Tuesday 14th July 2009
Trac SpamFilter Plugin
My repository trac instance has recently attracted the interest of a pill-spammer, so I installed trac-spamfilter-plugin with a view to making life awkward for the spammer. Whilst it was easy enough to install, I had a few issues with it.
The checkbox to enable Logging consistently forgot it should be checked, though the setting in trac.ini was correct (ticket/6130)
Even though I had enabled Logging, nothing was getting logged, which in turn meant that I had to manually train the Bayes classifier
This latter problem turned out to be due to the (default) assumption by the SpamFilter plugin that authenticated users are to be trusted, i.e. not to have their submissions vetted by the spam filter. This assumption doesn't hold true when, as in my case, the AccountManager plugin is used to enable users to register themselves. The spammer was registering himself (or herself) and using the newly-created account to spam the wiki. This behaviour can be turned off, but not using the Admin pages in a browser. Instead, the following option needs to be added in the [spam-filter] section of trac.ini:
[spam-filter] trust_authenticated = false
It's also necessary to make test submissions from an account that doesn't have TRAC_ADMIN permission - admins bypass the spam filter too, and that can't be turned off.
Fedora Project
Became co-maintainer of trac-spamfilter-plugin (with JesseKeating) and updated F-11 and Rawhide to svn revision 8330
Local Packages
Updated contagged to 0.7.0 (adds QR_Code support)
Updated perl-Test-ClassAPI to 1.06 (build system and test changes, nothing functional)
Updated python-setuptools to fix its inability to handle subversion checkouts made with subversion 1.6 (Bug #511021)