If you develop projects and use Trac as a bug/issue tracker and you allow anyone to add/change tickets (like me), you will eventually find yourself attracting Trac Spam. Since I want to allow anyone to add tickets and add comments to tickets, I cannot simply disable anonymous comments.
There is no way to remove/change comments yet, but luckily the Trac project is working on it. See here!
At the moment, my only seems to be to remove the spam manually. Unfortunately, spam is added as comments to existing (and valid) tickets, so deleting tickets is not an option. To change it manually, I edit the database by hand.
First I locate the database, trac.db in project-dir/db. Then I use sqlite3 to open it. There is a table called ticket_change in which the comments are stored. To show all comments from ticket number 50, do this:
select * from ticket_change where ticket = 50;
If the spammer has used a unique username, you can also do this:
select * from ticket_change where author = "username";
Check if the query only returns spam comments, then change the query to delete them. You can also add more restrictions to make sure you only select the spam comments and not valid ones.
delete from ticket_change where author = "username";
This should remove the comments only.
Found out that you can also use http://trac.edgewall.org/wiki/SpamFilter to filter tickets/comments somewhat. Trying that now.