#5121 https://fedorahosted.org NEEDS_TRIAGE is being SPAMMED
Closed: Fixed None Opened 6 years ago by mharmsen.

= phenomenon =
I recently filed [https://fedorahosted.org/fedora-infrastructure/ticket/5093 https://fedorahosted.org/pki/ NEEDS_TRIAGE is being SPAMMED] as our TRAC instance has recently come under siege from SPAM.

I received the following reply:

We are actually looking at an upgrade to trac 1.0 before too long. We want to move
to a rhel7 based fedorahosted. We don't have a specific timeline for this yet, just
as soon as we can get everything in place.

We may want to look at our captcha on fedora account system accounts, as it seems
like all these people got past that to spam, perhaps something is failing there. ;(

There's nothing else I know of that people are using for spam prevention, it's just
not been a problem until recently. ;(

= reason =

I was asked by my colleagues to file a top-level Fedora Infrastructure Ticket as the SPAM has not improved, and if anything, has become even more prevalent.

= recommendation =

We would like to know if you are any closer to a solution, or if we should take action on our own website by limiting who can address our PKI TRAC Instance?

Please provide feedback on what the best coarse of action is --- thanks!

Filing another ticket on the same ongoing issue seems pointless to me, but ok.

If the issue is getting worse/ongoing, PLEASE let us know, we can't try and do anything if we don't know the problem is persisting.

Very short term: Can you restrict the TICKET_CREATE and TICKET_EDIT permissions to some group? Or do you need the tracs to be fully available to any authenticated user?

Very short term: We can disable accounts that are spamming if we get a list of them and we can delete spam tickets if we get a list of them. Thats long any kind of long term solution however. Can you perhaps mail those as you see them to admin@fedoraproject.org? or I guess update the ticket here...

Medium term: perhaps we can come up with a automated scanner that looks for spam stuff and deletes the tickets often. Or everytime it sees a change. ;(

Longer term: we can try and work on moving to newer trac, but the problem here seems to be that there's a group of humans (loosly speaking) doing this so I am not convinced captcha will help too much. They have also been attacking our wiki.

If you can give me a few example spam ticket URLs, I will update my spam checker to also check for trac messages and delete those when it sees them.

Replying to [comment:4 puiterwijk]:

If you can give me a few example spam ticket URLs, I will update my spam checker to also check for trac messages and delete those when it sees them.

They appear to contain random generated ramblings which come from randomized users who seem to be breaching the primary FAS.

All PKI tickets that have been marked as SPAM have been redirected to the N/A Milestone.

This can be seen by running PKI Report 36 - PKI SPAM Tickets:
* https://fedorahosted.org/pki/query?milestone=N/A&status=assigned&status=new&status=reopened&col=id&col=summary&col=status&col=component&col=reporter&col=owner&col=reviewer&col=rhbz&col=blockedby&col=blocking&order=priority&group=priority&report=36

As far as I can see, both 389 and pki have been cleared at this moment.
If anyone sees any other tracs that have spam, or more spam on either of those, let me know and I'll run my automated cleanup script.

We have now:

  • Modified our new account process to stop the spam accounts from being made.
  • deactivated all the known spam accounts that existed.
  • Run a one time script over trac (and our wiki which they were also spamming) to remove all easily identifiable spam.
  • Have a script running to monitor for new spam appearing so we can adjust things if neeed.

Sorry for this incident, but hopefully we have it fixed up now.

Please re-open if there's anything else we can do for you or you notice something we missed. Thanks.

Login to comment on this ticket.