The Artima Developer Community
Articles | News | Weblogs | Books | Forums
Artima Forums | Articles | Weblogs | Java Answers | News
Sponsored Link

Ruby Buzz Forum
Fighting Trac Spam

0 replies on 1 page.

Welcome Guest
  Sign In

Go back to the topic listing  Back to Topic List Click to reply to this topic  Reply to this Topic Click to search messages in this forum  Search Forum Click for a threaded view of the topic  Threaded View   
Previous Topic   Next Topic
Flat View: This topic has 0 replies on 1 page


Posts: 201
Nickname: cfis
Registered: Mar, 2006

Charlie Savage
Fighting Trac Spam Posted: Jan 28, 2008 7:57 PM
Reply to this message Reply

This post originated from an RSS feed registered with Ruby Buzz by .
Original Post: Fighting Trac Spam
Feed Title: cfis
Feed URL: http://cfis.savagexi.com/articles.rss
Feed Description: Charlie's Blog 		Latest Ruby Buzz Posts
Latest Ruby Buzz Posts by
Latest Posts From cfis

Advertisement

For MapBuzz, we use a popular open source project called Trac for managing our bugs, feature requests, release schedules, etc.  As long as you don't have complex requirements, Trac is pretty good - its a lot more pleasant to use then expensive commercial products such as Rational ClearQuest.

Unlike ClearQuest, Trac is designed to live on the Web.  But living on the Web can be dangerous - in recent months our database was getting overwhelmed by spam.  Cleaning it out was becoming a tedious, daily chore.

After trying a variety of counter  measures over a period of a few months, I finally gave up and handed it over to Anders (and do take a look at the very cool URI he has).  It took him about one minute to diagnose the problem - spammers weren't coming in through the front door, they were coming in through the back door.  I had assumed that spammers were using Trac's web interface to futher their nefarious causes, but instead they were using our automated email ticket submission system.  The way that works is when an error is generated, either on a MapBuzz client or server, an email with all the relevant information is sent to trac@mapbuzz.com.  Bugs submitted that way are easy to spot - we use the imaginative names "MapBuzz Client Error" or "MapBuzz Server Error" for them.

The solution was obvious - only let computers from within the mapbuzz domain email tickets.  But figuring out how to do it was another thing.  The problem with not having a full-time admin is that there is always a huge startup cost in fixing IT problems as you rack your brain trying to remember how some complex piece of sofware works.  In this case it was Postfix, and after an hour of rummaging through manuals, we finally discovered the right incantation.  Undoubtedly there are other ways to do this, and probably better, but we added the following line to the file roleaccount_exceptions:

# Only allow sending to trac from local domain
trac@mapbuzz.com permit_mynetworks,reject

Or in English, only machines in the MapBuzz domain can send tickets to Trac. And Voila - no more spam!

Read: Fighting Trac Spam

Topic: RubyCamp Notes - Rack, Merb, and Rubinius Previous Topic   Next Topic Topic: Growth in Ruby jobs relative to Java
Sponsored Links


Google
  Web Artima.com   

Copyright © 1996-2019 Artima, Inc. All Rights Reserved. - Privacy Policy - Terms of Use