[Twisted-Python] Status of trac upgrade

Jonathan Vanasco twisted-python at 2xlp.com
Thu Jun 19 13:08:35 MDT 2014 

On Jun 18, 2014, at 8:43 PM, exarkun at twistedmatrix.com wrote:

> This is a nice thought but I think it's entirely misguided.
> 
> Overcoming simplistic, automated obstacles is what spammers have been learning how to do extremely well for several decades now.  If you choose to participate in this arms race with them, you can win by put in slightly more effort than them - from now until forever.

I generally agree.  Spam will always get through.  But if you put a tiny amount of effort in, you can effectively block 99% of spam; and make working with that 1% much easier.  There are a lot of smart spammers; there are more stupid and lazy ones.

Spammers are generally smart at innovating over long periods of time, but their short-term attacks are pretty bad.  If something gets noticed as a possible spam target by a network of compromised machines, the attacks are relentless.  One particular IP block hits a particular trac install of mine  every 5 seconds to make new tickets and check old ones -- even weeks after I configured their entire network to 403.    If you keep some rules updated, and can integrate fail_2_ban, that entire process is automated. 

> Also, Apache isn't used anywhere on twistedmatrix.com so it would be rather difficult to deploy anything based on mod_security anyway.

I don't use Apache either.  I use nginx as a frontend gateway to pass back to Twisted / Pyramid / etc.  There's been mod_security support for nginx ( java and iis too ) for a few years.

But trac is going through TwistedWeb/11.1.0, so that point is moot.

But if you ever run a project that uses nginx on the front, you can use mod_security on it.  The install is a bit weird, but it works.  

... 

In any event, turning off trac and using raw sql queries was the best route to managing the trac database.

If you pay attention to your server logs to see which ip addresses hit the "create" and "view" tickets a lot, you'll probably note a few IP blocks that have seem to have a "pair" of spiders working together on different machines.  one creates spam, the other harvests tickets for email addresses.  

there were a handful of servers in the 96.47.2xx.x space responsible for most of my spam.  i'd say probably 80%.  

The specific ips all ranked high on the Honeypot blacklist with hundreds of thousands of reports -- http://www.projecthoneypot.org/list_of_ips.php










-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://twistedmatrix.com/pipermail/twisted-python/attachments/20140619/5d0d258e/attachment.html>

More information about the Twisted-Python mailing list