[opensuse-wiki] Spammer and IP blocked

older
[opensuse-wiki] Maps implementation

Rémy Marquis

21 Jul 2010 21 Jul '10

13:22

(Forwarding my message from yesterday that wasn't publicly available - my mistake). Hi there, Please note I removed the block on the spammer I put this morning, as some people seem to be unable to use some features (image uploading and import/export pages). For some reason, a wide range of IP was blocked at the same time as the one belonging to the spammer. Not sure if this is a wiki bug, or a wiki admin bug :) We might re-add the block later if necessary. I also alerted Frank Sundermeyer about this issue. Regards, R. -- To unsubscribe, e-mail: opensuse-wiki+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-wiki+help@opensuse.org

Show replies by date

Marcus Meissner

21 Jul 21 Jul

13:24

On Wed, Jul 21, 2010 at 03:22:33PM +0200, Rémy Marquis wrote:

...

(Forwarding my message from yesterday that wasn't publicly available - my mistake).

Hi there,

Please note I removed the block on the spammer I put this morning, as some people seem to be unable to use some features (image uploading and import/export pages).

For some reason, a wide range of IP was blocked at the same time as the one belonging to the spammer. Not sure if this is a wiki bug, or a wiki admin bug :)

We might re-add the block later if necessary. I also alerted Frank Sundermeyer about this issue.

You cannot block IPs reliably, as you usually block the iChain Proxy IP, e.g. all users. Ciao, Marcus -- To unsubscribe, e-mail: opensuse-wiki+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-wiki+help@opensuse.org

Rémy Marquis

13:28

On Wed, Jul 21, 2010 at 3:24 PM, Marcus Meissner wrote:

...

You cannot block IPs reliably, as you usually block the iChain Proxy IP, e.g. all users.

Ciao, Marcus

Thanks for the info Markus, Now I know what we must *not* do. :] Any way of blocking spammers on wiki? R. -- To unsubscribe, e-mail: opensuse-wiki+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-wiki+help@opensuse.org

Marcus Meissner

13:38

On Wed, Jul 21, 2010 at 03:28:42PM +0200, Rémy Marquis wrote:

...

On Wed, Jul 21, 2010 at 3:24 PM, Marcus Meissner wrote:

...
You cannot block IPs reliably, as you usually block the iChain Proxy IP, e.g. all users.

Ciao, Marcus

Thanks for the info Markus,

Now I know what we must *not* do. :] Any way of blocking spammers on wiki?

I usually blocked spammers by username. Ciao, Marcus -- To unsubscribe, e-mail: opensuse-wiki+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-wiki+help@opensuse.org

Rémy Marquis

13:52

On Wed, Jul 21, 2010 at 3:38 PM, Marcus Meissner wrote:

...

I usually blocked spammers by username.

I'm still wondering why I didn't figure it out alone... :/ Sorry again for the trouble, R. -- To unsubscribe, e-mail: opensuse-wiki+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-wiki+help@opensuse.org

Tim Mohlmann

14:35

What would help against spammer is to secure the Create Account page. I don't know if we are talking about automated spam. But I just tried the following *Created account "Big-boobs-rock" (here we can put a trigger for a indecent username) *I did not have to confirm an e-mail before I got logged in. I just got redirected to main page, logged in as Big-boos-rock. *Now I can edit main page, since it is not secured or blocked, I inserted a comment line (just for this test, hidden for the public:  and saved. You see, 3 easy steps to get spam on the main page. No hold backs, nothing. This is very easy to set up a script to do the work for you. Yes, you can block user. By script it takes maybe 2 seconds to have a new one, maybe from a different spoofed host, and spam the Main Page again. Maybe we need, as a starter, this fuzzy images with a check number, which are use widely over internet sites where you can create a user account (eg gmail). Then, block the user for as long the e-mail is not confirmed yet. Below a copy from the mail I got from Novell: <quote> Novell Login Success‏ Van: Novell Account (webmaster@novell.com) Gemiddeld risicoDeze afzender ken je mogelijk niet.Markeren als veilig|Als ongewenst markeren Verzonden: woensdag 21 juli 2010 16:17:48 Aan: timmohlmann@hotmail.com (timmohlmann@hotmail.com) Thanks! The information you entered has been added to your Novell Login. You can change this at any time by clicking Edit My Profile from any Novell Login page. Click here to login now. http://www.novell.com/center Some portions of Novell.com and other sites sponsored by Novell require that your email be validated before you can access them. To validate your email address please do the following: 1) Click on this link https://secure-www.novell.com/selfreg/jsp/protected/validateEmail.jsp?code=x... 2) Login using your username and password. 3) Your email address will then be validated. Validation Code = xxxxxx Thank you, Novell Login Team </quote> Now, this is the part I'm interested in:

...

...
Some portions of Novell.com and other sites sponsored by Novell require that your email be validated before you can access them.

Maybe it is time we become part of this portions? Probably there is a deadline, but if there is, how much time? 24h? How much spam can an automated script produce in 24h? Just a simple test, which might improve our security ;). Off course the user can be deleted again. (and please don't block my IP ;)) Greets, Tim 2010/7/21 Rémy Marquis :

...

On Wed, Jul 21, 2010 at 3:38 PM, Marcus Meissner wrote:

...
I usually blocked spammers by username.

I'm still wondering why I didn't figure it out alone... :/

Sorry again for the trouble,

R. -- To unsubscribe, e-mail: opensuse-wiki+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-wiki+help@opensuse.org

-- To unsubscribe, e-mail: opensuse-wiki+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-wiki+help@opensuse.org

Henne Vogelsang

15:07

Hey, On 21.07.2010 16:35, Tim Mohlmann wrote:

...

*Created account "Big-boobs-rock" (here we can put a trigger for a indecent username) *I did not have to confirm an e-mail before I got logged in. I just got redirected to main page, logged in as Big-boos-rock. *Now I can edit main page, since it is not secured or blocked, I inserted a comment line (just for this test, hidden for the public:  and saved.

Now look at the frontpage. Your html comment is _only_ in the draft version. Only if someone approves that people will get to see it by default. So what more do we want? :) It's the perfect mixture of control and freedom to edit i think. Henne -- Henne Vogelsang, openSUSE. Everybody has a plan, until they get hit. - Mike Tyson -- To unsubscribe, e-mail: opensuse-wiki+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-wiki+help@opensuse.org

Tim Mohlmann

15:22

True,

...

Now look at the frontpage. Your html comment is _only_ in the draft version.

But still somebody has to revert the change.

...

Only if someone approves that people will get to see it by default.

This doesn't count for new pages, right? Drafts are also displayed to anyone having an acount. My wonderfull Big-boobs-rock user was also presented with a draft main_page -before- the edit.

...

So what more do we want? :)

I'm not pre-block main page, like suggested earlier in this thread, but Novell might make some more efforts, which are quite common today, to secure the creation of user account, not restricting it.

...

It's the perfect mixture of control and freedom to edit i think.

The draft concept is a good thing. For sure. But, what harm can a bit extra security bring? It does not restrict anybody and saves us from having to undo spam all the time. Greets, Tim 2010/7/21 Henne Vogelsang :

...

Hey,

On 21.07.2010 16:35, Tim Mohlmann wrote:

...
*Created account "Big-boobs-rock" (here we can put a trigger for a indecent username) *I did not have to confirm an e-mail before I got logged in. I just got redirected to main page, logged in as Big-boos-rock. *Now I can edit main page, since it is not secured or blocked, I inserted a comment line (just for this test, hidden for the public:  and saved.

Now look at the frontpage. Your html comment is _only_ in the draft version. Only if someone approves that people will get to see it by default. So what more do we want? :) It's the perfect mixture of control and freedom to edit i think.

Henne

-- Henne Vogelsang, openSUSE. Everybody has a plan, until they get hit. - Mike Tyson -- To unsubscribe, e-mail: opensuse-wiki+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-wiki+help@opensuse.org

-- To unsubscribe, e-mail: opensuse-wiki+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-wiki+help@opensuse.org

Henne Vogelsang

15:38

Hey, On 21.07.2010 17:22, Tim Mohlmann wrote:

...

True,

...
Now look at the frontpage. Your html comment is _only_ in the draft version.

But still somebody has to revert the change.

Sure.

...

...
Only if someone approves that people will get to see it by default.

This doesn't count for new pages, right?

An unreviewed page gets shown by default yes. But how do you spam without inserting a link to some page people actually visit? :)

...

Drafts are also displayed to anyone having an acount. My wonderfull Big-boobs-rock user was also presented with a draft main_page -before- the edit.

Nope, the edit button and the "Draft [view page]" lead to the draft page. By default always the stable content is shown. Thats the principle of flaggedrevs.

...

The draft concept is a good thing. For sure. But, what harm can a bit extra security bring?

Work :) Henne -- Henne Vogelsang, openSUSE. Everybody has a plan, until they get hit. - Mike Tyson -- To unsubscribe, e-mail: opensuse-wiki+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-wiki+help@opensuse.org

pistazienfresser (see profile)

25 Jul 25 Jul

13:36

On 21/07/10 17:38, Henne Vogelsang wrote:

...

Hey,

On 21.07.2010 17:22, Tim Mohlmann wrote:

...
True,

...
Now look at the frontpage. Your html comment is _only_ in the draft version.

But still somebody has to revert the change.

Sure.

...
...
Only if someone approves that people will get to see it by default.

This doesn't count for new pages, right?

An unreviewed page gets shown by default yes. But how do you spam without inserting a link to some page people actually visit? :) As I understand the problem that Tim has found:

Pages with links to malware or at least with real use for a openSUSE user could be made just on empty places (of deleted or not jet written pages) like: http://en.opensuse.org/Skype http://en.opensuse.org/openSUSE_11.3 http://en.opensuse.org/openSUSE_11.2 http://en.opensuse.org/openSUSE_11.2 http://en.opensuse.org/Installation_without_CD http://en.opensuse.org/SDB:DVD_installation/11.2 ... http://en.opensuse.org/index.php?title=Special%3ALog&type=delete&month=-1&hide_review_log=1 Especially in the cases in that there is no page existing now on the old URL of an article form the old en.opensuse.org - wiki and a bookmark of a user or Google, Bing, Yahoo, etc. are still directing to that URL. Greetings pistazienfresser -- - openSUSE profile: https://users.opensuse.org/show/pistazienfresser -- To unsubscribe, e-mail: opensuse-wiki+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-wiki+help@opensuse.org

pistazienfresser

21 Jul 21 Jul

16:08

On 21/07/10 17:07, Henne Vogelsang wrote:

...

Hey,

On 21.07.2010 16:35, Tim Mohlmann wrote:

...
*Created account "Big-boobs-rock" (here we can put a trigger for a indecent username) *I did not have to confirm an e-mail before I got logged in. I just got redirected to main page, logged in as Big-boos-rock. *Now I can edit main page, since it is not secured or blocked, I inserted a comment line (just for this test, hidden for the public:  and saved.

Now look at the frontpage. Your html comment is _only_ in the draft version. Only if someone approves that people will get to see it by default. So what more do we want? :) It's the perfect mixture of control and freedom to edit i think.

Yes, as I have written: the problem will be not so much the obvious Spammers. More in changing the innocent/empty http://www.Big-boos.com to http://www.Big-boobs.com (who has seen the difference in the two names in Tim's posting - I did only by the third look on it) That risk may be diminished by separating clearly external and internal links and telling where the link should lead too (http://lists.opensuse.org/opensuse-wiki/2010-07/msg00236.html). An other help for the potential "approver" and all potential "controllers" from the community may be social based rating tools like My WOT etc. But as I have written, too (but maybe not in capital bold letters as a how-to-do article): Please check regularly: 1) the unconfirmed changes: http://wiki.opensuse.org/Special:OldReviewedPages 2) your watchlist 2.1) that watchlist shall include the articles you edited and the corresponding discussion sides - you may change your settings or the default settings for all users Otherwise the freedom to edit something and the freedom to wait a view weeks for an approval while the content of an important article may be nonsense might frustrate (some) contributers and might cause confusion among the 'only-consumers'. See: http://forums.opensuse.org/english/get-help-here/install-boot-login/442070-c... Greetings pistazienfresser -------- Original Message -------- Subject: Re: [opensuse-wiki] Articles That Need Review [[Special:OldReviewedPage]] Date: Sun, 18 Jul 2010 18:39:06 +0200 From: pistazienfresser To: opensuse-wiki@opensuse.org On 18/07/10 18:34, pistazienfresser wrote:

...

Dear list, dear wiki-admins http://wiki.opensuse.org/index.php?title=Special:ListUsers&group=editor dear editors, dear reviewers !

For your interest: http://wiki.opensuse.org/Special:OldReviewedPages "[...] (22 days) [...]"

-- - openSUSE 11.2 with GNOME 2.28.2 (or KDE 4.3.5) and Kernel Linux 2.6.31.12-0.2-default (or pae, Ubuntu 10.4 LTS 'lucid' 2.6.33-22-genetic, MS Win XP) - Samsung X20 (SX20S) with Pentium M 740 (1730 MHz), Intel graphic 915GM, 1400x1050 - openSUSE profile: https://users.opensuse.org/show/pistazienfresser -- To unsubscribe, e-mail: opensuse-wiki+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-wiki+help@opensuse.org

Henne Vogelsang

13:39

Hey, On 21.07.2010 15:28, Rémy Marquis wrote:

...

On Wed, Jul 21, 2010 at 3:24 PM, Marcus Meissner wrote:

...
You cannot block IPs reliably, as you usually block the iChain Proxy IP, e.g. all users.

Ciao, Marcus

Thanks for the info Markus,

Now I know what we must *not* do. :] Any way of blocking spammers on wiki?

Block the user and not the IP. Henne -- Henne Vogelsang, openSUSE. Everybody has a plan, until they get hit. - Mike Tyson -- To unsubscribe, e-mail: opensuse-wiki+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-wiki+help@opensuse.org

5024

Age (days ago)

5028

Last active (days ago)

List overview

Download

11 comments

6 participants

participants (6)

Henne Vogelsang
Marcus Meissner
pistazienfresser
pistazienfresser (see profile)
Rémy Marquis
Tim Mohlmann