As you can tell, our Trac ticket system is getting spammed. Someone is
going to the trouble of creating new accounts (all of them @yahoo.com),
then using their status as "authenticated" users to create new tickets.
To the best of my knowledge, anyone can set up an account on our Trac
site. As I read our Permissions page, "authenticated" users have both
TICKET_CREATE and TICKET_APPEND permissions. So if someone wants to
automate the process of setting up an account, she can subsequently both
create and post to tickets.
Even though anyone can join our mailing lists, we don't have much of a
problem there. Instead, we get a daily trickle of attempted posts by
non-users. The mailing list admins (whiteknight and myself) have to
manually reject these.
If we were to take away either the TICKET_CREATE or TICKET_APPEND
privileges from "authenticated" users and restrict them to "developers,"
we could avoid these spam postings -- but at the cost of making creation
of bug tickets more difficult, as someone would have to grant a poster
"developer" permissions.
Suggestions?
Thank you very much.
kid51
_______________________________________________
http://lists.parrot.org/mailman/listinfo/parrot-dev
