Bug #1853
RAMPANT SPAM IN THIS ISSUE TRACKER
0%
Description
There is rampant spam in this issue tracker. New issues are being filed that have nothing to do with this project and include links to unrelated web sites. Comments are being added to old issues that add nothing of value to the discussion and include links to unrelated web sites.
Examples:
https://bugs.quassel-irc.org/issues/1820#note-1
https://bugs.quassel-irc.org/issues/1821#note-1
https://bugs.quassel-irc.org/issues/1822#note-1
https://bugs.quassel-irc.org/issues/1823#note-1
https://bugs.quassel-irc.org/issues/1825#note-1
https://bugs.quassel-irc.org/issues/1831#note-2
https://bugs.quassel-irc.org/issues/1842#note-1
https://bugs.quassel-irc.org/issues/1843#note-1
https://bugs.quassel-irc.org/issues/1846#note-4
https://bugs.quassel-irc.org/issues/1847
https://bugs.quassel-irc.org/issues/1848
https://bugs.quassel-irc.org/issues/1849#note-1
https://bugs.quassel-irc.org/issues/1850
https://bugs.quassel-irc.org/issues/1851
https://bugs.quassel-irc.org/issues/1852
It has been happening for months. Please remove all spam comments, remove all spamming users, and prevent new spamming users from being created.
History
#1 Updated by gry over 1 year ago
Removed those linked. Any others?
Does this mean the spammers bypass, or sit all day entering manually, the captcha?
#2 Updated by ryandesign over 1 year ago
What alerted me to the problem was the notification I received when this comment was made:
https://bugs.quassel-irc.org/issues/1582#note-1
Looks like you removed the link from that comment but left the comment, but I believe the comment itself is spam. It adds no value to the discussion, merely repeating things I already said in my report. All of the other comments this user left on other tickets contained spam links as well (which have now been removed), in addition to commentary that may or may not help with those tickets. So either this is a spammer paid to write plausible-sounding comments into which spam links are added, or it is a spam AI writing those comments, or your server is compromised and some process is adding spam links to existing valid comments.
But for example it doesn't seem likely to me that a normal human would suddenly add a comment to a 10-year-old bug report:
https://bugs.quassel-irc.org/issues/452#note-8
...a comment which has nothing to do with the bug report.
The only other comment that user left was:
https://bugs.quassel-irc.org/issues/1758#note-1
(from which a spam link was removed) which was followed by another comment by a similarly-named user (from which a spam link was removed). This makes me think these are user accounts created for the purpose of spamming and every comment they've left anywhere should be deleted, along with the user accounts.
#3 Updated by mgorny over 1 year ago
https://bugs.quassel-irc.org/users/7174 seems to be submitting GPT-generated spam (sigh).
#4 Updated by genius3000 over 1 year ago
- Category set to General / Unspecified
- Status changed from New to Assigned
- Assignee set to Sputnick
- Priority changed from Immediate to Urgent
Unfortunately there's quite a few "users" that are just spam, including what appears to be AI-generated spam replies.
I and most of the other contributors can't do anything about the users nor adjust permissions. We can only undo/delete spam.
I've just cleared out a good number of recent spam comments and threads, including some of the previously 'spam link removed' comments. Never ending game of whack-a-mole.
#5 Updated by ryandesign over 1 year ago
Someone, whoever is responsible for administering this Trac instance, is able to do something about it. Possibilities include switching to a stronger captcha system; requiring the use of two-factor authentication; or deleting this Trac instance and replacing it with something that already includes such protections, such as GitHub issues/wiki.