When using Trac with the Account Manager plugin as a public instance and with user registrations enabled, it won’t take long until you see a fair amount of spam registrations. While you can use email verification to avoid actual changes to your data (no edit privileges until mail address is verified), you will still have those inactive accounts in your system. Frequent cleanup takes time and is a cumbersome activity.
One potential measure is using the regular expression filter for mail addresses. Users with addresses not matching a specific regular expression will not be created, which means there is no need for later cleanup.
I just want to share an extendable regular expression for use in trac.ini. First, enable regular expression checking by adding „RegExpCheck“ to the following entry:
register_check = BasicCheck, EmailCheck, RegExpCheck, UsernamePermCheck, BotTrapCheck
Now, just disallow specific mail domains. I used to maintain these for the first two weeks or so and then spam registrations were significantly down / unsuccessful:
email_regexp = \S*@(?!((yahoo\.com)|(aol\.com)|(\S*\.org)|(\S*\.bg)|(\S*\.biz)|(\S*\.blog-stuff\.com)|(\S*\.br)|(\S*\.\S*\.com)|(\S*\.dk)|(\S*\.in)|(\S*\.info)|(\S*\.club)|(crossyroadhacks\.com)|(\S*\.eu)|(\S*\.hu)|(\S*\.net)|(\S*\.lv)|(\S*\.pl)|(\S*\.pw)|(\S*\.ru)|(\S*\.su)|(\S*\.top)|(\S*\.\S*\.de)|(\S*\.website)|(\S*mail\.com)|(outlook\.com)|(spamavert\.com)|(spambog\.com)|(mailcatch\.com)|(\S*\.us)|(\S*\.co\.uk)|(mailinator\.com)|(\S*\.xyz)|(yluxuryshomemn\.com)))\S*
Good luck!