[Twisted-Python] Status of trac upgrade

[Jonathan Vanasco]

On May 29, 2014, at 9:13 AM, Hynek Schlawack wrote:

> So what *is* the status?  The current state is really hardly bearable; the spam is taking completely over. :(  Wasn’t there a successful dry run at the PyCon sprints?

I recently had a similar problem.  I didn't realize a "one click install" on my shared provider for a private SVN repo created a public trac instance.  there were nearly 1MM spam tickets in a 700MB sqlite database

I ended up killing all tickets; but was able to use a raw sqlite3 connection on the db file to get in there and analyze the tickets ( and delete them )

Trac 1.0 has a spam filter -- http://trac.edgewall.org/wiki/SpamFilter

Once upon a time, there was a mod_security plugin called ScallyWhack that was dedicated to Trac spam.  It was officially supported by mod_security and still has a reserved rules range. unfortunately, it's disappeared off the net.

I had to take my trac instance offline while working.  my install was "known" to a few dozen botnets, and they kept hitting it.  everything would lock up.  if you can find any mod_security integration, I would strongly suggest using it -- because you can have the rules trigger an integration with fail_2_ban and just keep ip addresses/ranges from ever touching trac.