Spam in trac tickets

Bruce Dubbs bruce.dubbs at gmail.com
Sat Apr 7 17:05:51 PDT 2007


Jeremy Huntwork wrote:
> On Sat, Apr 07, 2007 at 12:03:36PM -0500, Bruce Dubbs wrote:
>> I deleted spam from lfs-book and blfs-book, both mail and trac tickets,
>> this morning.  Do we need to make the books ticket system so only
>> authorized (vice registered) users can create or modify tickets?
> 
> You did? I also deleted a bunch of spammish comments from the LFS trac
> database about an hour ago. The corresponding messages still appear in
> the mailman archives, though, and I'm not sure how to get rid of them.
> For example:
> http://linuxfromscratch.org/pipermail/lfs-book/2007-April/062123.html
> 
> As far as the LFS ticket system goes, it's already set so that only
> authorized users can modify tickets. However, I think it's open to
> anyone to register. I'm not sure how the BLFS system is set up.

Yes, I did.  There were several in blfs-book and lfs-book that were made
this morning.  They were from a user named 'zlgdgzl' which was the most
recent registered 'user'.  The comments were copied from another
legitimate ticket and had a spammish link attached.  The first comment
looked legitimate (except for the link), but all the others were exact
copies.

You are right about the registration.  Anyone can register and then spam
away on both the lfs and blfs trac ticket systems.  About the only thing
I can think of is to require an admin to verify and explicitly allow the
creation or update capabilities for new registrations.

  -- Bruce



More information about the lfs-dev mailing list