Trac spam attack / spam filter reactivated
206 views
Skip to first unread message
Tim Graham
Jul 6, 2016, 10:33:54 PM7/6/16
to Django developers (Contributions to Django itself)
In the past couple hours, code.djangoproject.com experienced a spam attack of new tickets and wiki pages. After running without the spam filter for at least a couple months (I forget exactly when I deactivated it but it was sometime after we switched to requiring authenticated users to file a ticket), I've reactivated it. If you find your submissions inappropriately marked as spam, let me know so we can tune the settings.
akki
Aug 6, 2016, 7:55:18 AM8/6/16
to Django developers (Contributions to Django itself)
Hi
Recently, I would say since the past week, many of my activities on Trac are being reported as spam. Even trying to add myself to cc takes me to an error page.
I got the following message when I last tried to modify a ticket. I was changing the summary of one of the tickets:
Submission rejected as potential spam
- Akismet says content is spam
- SpamBayes determined spam probability of 93.46%
I sometimes also get a page with a captcha but without a submit button and it redirects me to another TracError page if I submit it anyways by pressing the return key.
Please take the necessary steps to mitigate this problem and let me know if there is something I could help with.
Thanks
Tim Graham
Aug 6, 2016, 8:56:34 AM8/6/16
to Django developers (Contributions to Django itself)
Yes, the bayesian spam filter is giving some false positives and the weighting is such that even if you submit the captcha, your comment still might be considered spam (spammers were completing the captchas to submit their content). You could look into if there's some other spam prevention measures in Trac that might be more effective.
akki
Aug 6, 2016, 11:17:16 AM8/6/16
to Django developers (Contributions to Django itself)
This might be a quite obvious solution but people seem to be happy with the performance of Bayesian filter when training it properly. Here are two articles I found explaining some good points to keep in mind while training the filter - edgewall-ticket-10314 and trac-wiki-spamfilters; just wanted to make sure we are not being bitten due to bad training.
Also, if the spammers, assuming they are bots, are able to solve recaptcha, we can try keycaptchas supported by Trac which are relatively harder to solve. If they are being hit manually by someone, the ip-throttling technique might tackle such a situation (but then they'll use proxies, sigh!).
Well, this is a tricky experimenting business but I hope something out of this works.
Zach
Sep 14, 2016, 6:29:40 PM9/14/16
to Django developers (Contributions to Django itself)
I'm also trying to cc myself on tickets only to get "Submission rejected as potential spam". Can we incorporate this <https://security.googleblog.com/2014/12/are-you-robot-introducing-no-captcha.html> ?. I've had better luck completing that verification.
Tim Graham
Sep 14, 2016, 8:49:56 PM9/14/16
to Django developers (Contributions to Django itself)
The difficulty is tuning the spam weights. We had spammers completing capchas and getting their posts through.
Uri Even-Chen
Sep 16, 2016, 9:50:32 AM9/16/16
to django-d...@googlegroups.com
Many messages of the Django developers and Django users mailing lists are sent into my spam folder in Gmail, and I saw messages from other users who experience the same problem. I can't filter these messages not to be sent to spam because I want them to skip my inbox, and Gmail doesn't allow to skip inbox for messages filtered never to be spam. So every day I have to search my spam folder and mark these messages as not spam. Then go to my inbox and archive them.
Any solution?
| Uri Even-Chen |
 | Phone: +972-54-3995700 Email: u...@speedy.net Website: http://www.speedysoftware.com/uri/en/     |
On Thu, Jul 7, 2016 at 5:33 AM, Tim Graham <timog...@gmail.com> wrote:
In the past couple hours, code.djangoproject.com experienced a spam attack of new tickets and wiki pages. After running without the spam filter for at least a couple months (I forget exactly when I deactivated it but it was sometime after we switched to requiring authenticated users to file a ticket), I've reactivated it. If you find your submissions inappropriately marked as spam, let me know so we can tune the settings.
--
You received this message because you are subscribed to the Google Groups "Django developers (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-developers+unsubscribe@googlegroups.com.
To post to this group, send email to django-developers@googlegroups.com.
Visit this group at https://groups.google.com/group/django-developers.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-developers/ed1a6eb5-122a-4abe-a064-68b3adb0434d%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
João Sampaio
Sep 17, 2016, 8:49:03 AM9/17/16
to django-d...@googlegroups.com
Uri, I have the messages from both those lists marked to skip inbox and not be sent to spam. Maybe you should try again? See screenshot attached.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-developers/CAMQ2MsHFct7mVJoUBOVTBJ4BBPjSs9NF%3DTRf2jjhSk1iiPkwwA%40mail.gmail.com.
Uri Even-Chen
Sep 17, 2016, 11:43:32 AM9/17/16
to django-d...@googlegroups.com
OK, I'll try again. This bug is very old (years) and maybe they fixed it.
| Uri Even-Chen |
| | Phone: +972-54-3995700 Email: u...@speedy.net Website: http://www.speedysoftware.com/uri/en/ |
To view this discussion on the web visit https://groups.google.com/d/msgid/django-developers/CAO_YKa14-9Uh_p6qS0uK-r%2B7MsSG%2BcgL5afUN3VWz7eQZDPUaQ%40mail.gmail.com.
Reply all
Reply to author
Forward
0 new messages