Re: [Twisted-Python] Status of trac upgrade

Wed, 18 Jun 2014 17:46:23 -0700 

On 18 Jun, 10:59 pm, twisted-pyt...@2xlp.com wrote:


On May 29, 2014, at 9:13 AM, Hynek Schlawack wrote:

So what *is* the status?  The current state is really hardly bearable; 
the spam is taking completely over. :(  Wasn’t there a successful dry 
run at the PyCon sprints?



I recently had a similar problem.  I didn't realize a "one click 
install" on my shared provider for a private SVN repo created a public 
trac instance.  there were nearly 1MM spam tickets in a 700MB sqlite 
database



I ended up killing all tickets; but was able to use a raw sqlite3 
connection on the db file to get in there and analyze the tickets ( and 
delete them )


Trac 1.0 has a spam filter -- http://trac.edgewall.org/wiki/SpamFilter


Once upon a time, there was a mod_security plugin called ScallyWhack 
that was dedicated to Trac spam.  It was officially supported by 
mod_security and still has a reserved rules range. unfortunately, it's 
disappeared off the net.



I had to take my trac instance offline while working.  my install was 
"known" to a few dozen botnets, and they kept hitting it.  everything 
would lock up.  if you can find any mod_security integration, I would 
strongly suggest using it -- because you can have the rules trigger an 
integration with fail_2_ban and just keep ip addresses/ranges from ever 
touching trac.


This is a nice thought but I think it's entirely misguided.


Overcoming simplistic, automated obstacles is what spammers have been 
learning how to do extremely well for several decades now.  If you 
choose to participate in this arms race with them, you can win by put in 
slightly more effort than them - from now until forever.



Considering the Twisted project apparently lacks even the ability to put 
a slight bit of effort even once (at least, not without gathering its 
strength to do so for two or three months first), this doesn't strike me 
as likely to happen.



Also, Apache isn't used anywhere on twistedmatrix.com so it would be 
rather difficult to deploy anything based on mod_security anyway.


Jean-Paul

_______________________________________________
Twisted-Python mailing list
Twisted-Python@twistedmatrix.com
http://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python






















					Reply via email to