My Site
Categories
Preventing spam on trac
Note: There is a HOW-TO written up to show users how to deploy the information in this article.

The Exaile website and project uses trac to manage the homepage wiki, and ticket system. Trac is a great product, but a lot of users end up getting spam at some point.

We solved this problem for a while by installing two spam filtering plugins, and installing Trac's Account Manager Plugin. This requires a user to register for the site before they can post tickets and/or make comments on existing tickets (the default behavior for trac is to allow anyone at all post).

Spam bots and otherwise started getting around this anyway.

One of the Jokosher developers is a user of Exaile, and he found out about our dilemma. He told us how they managed to stop spam.

They simply added a field to their registration form that says "What is the name of our audio editor?". The answer is so obvious. Jokosher is the name. It's in the domain name of the site. It's in the logo at the top of the page.

They claim this stopped spam all together, even better than an image captcha. The idea is that even if a bot can't get around the registration, spammers will employ human spammers for special exceptions. An image captcha doesn't prevent spam from these people at all... they can see the answer right in front of their eyes. However, it's probably not cost effective to make them look around for something a legit user would already know.

I made some changes to Trac's Account Manager. I added a field that says "What is Adam Olsen's IRC nickname". My nickname is in several obvious places on the website, not to mention, there's a two click way to get into the IRC channel via CGI::IRC. In future releases of Exaile, a keyword will be available in the Exaile about dialog which will be required to register.

I've written up a howto on modifying the plugin.

Note: I only just deployed this on our site. I'll keep you updated on how it works out.

vim tip: TOhtml

Sometimes you want to post your code on a website somewhere. Sometimes it's nice to have this code display with the syntax highlighting you see in vim. Just type @:TOhtml@, and a new window window will open up with the html for the code you were looking at. Note, that all the coloring will be the same coloring you have for the current vim colorscheme your using (even the background color), so be sure to pick a colorscheme that matches your site before you do this.
Filed under: Miscellaneous, Linux
Comments:

From Wayne Walker on July 7 @ 4:20 p.m. 2008

Great post! Thank you.
The link for the Howto is wrong though. It points to:
http://exaile.org/trac/wiki/HackingTracAccountManager
but should be:
http://www.exaile.org/wiki/index.php?title=Misc:HackingTracAccountManager

Add a comment:
captcha

Optional, for comment reply notifications
 
Note: If you enter your email address, you will be subscribed to this article and will recieve comment updates via email. This is the only thing your address will be used for. A link will be provided at the end of each email that will allow you to unsubscribe should you need to, or you can go to http://synicworld.com//unsubscribe to unsubscribe from any/all updates.