM on trac

Tue, 03 May 2016 06:57:10 +0000 

Hi,

I turned on several new external content scanning spamfilters. In the
process I had to upgrade Trac and the Trac spam filtering plugin. We
used to only have Akismet, because we didn't really have any big spam
issues. Now we have all of these activated:

- Akismet (http://akismet.com/)
- Blogspam (http://blogspam.net/)
- StopForumSpam (http://stopforumspam.com/)
- BotScout (http://botscout.com/)
- Fspamlist (http://www.fspamlist.com/)

Based on spam monitoring and Trac logs the filters seem to work, but
we'd need actual spam attempts to prove that[*]. Right now the "karma"
setup on Trac is such that if one service thinks the content is spam
then the edit will be rejected. I also reduced the maximum number of
edits per IP to 5 per hour, and activated Google reCAPTCHA. I did not
see reCAPTCHAs, though, when doing ticket test edits, so it might only
apply to anonymous edits; in that case it would be useless for us.

There are a few other spam detection services which we can probably
activate later:

- Spamwipe (http://spamwipe.com/): registration does not work atm
- Mollom (http://mollom.com/)

I also did a mass removal of the spam Wiki pages (500+). The bastards
had contaminated some of our useful Wiki pages, but deducing which ones
was fairly easy given direct access to the database. I believe I managed
to delete all the contaminated revisions.



Hi,

I setup urlwatch to watch the "Recent changes" page every ten minutes:

<https://community.openvpn.net/openvpn/wiki/RecentChanges>
Adding, deleting or modifying a Wiki page will now trigger an email notification. The attack such as the last one would have triggered a huge number of emails and would have allowed us respond much faster. The Trac front page has been successfully monitored for a long while, resulting in removal of quite a bit of attachment spam. Notifications to Trac tickets are already sent to #openvpn-devel IRC channel, so that part is covered already.
Right now the notification emails go only to me, but sending them to additional people would improve our response time. I don't expect a huge number of emails, even though RecentChanges page will see more activity than Wikistart.
Let me know if you want to help monitor the Wiki and I'll add your email to the urlwatch list. 

--
Samuli Seppänen
Community Manager
OpenVPN Technologies, Inc

irc freenode net: mattock

Reply via email to