[opensuse-wiki] Re: [opensuse-project] SPAM on openSUSE wiki
Hello, TL;DR: the english wiki is temporarily read-only to stop spammers (wiki admins can still do edits) Am Freitag, 26. Februar 2016, 19:37:11 CET schrieb Christian Boltz:
Am Freitag, 26. Februar 2016, 15:04:05 CET schrieb Henne Vogelsang:
Christian when you block people you can't tick the 'Automatically block the last IP address used by this use' checkbox as this will block the IP of the proxy in front of the wiki and hence every user.
Oops, I wasn't aware of this detail :-(
Actually I abused this detail again - the massive spam attack continues, and blocking the proxy IPs is the only way I have to stop the spam. Yes, I'm aware that this will also block "good" edits. Sorry for that, but even if someone sends me a mail with "can you please change $page to $text", it's still faster than deleting 1000 more spam pages. (Still, I'd like to ask you to do this only in really urgent cases ;-) On releated news: I discussed available options to block the spammers with Darix. The "Nuke" extension to mass-delete pages is already on the staging wiki and should be available in the production wiki on monday. We also have some ideas to prevent spam posts - more on this when it's implemented. Fun fact, in case someone wonders: blocking the spammers by username means fighting windmills - they switch user accounts faster than I can block them :-( (yes, I tested this!) Regards, Christian Boltz --
Could someone remove this requirement? I think you have to write a bugzilla. While Villabajo still discusses which medium to use, Villarriba has already submitted 304823. [>> Volker Kuhlmann, > Carlos E. R. and Jan Engelhardt in opensuse- factory]
-- To unsubscribe, e-mail: opensuse-wiki+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-wiki+owner@opensuse.org
Hi. El sábado, 27 de febrero de 2016 0:33:27 (CET) Christian Boltz escribió:
Hello,
TL;DR: the english wiki is temporarily read-only to stop spammers (wiki admins can still do edits)
Am Freitag, 26. Februar 2016, 19:37:11 CET schrieb Christian Boltz:
Am Freitag, 26. Februar 2016, 15:04:05 CET schrieb Henne Vogelsang:
Christian when you block people you can't tick the 'Automatically block the last IP address used by this use' checkbox as this will block the IP of the proxy in front of the wiki and hence every user.
Oops, I wasn't aware of this detail :-(
Actually I abused this detail again - the massive spam attack continues, and blocking the proxy IPs is the only way I have to stop the spam.
Yes, I'm aware that this will also block "good" edits. Sorry for that, but even if someone sends me a mail with "can you please change $page to $text", it's still faster than deleting 1000 more spam pages. (Still, I'd like to ask you to do this only in really urgent cases ;-)
On releated news: I discussed available options to block the spammers with Darix. The "Nuke" extension to mass-delete pages is already on the staging wiki and should be available in the production wiki on monday. We also have some ideas to prevent spam posts - more on this when it's implemented.
Fun fact, in case someone wonders: blocking the spammers by username means fighting windmills - they switch user accounts faster than I can block them :-( (yes, I tested this!)
Regards,
Christian Boltz
Could someone remove this requirement?
I think you have to write a bugzilla.
While Villabajo still discusses which medium to use, Villarriba has already submitted 304823. [>> Volker Kuhlmann, > Carlos E. R. and Jan Engelhardt in opensuse- factory]
The spammer strikes back... Greetings. -- To unsubscribe, e-mail: opensuse-wiki+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-wiki+owner@opensuse.org
Hello, Am Sonntag, 28. Februar 2016, 18:24:55 CET schrieb jcsl:
The spammer strikes back...
Nice[tm]. It looks like the "same IP" blocks expire after a day or so - at least I don't see anything in the log that indicates that someone actively dropped those blocks. At least the spam attack slowed down, so I didn't re-add the IP block and hope the best ;-) Oh, and the spammers managed to completely kill the history of Help:Editing (by moving it around and then overwriting it with another move?), so I just "enjoyed" restoring it from google cache :-/ Regards, Christian Boltz -- never touch a running system ----> for windows: never touch the keyboard of a running system -- To unsubscribe, e-mail: opensuse-wiki+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-wiki+owner@opensuse.org
Hello,
Gesendet: Sonntag, 28. Februar 2016 um 19:54 Uhr Von: "Christian Boltz" <opensuse@cboltz.de> An: opensuse-wiki@opensuse.org Betreff: Re: [opensuse-wiki] Re: [opensuse-project] SPAM on openSUSE wiki
Hello,
Am Sonntag, 28. Februar 2016, 18:24:55 CET schrieb jcsl:
The spammer strikes back...
At least the spam attack slowed down, so I didn't re-add the IP block and hope the best ;-) They have to learn, that they can't do so much in the read-only mode. We have to wait now.
Oh, and the spammers managed to completely kill the history of Help:Editing (by moving it around and then overwriting it with another move?), so I just "enjoyed" restoring it from google cache :-/
If they can damage something, we should ask our admins, whether they can use a dump and backup of the time before this attack. We can look, how many normal contributions were added in the last days. If it wouldn't be so much (or anything), we can use all the data of the time before spaming. You saied, it would be read-only now. So we can use backups, if something would be damaged.
Regards,
Christian Boltz
Best regards, Sarah -- To unsubscribe, e-mail: opensuse-wiki+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-wiki+owner@opensuse.org
Hello, Am Sonntag, 28. Februar 2016, 20:11:38 CET schrieb Sarah Julia Kriesch:
Von: "Christian Boltz" <opensuse@cboltz.de>
At least the spam attack slowed down, so I didn't re-add the IP block and hope the best ;-)
They have to learn, that they can't do so much in the read-only mode.
Except if those blocks expire, and it seems they do.
We have to wait now.
Yes, the real solution needs some help from the server admins - I don't have write access to the config files.
Oh, and the spammers managed to completely kill the history of Help:Editing (by moving it around and then overwriting it with another move?), so I just "enjoyed" restoring it from google cache :-/ If they can damage something, we should ask our admins, whether they can use a dump and backup of the time before this attack. We can look, how many normal contributions were added in the last days. If it wouldn't be so much (or anything), we can use all the data of the time before spaming.
I know there were some "good" contributions between the spam flood - but I wouldn't be surprised if it's faster to manually redo those on top of the backup than reverting all spam changes. Going back to a backup would have another advantage - no spam traces in the delete log. (The spam is even in the page titles, and the titles will stay in the delete log if we "just" delete them.) The interesting[tm] part is to filter Special:RecentChanges for the "good" changes - that will be like searching the needle in a *big* haystack. At least the spam uses a pattern (US phone numbers) that we can use to filter Special:RecentChanges automatically.
You saied, it would be read-only now. So we can use backups, if something would be damaged.
It seems the "same IP" blocking [1] expires after a day, so the wiki went out of read-only mode again. I re-added two blocks and they seem to work - but they'll probably expire again. The "real" read-only mode ($wgReadOnly) can only be set in the config file, so that's something for the server admins. Regards, Christian Boltz [1] All wiki traffic is routed through a set of authentification proxies - for the wiki it looks like all visitors come from a handful of IPs (= the authentification proxies), and that allows to abuse the "same IP" blocking to block all edits. At least if I hit all proxy IPs ;-) --
Wer kennt eine gute Beschreibung, am besten in deutsch die die Installion und Einrichtung von mysql und php beschreibt? Bitte mehr als nur die Anwort: "Ich" ok, kein problem. google. [>Marcel Stein u. Michael Meyer in suse-linux]
-- To unsubscribe, e-mail: opensuse-wiki+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-wiki+owner@opensuse.org
Hi. El domingo, 28 de febrero de 2016 19:54:00 (CET) Christian Boltz escribió:
At least the spam attack slowed down, so I didn't re-add the IP block and hope the best ;-)
Well, slow or not the attack doesn't end. I'd put the wiki in read only mode until a solution is found. If they have broken pages they can do it again. Greetings. -- To unsubscribe, e-mail: opensuse-wiki+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-wiki+owner@opensuse.org
participants (3)
-
Christian Boltz -
jcsl -
Sarah Julia Kriesch