[annodex-dev] trac.annodex.net cleanup

[Conrad Parker]

[apologies for the cross-posting]

Most of the spam on trac.annodex.net has been removed.
Anonymous users have been denied most editing permissions.
We reserve the right to kill or maim spammers.

DETAILS

Spam deletion was first practised on a staging server using a
quarantined replica of the trac.annodex.net database. Once the correct
techniques were developed, the staging server was set on fire and
destroyed. The following cleanup method was employed:

	* upgraded to the current version of Trac 0.10dev

	* removed the standard TracWiki pages (and all their spam history),
	then reset to default contents.

	* removed all attachments other than those attached to valid
	tickets (removed from the trac database, and from disk).

	* removed all spam-only tickets. This accounts for much of the
	most recent spam.

	* removed spam modifications to tickets #1 and #21. This is a
	fairly tedious process that can only be done by directly
	manipulating the database.

	* recovered the following prominent and much-spammed wiki pages:
	WikiStart, MozillaBrowserDevelopment, SphinxSpeechTranscription,
	CmmlWiki, HttpHeaders

	* deleted some wiki pages that only ever contained spam. Many more
	of these remain for easy picking ...

	* removed most editing permissions for anonymous users. Details
	below.

	* added most extra editing permissions for authenticated users.
	Details below.

DETAILS of DETAILS

Anonymous users are no longer allowed to create or modify wiki pages,
and are no longer allowed to create tickets. These were the most common
vectors for spam.

Users with write access to svn.annodex.net should log in before
accessing trac.annodex.net. Once authenticated, you will have access to
create and modify wiki pages, and to create and resolve tickets.

There is still quite a bit of spam buried in random wiki pages. If you
are an authenticated user, then you will have extra buttons to delete
a given version of a wiki page, or to delete the page entirely.

If you find a page that has only ever contained spam, feel free to delete
it.

The interface for rolling back versions is fairly slow, but effective.
At least it's better than editing the page contents manually. If you find
that the current version of a wiki page contains spam, then deleting just
that version will roll back to the previous version. It also seems to be
safe to delete intermediate versions of a page, ie. to delete spam from
earlier in the edit history. You may find it useful to check the
differences between versions via the 'Page History' link in the top right
corner of the page, in order to find changes hidden in wiki/html comment
tags.

Unfortunately the functions to remove spam that exist in newer versions
of Trac are not enough to remove all the spam that is/was on our site.
For example, using the Trac web interface there is no way to delete a
ticket, or to remove modifications that have been made to a ticket.
Removing such spam requires manual hacking of the trac database.

The need to clean tickets #1 and #21 mentioned above were fairly obvious
as the ticket summaries had been rewritten in Chinese. If you find a
ticket that contains spam modifications, please let me know as these can
only be cleaned by directly modifying the trac database. Similarly if
you find a ticket that is entirely spam, let me know the number and it
will be DELETED.

Perhaps once trac has developed a mechanism for authenticated users to
delete tickets and ticket changes (ie. to remove spam via the web
interface), we can again allow anonymous users to create tickets. Until
that time we will have to direct people to annodex-dev, and an existing
developer will need to at least create a basic ticket for the user to
add details to.

cheers (but no cheers for spammers),

Conrad.
 -> wearing the shirt of Trogdor, the Burninator.