Ban users

[Ryan J Ollos]

For the jQueryUI Trac site we are using SpamFilter with ​trac-github. trac-github replaces the LoginModule with GitHubLoginModule, allowing GitHub users to login to Trac using their accounts via the OAuth API.

I need to look more closely, but it probably makes sense to pass these users through the SpamFilter the first time they login.

Sometimes we encounter GitHub users that create spam. Is there a way to ban users by username, or would this need to be added either as a feature in SpamFilter or a SpamFilter extension in trac-github?

[Dirk Stöcker]

Banning users by username is not a SpamFilter issue. It should be a feature of trac-github.

It's a broken design first to allow a user login and then reject it later in the spam-filter. The right method is not to allow logins for these at all.

The whole idea of SpamFilter is to react if you do not know if a user/anonymous is a spammer or not.

Same with "pass these users through the SpamFilter the first time they login". Why the first time? As you don't have the additional registration checks which mainly allow to successfully filter "/register" calls you wont have any effect for github logins except you can give the spamfilter some spammy contents. E.g. if there is a github profile and it's spam, then a new spamfilter-adapter for registration may pass the account information as text for checks.

Otherwise you only can create an additional filter ignoring the passed data and which gives a slightly negative score for fresh git logins and reduces this to zero step by step for each login (like e.g. the session score does in the other direction).

This trac has no "othersoftware", so closing as "invalid".

All these idea are parts of trac-github and not of the spamfilter plugin.