Using Bugzilla to hide spam sites

Gervase Markham gerv at
Tue May 22 10:16:26 UTC 2007

Gervase Markham wrote:
> I'm not sure there's much we can do about this. The spammer obviously 
> took time to create an account - perhaps automatically, perhaps not. 
> Short of implementing Captchas for account signup, or refusing to 
> display HTML attachments as HTML, I can't see a counter.
> Thoughts?

Someone on my blog suggested requiring a login to view attachments. That 
seems to me like a possible solution.

We would need to make it so that, in this one particular case, you 
couldn't login automatically using URL parameters - otherwise the 
spammer would just use the login details for the account they used to 
upload the spam. We could do this by deleting the relevant parameter 
names before calling login().

Who would that inconvenience? Perhaps people who have automated systems 
which download Bugzilla attachments?


More information about the developers mailing list