Subject: Re: Spammers have discovered

Re: Spammers have discovered

From: Peter Stuge <>
Date: Tue, 1 Mar 2011 22:41:22 +0100

Hey everyone,

Mark Riordan wrote:
> Alas, it seems that bad guys have discovered a way to spam us.

Yeah. I've deleted the tickets, but they can of course create new.

> Is there a way to require administrator approval of new accounts
> on

The spam thing is pretty much impossible to solve perfectly in an
automated way.

I've seen spamming both on the libusb and the libssh2 Tracs that
I'm hosting.

One way to fight the spam is to make it increasingly difficult to
input information into Trac, but on the other hand that is absolutely
counter it's purpose in the first place. We want it to be *easy* to
create tickets and update wiki pages. I consider the ideal to be that
no signup at all is required.

Captcha adds another hurdle, but is easily circumvented. Spammers
set up porn sites where they make real humans solve real captchas
to access content. Except the captcha actually comes from a different
site (us) which spammers want to spam. Another method is to pay cheap
labour to do nothing but solve captchas all day long.

My point is that raising the bar a little, using any technical
solution, will only hold off spammers for so long, and annoys
legitimate users. I would like very much to find a sustainable
solution and preferably one which doesn't inconvenience legitimate

I believe moderation is the only thing that will work. I've been
ogling the TicketModerator plugin over here:

Just that I'm not sure it works exactly the way I would like to.. I
do want to try it out though. Actual people will need to moderate
Trac submissions, and I'd like to propose that we all help with that,
so that no single person is overwhelmed with the work and maybe as a
bonus we'll also cover different time zones. Not in any way expected
to have instant feedback of course.

Received on 2011-03-01