Re: Solution for the current bugzilla spam

Fri, 18 May 2007 00:10:23 -0700 

On Fri, 18 May 2007, Uwe Stöhr wrote:
could you forbid that people are allowed to attach material to bugzilla entries with the type "Text/HTML"? 

I agree with Uwe that this is an acceptable (although not ideal solution).


The one problem I can think of is what will happen if .lyx-files (or other 
text-files) are attached. A workaround could be to tell the reporter to 
embed the files in an .zip or .tgz.



This is in my opinion the safest way because blocking certain accounts 
has no effect as the bots automatically generates new ones.



Another alternative might be a password that we make public on the list. 
If possible, the dialog that pops up asking for the password should then 
say that you can ask the user's list for the password required to upload 
attachments.



Besides this I think I've read that the new bugzilla versions support 
spam blocking and we have a 5 year old bugzilla version currently 
running.



I think a new bugzilla version was released very recently, but I did a 
quick search on their web page and didn't at the time find anything about 
preventing this kind of spam.


AFAIK, this kind of spam is quite recent, i.e. it surfaced this spring.


I did a search for bugs that have attachments where the MIME of the 
attachment contains 'html' and got two bugs: 94 and 3113.

        http://bugzilla.lyx.org/show_bug.cgi?id=94
        http://bugzilla.lyx.org/show_bug.cgi?id=3113


Unfortunately I don't have permissions that allow me to edit the 
attachments. Here's a link to do the search, maybe it can be done better:


http://bugzilla.lyx.org/buglist.cgi?short_desc_type=allwordssubstr&short_desc=&long_desc_type=allwordssubstr&long_desc=&bug_file_loc_type=allwordssubstr&bug_file_loc=&keywords_type=allwords&keywords=&bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&emailtype1=substring&email1=&emailtype2=substring&email2=&bugidtype=include&bug_id=&votes=&changedin=120&chfieldfrom=&chfieldto=Now&chfieldvalue=&cmdtype=doit&order=Reuse+same+sort+as+last+time&field0-0-0=attachments.mimetype&type0-0-0=substring&value0-0-0=html

/Christian

--
Christian Ridderström, +46-8-768 39 44               http://www.md.kth.se/~chr





















					Reply via email to