WordPress.org

Make WordPress Core

Opened 4 years ago

Last modified 8 months ago

#11905 reopened defect (bug)

trac spam

Reported by: scribu Owned by: ryan
Milestone: WordPress.org Priority: normal
Severity: normal Version:
Component: WordPress.org site Keywords:
Focuses: Cc:

Change History (32)

comment:1 scribu4 years ago

  • Milestone WordPress.org site deleted
  • Resolution set to fixed
  • Status changed from new to closed

comment:2 scribu4 years ago

  • Resolution fixed deleted
  • Status changed from closed to reopened

comment:3 follow-up: dangayle4 years ago

Please, the spam from the WordPress trac generates a LOT of emails if you're subscribed to the wp-trac mailing list. It makes it really difficult for gmail to distinguish what is real and what is spam, so the filter doesn't work the greatest.

Just install SpamFilter or something. It even uses Akismet!

comment:4 in reply to: ↑ 3 ; follow-up: nacin4 years ago

Replying to dangayle:

Please, the spam from the WordPress trac generates a LOT of emails if you're subscribed to the wp-trac mailing list. It makes it really difficult for gmail to distinguish what is real and what is spam, so the filter doesn't work the greatest.

Surely. For Gmail, my wp-trac filter is set to never send any of them to spam if they're from the proper email address. Then I deal with the very rare spam comment flood manually.

Just install SpamFilter or something. It even uses Akismet!

We have Akismet installed. It wasn't working right last time we had a spam issue, but I think Barry has addressed that.

Whenever we do have an issue, we'll all notice it pretty quickly thanks to wp-trac. (If not, hop into #wordpress-dev.) We can then make Trac read-only temporarily, block the dotorg account, and run a query to remove the comments.

comment:5 in reply to: ↑ 4 dangayle4 years ago

Replying to nacin:

Then I deal with the very rare spam comment flood manually.

I get viagra emails from trac daily. It makes me start to question myself. (lol)

comment:6 nacin3 years ago

  • Resolution set to fixed
  • Status changed from reopened to closed

comment:7 scribu3 years ago

  • Milestone set to WordPress.org
  • Resolution fixed deleted
  • Status changed from closed to reopened

comment:9 scribu3 years ago

Couldn't something like this plugin be implemented on the wp.org signup:

http://wordpress.org/extend/plugins/stop-spammer-registrations-plugin/

Tag: tracspam

Last edited 3 years ago by scribu (previous) (diff)

comment:13 nacin3 years ago

I've nuked seolife, downloadbook, propostaff. Unfortunately due to the way Trac implements HTTP auth, I don't think I can invalidate their cookies.

duck_ noticed that our Trac spam tools aren't enabled properly. I'll be working with Barry at some point soon to fix this.

comment:17 dd322 years ago

User: http://profiles.wordpress.org/users/uggbootsspace

Nuked/took over account

duck_ noticed that our Trac spam tools aren't enabled properly. I'll be working with Barry at some point soon to fix this.

It looks to me like it's simply the Trust level set for users that's causing it to never trigger. The other trigger levels probably need tweaking too though.

comment:19 follow-up: SergeyBiryukov2 years ago

Someone's trying to sneak spam links into their replies.

http://core.trac.wordpress.org/ticket/18465#comment:38
http://core.trac.wordpress.org/ticket/19971#comment:6

I've removed the links, but was tempted to remove the comments entirely.

comment:21 nacin18 months ago

Blocked nemgavekort, revoked the Trac cookie.

comment:23 in reply to: ↑ 19 SergeyBiryukov18 months ago

Someone's trying to sneak spam links into their replies.

http://core.trac.wordpress.org/ticket/20013#comment:8

comment:28 ocean9012 months ago

http://profiles.wordpress.org/DeanKolt

Has added attachments with links in the description: http://cl.ly/OS9h

comment:31 follow-up: c3mdigital8 months ago

I think if we change the spam users's password it will make the trac cookies invalid. I just tried it with togelini to see if it works.

comment:32 in reply to: ↑ 31 nacin8 months ago

Replying to c3mdigital:

I think if we change the spam users's password it will make the trac cookies invalid. I just tried it with togelini to see if it works.

It won't. But we have a Revoke Cookie tool I used on togelini: http://joncave.co.uk/2011/10/trac-cookie-revocation/

Note: See TracTickets for help on using tickets.