Re: [opensuse-project] SPAM on openSUSE wiki

classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: [opensuse-project] SPAM on openSUSE wiki

Christian Boltz-5
Hello,

TL;DR: the english wiki is temporarily read-only to stop spammers
(wiki admins can still do edits)

Am Freitag, 26. Februar 2016, 19:37:11 CET schrieb Christian Boltz:
> Am Freitag, 26. Februar 2016, 15:04:05 CET schrieb Henne Vogelsang:
> > Christian when you block people you can't tick the 'Automatically
> > block the last IP address used by this use' checkbox as this will
> > block the IP of the proxy in front of the wiki and hence every user.
>
> Oops, I wasn't aware of this detail :-(

Actually I abused this detail again - the massive spam attack continues,
and blocking the proxy IPs is the only way I have to stop the spam.

Yes, I'm aware that this will also block "good" edits. Sorry for that,
but even if someone sends me a mail with "can you please change $page to
$text", it's still faster than deleting 1000 more spam pages.
(Still, I'd like to ask you to do this only in really urgent cases ;-)


On releated news: I discussed available options to block the spammers
with Darix. The "Nuke" extension to mass-delete pages is already on the
staging wiki and should be available in the production wiki on monday.
We also have some ideas to prevent spam posts - more on this when it's
implemented.

Fun fact, in case someone wonders: blocking the spammers by username
means fighting windmills - they switch user accounts faster than I can
block them :-(  (yes, I tested this!)


Regards,

Christian Boltz
--
>> Could someone remove this requirement?
>I think you have to write a bugzilla.
While Villabajo still discusses which medium to use,
Villarriba has already submitted 304823.
[>> Volker Kuhlmann, > Carlos E. R. and Jan Engelhardt in opensuse-
factory]

--
To unsubscribe, e-mail: [hidden email]
To contact the owner, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: [opensuse-project] SPAM on openSUSE wiki

jcsl
Hi.

El sábado, 27 de febrero de 2016 0:33:27 (CET) Christian Boltz escribió:

> Hello,
>
> TL;DR: the english wiki is temporarily read-only to stop spammers
> (wiki admins can still do edits)
>
> Am Freitag, 26. Februar 2016, 19:37:11 CET schrieb Christian Boltz:
> > Am Freitag, 26. Februar 2016, 15:04:05 CET schrieb Henne Vogelsang:
> > > Christian when you block people you can't tick the 'Automatically
> > > block the last IP address used by this use' checkbox as this will
> > > block the IP of the proxy in front of the wiki and hence every user.
> >
> > Oops, I wasn't aware of this detail :-(
>
> Actually I abused this detail again - the massive spam attack continues,
> and blocking the proxy IPs is the only way I have to stop the spam.
>
> Yes, I'm aware that this will also block "good" edits. Sorry for that,
> but even if someone sends me a mail with "can you please change $page to
> $text", it's still faster than deleting 1000 more spam pages.
> (Still, I'd like to ask you to do this only in really urgent cases ;-)
>
>
> On releated news: I discussed available options to block the spammers
> with Darix. The "Nuke" extension to mass-delete pages is already on the
> staging wiki and should be available in the production wiki on monday.
> We also have some ideas to prevent spam posts - more on this when it's
> implemented.
>
> Fun fact, in case someone wonders: blocking the spammers by username
> means fighting windmills - they switch user accounts faster than I can
> block them :-(  (yes, I tested this!)
>
>
> Regards,
>
> Christian Boltz
>
> >> Could someone remove this requirement?
> >
> >I think you have to write a bugzilla.
>
> While Villabajo still discusses which medium to use,
> Villarriba has already submitted 304823.
> [>> Volker Kuhlmann, > Carlos E. R. and Jan Engelhardt in opensuse-
> factory]

The spammer strikes back...

Greetings.

--
To unsubscribe, e-mail: [hidden email]
To contact the owner, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: [opensuse-project] SPAM on openSUSE wiki

Christian Boltz-5
Hello,

Am Sonntag, 28. Februar 2016, 18:24:55 CET schrieb jcsl:
> The spammer strikes back...

Nice[tm].

It looks like the "same IP" blocks expire after a day or so - at least I
don't see anything in the log that indicates that someone actively
dropped those blocks.

At least the spam attack slowed down, so I didn't re-add the IP block
and hope the best ;-)

Oh, and the spammers managed to completely kill the history of
Help:Editing (by moving it around and then overwriting it with another
move?), so I just "enjoyed" restoring it from google cache :-/


Regards,

Christian Boltz
--
never touch a running system  ---->
for windows: never touch the keyboard of a running system

--
To unsubscribe, e-mail: [hidden email]
To contact the owner, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Aw: Re: [opensuse-wiki] Re: [opensuse-project] SPAM on openSUSE wiki

Sarah Julia Kriesch

Hello,

> Gesendet: Sonntag, 28. Februar 2016 um 19:54 Uhr
> Von: "Christian Boltz" <[hidden email]>
> An: [hidden email]
> Betreff: Re: [opensuse-wiki] Re: [opensuse-project] SPAM on openSUSE wiki
>
> Hello,
>
> Am Sonntag, 28. Februar 2016, 18:24:55 CET schrieb jcsl:
> > The spammer strikes back...
>
> At least the spam attack slowed down, so I didn't re-add the IP block
> and hope the best ;-)
They have to learn, that they can't do so much in the read-only mode. We have to wait now.
>
> Oh, and the spammers managed to completely kill the history of
> Help:Editing (by moving it around and then overwriting it with another
> move?), so I just "enjoyed" restoring it from google cache :-/
>
If they can damage something, we should ask our admins, whether they can use a dump and backup of the time before this attack.
We can look, how many normal contributions were added in the last days. If it wouldn't be so much (or anything), we can use all the data of the time before spaming.
You saied, it would be read-only now. So we can use backups, if something would be damaged.
>
> Regards,
>
> Christian Boltz
Best regards,
Sarah
--
To unsubscribe, e-mail: [hidden email]
To contact the owner, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: [opensuse-project] SPAM on openSUSE wiki

jcsl
In reply to this post by Christian Boltz-5
Hi.

El domingo, 28 de febrero de 2016 19:54:00 (CET) Christian Boltz escribió:
> At least the spam attack slowed down, so I didn't re-add the IP block
> and hope the best ;-)

Well, slow or not the attack doesn't end. I'd put the wiki in read only mode
until a solution is found. If they have broken pages they can do it again.

Greetings.
--
To unsubscribe, e-mail: [hidden email]
To contact the owner, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Aw: Re: [opensuse-wiki] Re: [opensuse-project] SPAM on openSUSE wiki

Christian Boltz-5
In reply to this post by Sarah Julia Kriesch
Hello,

Am Sonntag, 28. Februar 2016, 20:11:38 CET schrieb Sarah Julia Kriesch:
> Von: "Christian Boltz" <[hidden email]>
> > At least the spam attack slowed down, so I didn't re-add the IP
> > block
> > and hope the best ;-)
>
> They have to learn, that they can't do so much in the read-only mode.

Except if those blocks expire, and it seems they do.

> We have to wait now.

Yes, the real solution needs some help from the server admins - I don't
have write access to the config files.

> > Oh, and the spammers managed to completely kill the history of
> > Help:Editing (by moving it around and then overwriting it with
> > another move?), so I just "enjoyed" restoring it from google cache
> > :-/
> If they can damage something, we should ask our admins, whether they
> can use a dump and backup of the time before this attack. We can
> look, how many normal contributions were added in the last days. If
> it wouldn't be so much (or anything), we can use all the data of the
> time before spaming.

I know there were some "good" contributions between the spam flood - but
I wouldn't be surprised if it's faster to manually redo those on top of
the backup than reverting all spam changes.

Going back to a backup would have another advantage - no spam traces in
the delete log. (The spam is even in the page titles, and the titles
will stay in the delete log if we "just" delete them.)

The interesting[tm] part is to filter Special:RecentChanges for the
"good" changes - that will be like searching the needle in a *big*
haystack. At least the spam uses a pattern (US phone numbers) that we
can use to filter Special:RecentChanges automatically.

> You saied, it would be read-only now. So we can
> use backups, if something would be damaged.

It seems the "same IP" blocking [1] expires after a day, so the wiki
went out of read-only mode again. I re-added two blocks and they seem to
work - but they'll probably expire again.

The "real" read-only mode ($wgReadOnly) can only be set in the config
file, so that's something for the server admins.


Regards,

Christian Boltz

[1] All wiki traffic is routed through a set of  authentification proxies -
    for the wiki it looks like all visitors come from a handful of IPs
    (= the authentification proxies), and that allows to abuse the
    "same IP" blocking to block all edits. At least if I hit all proxy
    IPs ;-)

--
> Wer kennt eine gute Beschreibung, am besten in deutsch die die
> Installion und Einrichtung von mysql und php beschreibt?
> Bitte mehr als nur die Anwort: "Ich"
ok, kein problem. google. [>Marcel Stein u. Michael Meyer in suse-linux]

--
To unsubscribe, e-mail: [hidden email]
To contact the owner, e-mail: [hidden email]

Loading...