Boost logo

Boost :

From: David Abrahams (dave_at_[hidden])
Date: 2007-07-13 17:17:49


on Fri Jul 13 2007, Jeff Garland <jeff-AT-crystalclearsoftware.com> wrote:

> Rene Rivera wrote:
>> Recently we've had SPAM posted to the Boost trac, which I deleted almost
>> immediately. I suspect that the SPAM will increase as the Boost Trac
>> becomes "known" to the spammers. Hence it would be nice to cut off as
>> much of the SPAM as possible now. So I'm requesting that we put in some
>
> Ah, I think you can write that off -- if you have an open site you're going to
> get an occasional spammer.

And there's absolutely no reason we need to have an open site. It has
become de-rigeur that you have do a "register with an email address"
dance to get into most public fora, and as far as I can tell spam is
never a problem when that is set up.

>> SPAM filtering into Trac. Specifically there's a plugin from Edgewall
>> that offers a variety of filtering methods
>> <http://trac.edgewall.org/wiki/SpamFilter>.

I use SpamBayes (one of those methods) for my email and it works
incredibly well.

> FWIW, from my experience with the User Wiki, the main thing you need
> is the BadContent filter. 99% of all spam is a link to a site and
> you can at least prevent second occurrences of a spammer linking to
> the same site. I currently have 2500 content regex's protecting the
> user wiki.

That's exactly why you should use SpamBayes. Who wants to write
regexes for every bit of site spam?

> You're bound to have a massive attack at some point and the content
> filter is the only thing that will stop it. IP Blacklisting is
> useless all the spammers have bot nets now. IP Throttling is pretty
> much useless too - they use lots of different machines with
> different IPs. Plus, they mass spammers know how to slow down their
> bot nets to work with the throttling. After 2 hours with 10
> machines @ 5 pages/machine they can do alot of damage.

Another reason to use SpamBayes... *If* you're going to have an open
site, which we shouldn't. I know we want to make it easy to enter
tickets, but tickets without an attached email address are almost
always useless anyhow.

-- 
Dave Abrahams
Boost Consulting
http://www.boost-consulting.com
The Astoria Seminar ==> http://www.astoriaseminar.com

Boost list run by bdawes at acm.org, gregod at cs.rpi.edu, cpdaniel at pacbell.net, john at johnmaddock.co.uk