On 16 April 2013 16:34, Ryan Ollos <[email protected]> wrote: > On Thu, Apr 11, 2013 at 9:01 AM, Joachim Dreimann < > [email protected]> wrote: > > > [...] > > > > Can we pass a key or something similar along in the URL that allows users > > to anonymously create tickets? I'm aware that this is a potential avenue > > for spam bots, but I still firmly believe that spam bots are > > technical/management issues for us to solve, and we should not to > > discourage users with our prevention methods as we're doing at the > moment. > > > > Yes, I think that we should be concerned that our barrier to posting an > issue or other contribution may be too high at the moment. If I came to the > site and couldn't immediately register and create a ticket, I may go away > and never report the issue. >
I am very concerned by this and would probably do the same as you. In fact I may not even bother to register. If registration is required I usually look for a project twitter account and send them a tweet reporting the bug. If they reply to me with something like "Thanks, but we won't take action unless you resubmit via our website after registration" I know they value process over action and will avoid dealing with them in future. > > I'll look into what we might do and propose some additional suggestions as > part of the work on #503. > > The guys who setup trac-hacks felt that registration was even too high of a > barrier, so it's possible to create an anonymous ticket on that site. That > comes with other problems that I won't go into here, but I'll just say that > spam is not a significant problem on trac-hacks.org, even though we are > still running a very old version of SpamFilterPlugin. I monitor the RSS > feed for both trac-hacks.org and trac.edgewall.org and see only a dozen or > so instances of spam per week on each site; sometimes more, sometimes none. > Cleaning up the spam on the former doesn't take up much of my time - I just > spend a few minutes reviewing the RSS feed each morning and delete any spam > that has come through. > I also review ticket changes / user registrations for spam. I haven't seen any evidence of it in significant numbers. That includes spam registrations that our current system doesn't prevent. I would grant every new registration permissions to create and comment on tickets by default and try to catch out bots using some basic techniques that users would never see (ie no captcha). - Joe -- Joe Dreimann | *User Experience Designer* | WANdisco<http://www.wandisco.com/> @jdreimann <https://twitter.com/jdreimann>
