Using Bugzilla to hide spam sites
gerv at mozilla.org
Tue May 22 10:16:26 UTC 2007
Gervase Markham wrote:
> I'm not sure there's much we can do about this. The spammer obviously
> took time to create an account - perhaps automatically, perhaps not.
> Short of implementing Captchas for account signup, or refusing to
> display HTML attachments as HTML, I can't see a counter.
Someone on my blog suggested requiring a login to view attachments. That
seems to me like a possible solution.
We would need to make it so that, in this one particular case, you
couldn't login automatically using URL parameters - otherwise the
spammer would just use the login details for the account they used to
upload the spam. We could do this by deleting the relevant parameter
names before calling login().
Who would that inconvenience? Perhaps people who have automated systems
which download Bugzilla attachments?
More information about the developers