RE: [GRASS5] [bug #792] (grass) Get Financlial FREEDOM!! Earn $$$ with little effort!!!

Fernandez-Victorio_A · August 24, 2001, 7:29am

Hi:

From time to time we receive spam through the bugtracker. The last one:
    >-----Mensaje original-----
    >De: Request Tracker [mailto:grass-bugs@intevation.de]
    >Enviado el: jueves 23 de agosto de 2001 23:16
    >Para: grass5@grass.itc.it
    >Asunto: [GRASS5] [bug #792] (grass) Get Financlial
FREEDOM!! Earn $$$
    >with little effort!!!
    >
    >
    >this bug's URL:
http://intevation.de/rt/webrt?serial_num=792

---------------------------------------------------------------

    >----------
    >

$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$

>$$$$$$$$$$$$$$$
>$$$ MAKE MONEY - QUICK AND SIMPLY - YOU'RE IN FULL CONTROL
-

[...]

A few days ago, somebody explained us why:

    >-----Mensaje original-----
    >De: Request Tracker [mailto:grass-bugs@intevation.de]
    >Enviado el: miércoles 1 de agosto de 2001 11:16
    >Para: grass5@geog.uni-hannover.de
    >Asunto: [GRASS5] [bug #777] (grass) Your WebRT is open to
the Intenet
    >and...
    >
    >
    >this bug's URL:
http://intevation.de/rt/webrt?serial_num=777

---------------------------------------------------------------

    >----------
    >
    >Subject: Your WebRT is open to the Intenet and...
    >
    >..you come up as the number one search for WebRT on
google.com
    >
    >Are you sure you want the world to be able to see your
ticket queues?
    >
    >Kind regards

In other words. If you search "WebRT" on http://www.google.com the first
entry is the grass queue. And you can post a message, (spam or not) without
any problem.

People are not using bugtracker to send spam. When you use bugtracker, you
usually post other fields. (And of course could be forced). E.g.
    Platform: Linux/Intel
    Linux distro: Mandrake
    linux cpu: Intel (i486, i586, pentium ...)
    Xwindows version: X Accellerated Server
    Xwindows manager: black box
    TclTk version: tcl/tk 8.4
    grass downloaded at: Mirror of Hannover site
    grass binary for platform: Linux/Intel binaries

So they are using the "google and WebRT" way. I don't know anything about
WebRT. So, is it possible to "close" the queue and keep it open bugtracker?.
Is there any new version of WebRT that solves it?

Kind regards:

Gonzalo

Bernhard_Reiter · August 24, 2001, 1:58pm

Gonzalo:

The open to the internet mail relates to that
everybody can see the bug-tickets. It is deliberatly.
This is not the reaspon for getting the spam.
One reason is that the GRASS bug-tracker is famous because of the
importance GRASS project.

That anybody can open a ticket also is deliberatly and is abused sometimes.
There is no perfect way to put an end to this.
We have several methods in the queue which we can implement
to make it harder to send span this way.
For the time being we will have to live with the tradeoff that
it can be abused. The benefits of an open bug-tracker are much higher.

On Fri, Aug 24, 2001 at 09:29:10AM +0200, "Fernández-Victorio Arévalo, Gonzalo" wrote:

>From time to time we receive spam through the bugtracker. The last one:

>this bug's URL:
http://intevation.de/rt/webrt?serial_num=792

A few days ago, somebody explained us why:
>Asunto: [GRASS5] [bug #777] (grass) Your WebRT is open to
the Intenet

>Are you sure you want the world to be able to see your
ticket queues?

In other words. If you search "WebRT" on http://www.google.com the first
entry is the grass queue. And you can post a message, (spam or not) without
any problem.

People are not using bugtracker to send spam. When you use bugtracker, you
usually post other fields. (And of course could be forced). E.g.
    Platform: Linux/Intel
    Linux distro: Mandrake
    linux cpu: Intel (i486, i586, pentium ...)
    Xwindows version: X Accellerated Server
    Xwindows manager: black box
    TclTk version: tcl/tk 8.4
    grass downloaded at: Mirror of Hannover site
    grass binary for platform: Linux/Intel binaries

So they are using the "google and WebRT" way. I don't know anything about
WebRT. So, is it possible to "close" the queue and keep it open bugtracker?.

Yes. It would close the possibility of everybody not registered to
contribute tickets and to the ticket histories by email.

Is there any new version of WebRT that solves it?

No, because it is a problem in the construct of a bug-tracker not a
problem of this implementation.

Bernhard

--
Professional Service around Free Software (intevation.net)
The FreeGIS Project (freegis.org)
Association for a Free Informational Infrastructure (ffii.org)
FSF Europe (fsfeurope.org)

Glynn_Clements · August 24, 2001, 5:06pm

Bernhard Reiter wrote:

The open to the internet mail relates to that
everybody can see the bug-tickets. It is deliberatly.
This is not the reaspon for getting the spam.
One reason is that the GRASS bug-tracker is famous because of the
importance GRASS project.

That anybody can open a ticket also is deliberatly and is abused sometimes.
There is no perfect way to put an end to this.
We have several methods in the queue which we can implement
to make it harder to send span this way.
For the time being we will have to live with the tradeoff that
it can be abused. The benefits of an open bug-tracker are much higher.

If the mail server has a facility for spam filtering, one option would
be to reject any messages which don't contain the string "grass"
somewhere in the body (or subject, but you'd have to check *before*
the server adds the "(grass) " prefix).

--
Glynn Clements <glynn.clements@virgin.net>