Opened 3 years ago

Closed 2 years ago

# new user frequently created

Reported by: Owned by: matobaa otaku42 normal TracHacks normal spam-fighting permission jun66j5, osimons, otaku42 1.0

### Description

new user frequently created, but many user has no tickets or hacks. we should simply enable acct_mgr.register.BotTrapCheck.

### comment:1 Changed 3 years ago by rjollos

• Cc hasienda added; anonymous removed

I'm not familiar with that AccountManagerPlugin check. Steffen, what do you think?

### comment:2 in reply to: ↑ description ; follow-up: ↓ 3 Changed 3 years ago by hasienda

• Cc stoecker added; hasienda removed

new user frequently created, but many user has no tickets or hacks.

Thanks for letting us know.

we should simply enable acct_mgr.register.BotTrapCheck.

In fact BotTrapCheck was already enabled, but it required a string for register_basic_token to go live - done. Could be worth looking at reasons why the sentinel field backed by TracSpamFilter does not stop (more) registration attempts. (Dirk?)

Yeah. I felt a bit lonely after going for it. May I have more thoughts on that proposal, please?

Last edited 2 years ago by hasienda (previous) (diff)

### comment:3 in reply to: ↑ 2 ; follow-ups: ↓ 4 ↓ 8 Changed 3 years ago by rjollos

we should simply enable acct_mgr.register.BotTrapCheck.

In fact BotTracCheck was already enabled, but it required a string for register_basic_token to go live - done. Could be worth looking at reasons why the sentinel field backed by TracSpamFilter does not stop (more) registration attempts. (Dirk?)

Thanks for that. I went through the registration process just now and I see the Parole field is active.

I'm not sure where the sentinel field backed by TracSpamFilter should take effect though, or what that is exactly. Is there a specific t:SpamFilter module to which you are referring?

Last edited 3 years ago by rjollos (previous) (diff)

### comment:4 in reply to: ↑ 3 ; follow-up: ↓ 5 Changed 3 years ago by stoecker

I'm not sure where the sentinel field backed by TracSpamFilter should take effect though, or what that is exactly. Is there a specific t:SpamFilter module to which you are referring?

Spamfilter adds multiple fields. Invisible fields which lead to downweighting when filled and a visible field which is only for text checks.

Nevertheless the spam filter is not optimal for the registration process, as there is not enough text for checks. So if the spammers aren't dumb enough to fill the invisible field and aren't on many IP blacklists there is not much which the filter can do.

But I don't see any "/register" calls in the spam log. Are you sure spamfilter is activated as a registration check?

P.S. I'd recommend updating the plugin.

### comment:5 in reply to: ↑ 4 Changed 3 years ago by rjollos

P.S. I'd recommend updating the plugin.

I tried to upgrade this evening:

The upgrade failed. Please fix the issue and try again.

InternalError: cannot drop table spamfilter_log because other objects depend on it
DETAIL:  view "spammer-ip-stats" depends on table spamfilter_log
HINT:  Use DROP ... CASCADE to drop the dependent objects too.

Last edited 3 years ago by rjollos (previous) (diff)

### comment:7 Changed 2 years ago by stoecker

As the checks still don't pass through to spamfilter, maybe you can give me admin rights to modify the Accountmanger settings myself, so I can correct the settings?

Last edited 23 months ago by rjollos (previous) (diff)

### comment:8 in reply to: ↑ 3 Changed 2 years ago by hasienda

I'm not sure where the sentinel field backed by TracSpamFilter should take effect though, or what that is exactly. Is there a specific t:SpamFilter module to which you are referring?

Yes. I've just added RegistrationFilterAdapter to 'register_check' option in [account-manager] section of our trac.ini. This shouldn't have taken so long, sorry.

### comment:9 Changed 2 years ago by stoecker

Probably the wiki should be checked and cleaned. There are many "dead-user" user pages which never where used. Some of them are clearly linkspam. The spam attacks for track-hacks don't slow down, so spammers probably still have active content somewhere (e.g. in history of pages). For properly clan pages usually they slow down when inactive. Any such spammy places need to be removed. !Google webmaster tools can help to find such cases when checking the links and search terms.

### comment:10 follow-up: ↓ 11 Changed 2 years ago by stoecker

It would be helpful, when I had the right to deleted users and wiki pages. When parsing the spam log some spammers are very obvious, but I can't delete the related users and user pages ATM.

### comment:11 in reply to: ↑ 10 Changed 2 years ago by hasienda

• Cc jun66j5 osimons otaku42 added; stoecker removed
• Trac Release set to 1.0

It would be helpful, when I had the right to deleted users and wiki pages. When parsing the spam log some spammers are very obvious, but I can't delete the related users and user pages ATM.

Thanks for your offer. I would be fine with giving Dirk the required permission. Other thoughts?

### comment:12 Changed 2 years ago by osimons

Thanks for offering to help out, stoecker! I'm OK with adding required permissions.

### comment:13 Changed 2 years ago by rjollos

Sounds good to me as well. I'll send a PM to everyone that includes some configuration details that I don't want to post here.

### comment:14 follow-up: ↓ 15 Changed 2 years ago by stoecker

Can you please update spamfilter-plugin to most recent version. I added a feature, which helps a lot especially here at trac hacks and also there have been some other updates.

P.S. Translations beside German need some attention :-) https://www.transifex.com/projects/p/Trac_Plugin-L10N/resource/spamfilter/

P.P.S. For JOSM I have a script which kills unwanted users from the database. Maybe you should setup the same here to get rid of spam users. Conditions could be:

• Last login more than 3 months ago or no login at all
• No edited pages (i.e. only the user page), tickets or checkins

Then delete user and user page. This probably will kill all spammers and also the users never active.

### comment:15 in reply to: ↑ 14 Changed 2 years ago by stoecker

Can you please update spamfilter-plugin to most recent version. I added a feature, which helps a lot especially here at trac hacks and also there have been some other updates.

If not done yet, also add python-oauth2, so Mollom can work.

### comment:16 Changed 2 years ago by rjollos

• Resolution set to fixed
• Status changed from new to closed

Thanks to contributions from everyone, especially Dirk and Steffen, we've cleaned out a lot of unused and spammer accounts and we can easily delete these as they appear. There is ongoing work to improve SpamFilterPlugin and AccountManagerPlugin (e.g. #12067 and #12054), but I don't see any open action items in this ticket. Please let me know if I've missed anything.

### comment:18 follow-up: ↓ 19 Changed 23 months ago by stoecker

Finally all old SPAM accounts I could detect are deleted. There are still some inconsistencies (i.e. more user pages than registered users), but I wont care for these.

### comment:19 in reply to: ↑ 18 ; follow-up: ↓ 20 Changed 23 months ago by rjollos

Finally all old SPAM accounts I could detect are deleted. There are still some inconsistencies (i.e. more user pages than registered users), but I wont care for these.

Thank you for doing all that work. I see in the database 1970 user accounts and 105 not used. I assume those 105 not used are potential spam accounts that haven't "timed-out" yet. I'm just curious, do you have an estimate of the number of accounts that were deleted?

I made a note to eventually go back and delete user pages that aren't linked to accounts. It probably won't be too hard to write a one-time-use script for the operation.

### comment:20 in reply to: ↑ 19 ; follow-up: ↓ 21 Changed 23 months ago by stoecker

Finally all old SPAM accounts I could detect are deleted. There are still some inconsistencies (i.e. more user pages than registered users), but I wont care for these.

Thank you for doing all that work. I see in the database 1970 user accounts and 105 not used. I assume those 105 not used are potential spam accounts that haven't "timed-out" yet. I'm just curious, do you have an estimate of the number of accounts that were deleted?

In the very beginning I posted numbers somewhere. Probably something like 4000 accounts have been deleted if I remember right.

I made a note to eventually go back and delete user pages that aren't linked to accounts. It probably won't be too hard to write a one-time-use script for the operation.

That's not so easy. I left all accounts which at least once changed anything except their own user-page. What I may have overlooked are user-pages which have been edited multiple times, but nothing else.

I don't know if these "default uninformative user-account pages" make much sense, but I believe that nearly all the remaining ones are from real persons (except I overlooked something obvious).

### comment:21 in reply to: ↑ 20 Changed 23 months ago by rjollos

I don't know if these "default uninformative user-account pages" make much sense, but I believe that nearly all the remaining ones are from real persons (except I overlooked something obvious).

Oh, okay. I had in my mind that they were "danglers" from cases that the account was deleted without deleting the user page, since the addition of implicit user page deletion was just recently added.

Last edited 23 months ago by rjollos (previous) (diff)