Bug #1853


Added by ryandesign over 1 year ago. Updated about 1 month ago.

General / Unspecified
Target version:
Start date:
Due date:
% Done:


Estimated time:



#1 Updated by gry over 1 year ago

Removed those linked. Any others?

Does this mean the spammers bypass, or sit all day entering manually, the captcha?

#2 Updated by ryandesign over 1 year ago

What alerted me to the problem was the notification I received when this comment was made:

Looks like you removed the link from that comment but left the comment, but I believe the comment itself is spam. It adds no value to the discussion, merely repeating things I already said in my report. All of the other comments this user left on other tickets contained spam links as well (which have now been removed), in addition to commentary that may or may not help with those tickets. So either this is a spammer paid to write plausible-sounding comments into which spam links are added, or it is a spam AI writing those comments, or your server is compromised and some process is adding spam links to existing valid comments.

But for example it doesn't seem likely to me that a normal human would suddenly add a comment to a 10-year-old bug report:

...a comment which has nothing to do with the bug report.

The only other comment that user left was:

(from which a spam link was removed) which was followed by another comment by a similarly-named user (from which a spam link was removed). This makes me think these are user accounts created for the purpose of spamming and every comment they've left anywhere should be deleted, along with the user accounts.

#3 Updated by mgorny over 1 year ago seems to be submitting GPT-generated spam (sigh).

#4 Updated by genius3000 about 1 year ago

  • Category set to General / Unspecified
  • Status changed from New to Assigned
  • Assignee set to Sputnick
  • Priority changed from Immediate to Urgent

Unfortunately there's quite a few "users" that are just spam, including what appears to be AI-generated spam replies.
I and most of the other contributors can't do anything about the users nor adjust permissions. We can only undo/delete spam.
I've just cleared out a good number of recent spam comments and threads, including some of the previously 'spam link removed' comments. Never ending game of whack-a-mole.

#5 Updated by ryandesign 11 months ago

Someone, whoever is responsible for administering this Trac instance, is able to do something about it. Possibilities include switching to a stronger captcha system; requiring the use of two-factor authentication; or deleting this Trac instance and replacing it with something that already includes such protections, such as GitHub issues/wiki.

Also available in: Atom PDF