WordPress.org

Make WordPress Core

Opened 6 years ago

Closed 8 months ago

Last modified 8 months ago

#11905 closed defect (bug) (invalid)

trac spam

Reported by: scribu Owned by:
Milestone: Priority: normal
Severity: normal Version:
Component: WordPress.org site Keywords:
Focuses: Cc:

Change History (35)

#1 @scribu
6 years ago

  • Milestone WordPress.org site deleted
  • Resolution set to fixed
  • Status changed from new to closed

#2 @scribu
6 years ago

  • Resolution fixed deleted
  • Status changed from closed to reopened

#3 follow-up: @dangayle
6 years ago

Please, the spam from the WordPress trac generates a LOT of emails if you're subscribed to the wp-trac mailing list. It makes it really difficult for gmail to distinguish what is real and what is spam, so the filter doesn't work the greatest.

Just install SpamFilter or something. It even uses Akismet!

#4 in reply to: ↑ 3 ; follow-up: @nacin
6 years ago

Replying to dangayle:

Please, the spam from the WordPress trac generates a LOT of emails if you're subscribed to the wp-trac mailing list. It makes it really difficult for gmail to distinguish what is real and what is spam, so the filter doesn't work the greatest.

Surely. For Gmail, my wp-trac filter is set to never send any of them to spam if they're from the proper email address. Then I deal with the very rare spam comment flood manually.

Just install SpamFilter or something. It even uses Akismet!

We have Akismet installed. It wasn't working right last time we had a spam issue, but I think Barry has addressed that.

Whenever we do have an issue, we'll all notice it pretty quickly thanks to wp-trac. (If not, hop into #wordpress-dev.) We can then make Trac read-only temporarily, block the dotorg account, and run a query to remove the comments.

#5 in reply to: ↑ 4 @dangayle
6 years ago

Replying to nacin:

Then I deal with the very rare spam comment flood manually.

I get viagra emails from trac daily. It makes me start to question myself. (lol)

#6 @nacin
6 years ago

  • Resolution set to fixed
  • Status changed from reopened to closed

#7 @scribu
5 years ago

  • Milestone set to WordPress.org
  • Resolution fixed deleted
  • Status changed from closed to reopened

#9 @scribu
5 years ago

Couldn't something like this plugin be implemented on the wp.org signup:

http://wordpress.org/extend/plugins/stop-spammer-registrations-plugin/

Tag: tracspam

Last edited 5 years ago by scribu (previous) (diff)

#13 @nacin
5 years ago

I've nuked seolife, downloadbook, propostaff. Unfortunately due to the way Trac implements HTTP auth, I don't think I can invalidate their cookies.

duck_ noticed that our Trac spam tools aren't enabled properly. I'll be working with Barry at some point soon to fix this.

#17 @dd32
5 years ago

User: http://profiles.wordpress.org/users/uggbootsspace

Nuked/took over account

duck_ noticed that our Trac spam tools aren't enabled properly. I'll be working with Barry at some point soon to fix this.

It looks to me like it's simply the Trust level set for users that's causing it to never trigger. The other trigger levels probably need tweaking too though.

#19 follow-up: @SergeyBiryukov
4 years ago

Someone's trying to sneak spam links into their replies.

http://core.trac.wordpress.org/ticket/18465#comment:38
http://core.trac.wordpress.org/ticket/19971#comment:6

I've removed the links, but was tempted to remove the comments entirely.

#21 @nacin
4 years ago

Blocked nemgavekort, revoked the Trac cookie.

#23 in reply to: ↑ 19 @SergeyBiryukov
4 years ago

Someone's trying to sneak spam links into their replies.

http://core.trac.wordpress.org/ticket/20013#comment:8

#28 @ocean90
3 years ago

http://profiles.wordpress.org/DeanKolt

Has added attachments with links in the description: http://cl.ly/OS9h

#31 follow-up: @c3mdigital
3 years ago

I think if we change the spam users's password it will make the trac cookies invalid. I just tried it with togelini to see if it works.

#32 in reply to: ↑ 31 @nacin
3 years ago

Replying to c3mdigital:

I think if we change the spam users's password it will make the trac cookies invalid. I just tried it with togelini to see if it works.

It won't. But we have a Revoke Cookie tool I used on togelini: http://joncave.co.uk/2011/10/trac-cookie-revocation/

#33 @ryan
23 months ago

  • Owner ryan deleted
  • Status changed from reopened to assigned

#34 @chriscct7
8 months ago

  • Milestone WordPress.org deleted
  • Resolution set to invalid
  • Status changed from assigned to closed

This doesn't appear to be a problem anymore. If it becomes a problem again, the ticket for this should be on meta.trac.wordpress.org, not here. Closing as invalid.

#35 @netweb
8 months ago

Just to add here that Trac admins should still be able to access the cookie revoke tool in Trac admin if and when needed

Note: See TracTickets for help on using tickets.