Currently the wiki is under heavy attack from a spammer. I''ve already rolled back lots of pages (correctly, I hope). Please have an eye on this, too. Michael -- Michael Schuerig The more it stays the same, mailto:michael-q5aiKMLteq4b1SvskN2V4Q@public.gmane.org The less it changes! http://www.schuerig.de/michael/ --Spinal Tap, The Majesty of Rock
On 7/12/05, Michael Schuerig <michael-q5aiKMLteq4b1SvskN2V4Q@public.gmane.org> wrote:> > Currently the wiki is under heavy attack from a spammer. I''ve already > rolled back lots of pages (correctly, I hope). Please have an eye on > this, too.About time to implement a CAPTCHA for posting. -- Jonas Elfström
> On 7/12/05, Michael Schuerig <michael-q5aiKMLteq4b1SvskN2V4Q@public.gmane.org> wrote: > > > > Currently the wiki is under heavy attack from a spammer. I''ve already > > rolled back lots of pages (correctly, I hope). Please have an eye on > > this, too. > > About time to implement a CAPTCHA for posting.How about, only accept posting from javascript links (or posting it with ajax), or embedding a link like "edit this article and your IP will be blocked for 30 minutes". Admittedly there may be some people who update the wiki from command lines? Are you out there?
On 7/11/05, Courtenay <court3nay-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:> embedding a link like "edit this article and your IP > will be blocked for 30 minutes".Note that this will block people trying to undo the spammer damage just as effectively as it blocks the spammer. not to mention it''ll really frustrate people trying to post legitimate content (I know slashdot''s 2 minute limit drives me nuts sometimes). Although I don''t like captchas, some other way of preventing spam is definitely necessary. -- Urban Artography http://artography.ath.cx
On 7/12/05, Rob Park <rbpark-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:> On 7/11/05, Courtenay <court3nay-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote: > > embedding a link like "edit this article and your IP > > will be blocked for 30 minutes". > > Note that this will block people trying to undo the spammer damage > just as effectively as it blocks the spammer. not to mention it''ll > really frustrate people trying to post legitimate content (I know > slashdot''s 2 minute limit drives me nuts sometimes). >no, an actual honeypot link spread throughout the wiki that says "don''t click this. it is a trap for automated agents" with an appropriate robots.txt entry to stop googlebot hitting it. we could even have some window.onload javascript to hide that link. - otherwise, a simple login system. logins are immediately authorized, and easy to set up, but you can remove all posts from that user (or series of users) with a single click. courtenay
* Courtenay <court3nay-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> [0737 09:37]:> On 7/12/05, Rob Park <rbpark-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote: > > On 7/11/05, Courtenay <court3nay-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote: > > > embedding a link like "edit this article and your IP > > > will be blocked for 30 minutes". > > > > Note that this will block people trying to undo the spammer damage > > just as effectively as it blocks the spammer. not to mention it''ll > > really frustrate people trying to post legitimate content (I know > > slashdot''s 2 minute limit drives me nuts sometimes). > > > > no, an actual honeypot link spread throughout the wiki that says > "don''t click this. it is a trap for automated agents" with an > appropriate robots.txt entry to stop googlebot hitting it. we could > even have some window.onload javascript to hide that link.when rubygarden got done over they tried this. you''re assuming wiki spammers are scripts, and generally they''re not, they''re very low paid humans. Look on ruby-talk for a good fix they implemented. -- ''Make people think you have an expensive car phone by calling them, asking them to repeat everything they say and then hanging up half way through their reply.'' -- Top Tips Rasputin :: Jack of All Trades - Master of Nuns
On 7/12/05, Courtenay <court3nay-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:> no, an actual honeypot link spread throughout the wiki that says > "don''t click this. it is a trap for automated agents" with an > appropriate robots.txt entry to stop googlebot hitting it. we could > even have some window.onload javascript to hide that link.Oh, my mistake, I was thinking the proposal was to limit all users to only being able to edit one page per 30 minutes. -- Urban Artography http://artography.ath.cx
> Currently the wiki is under heavy attack from a spammer. I''ve > already rolled back lots of pages (correctly, I hope). Please > have an eye on this, too.I must say, this is very frustrating... is anyone working on a solid solution for this? It seems most ipadresses resolve (with nslookup) to something in the *.rima-tde.net domain. A google on this, shows other projects having similar problems with this domain. --- Jeroen Janssen
This domain is the Spanish telephone monopoly, notorious over the years for providing the world with oodles of spammy badness. Unfortunately even other ISPs here use this domain, so banning it would lock out the entire country. Joshua On 7/13/05, Jeroen Janssen <japj-qWit8jRvyhVmR6Xm/wNWPw@public.gmane.org> wrote:> > Currently the wiki is under heavy attack from a spammer. I''ve > > already rolled back lots of pages (correctly, I hope). Please > > have an eye on this, too. > > I must say, this is very frustrating... is anyone working on a solid > solution for this? > > It seems most ipadresses resolve (with nslookup) to something in the > *.rima-tde.net domain. > A google on this, shows other projects having similar problems with this > domain. > --- > Jeroen Janssen > > _______________________________________________ > Rails mailing list > Rails-1W37MKcQCpIf0INCOvqR/iCwEArCW2h5@public.gmane.org > http://lists.rubyonrails.org/mailman/listinfo/rails >
On Jul 12, 2005, at 7:25 AM, Dick Davies wrote:> you''re assuming wiki spammers are > scripts, and generally they''re not, they''re very low paid humans.This does seem to make sense based on the frequency of the spam attacks. Although, you''d think spammers would find some way to automate their work. They can''t like clicking any more than we do. I still like the idea of providing a way to roll back all entries from a specific IP address. Perhaps also provide the ability to limit the time period. Seems a shame to lock everything down, I feel that''s one of the things that makes our wiki successful. Derek _______________________________________________ Rails mailing list Rails-1W37MKcQCpIf0INCOvqR/iCwEArCW2h5@public.gmane.org http://lists.rubyonrails.org/mailman/listinfo/rails
Can you greylist from given ip addys? On Jul 13, 2005, at 4:28 PM, Derek Gulbranson wrote:> On Jul 12, 2005, at 7:25 AM, Dick Davies wrote: > >> you''re assuming wiki spammers are >> scripts, and generally they''re not, they''re very low paid humans. > > This does seem to make sense based on the frequency of the spam > attacks. Although, you''d think spammers would find some way to > automate their work. They can''t like clicking any more than we do. > > I still like the idea of providing a way to roll back all entries > from a specific IP address. Perhaps also provide the ability to > limit the time period. Seems a shame to lock everything down, I > feel that''s one of the things that makes our wiki successful. > > Derek > _______________________________________________ > Rails mailing list > Rails-1W37MKcQCpIf0INCOvqR/iCwEArCW2h5@public.gmane.org > http://lists.rubyonrails.org/mailman/listinfo/rails >_______________________________________________ Rails mailing list Rails-1W37MKcQCpIf0INCOvqR/iCwEArCW2h5@public.gmane.org http://lists.rubyonrails.org/mailman/listinfo/rails
On 7/13/05, Derek Gulbranson <derek-fFfhg8q2ax8Be96aLqz0jA@public.gmane.org> wrote:> I still like the idea of providing a way to roll back all entries from a > specific IP address. Perhaps also provide the ability to limit the time > period. Seems a shame to lock everything down, I feel that''s one of the > things that makes our wiki successful.I like the idea of disabling anonymous edits, requiring logins, and then banning accounts that spam. If the spammers have to constantly register new accounts just to spam, they''d get tired of it I think ;) Also, you could implement a "disable this acount and revert all of it''s edits" action which would make it super easy to undo spam. -- Urban Artography http://artography.ath.cx
Greylisting each edit until someone from a pool of approved users whitelists it would be highly effective. On Jul 15, 2005, at 4:35 PM, Rob Park wrote:> On 7/13/05, Derek Gulbranson <derek-fFfhg8q2ax8Be96aLqz0jA@public.gmane.org> wrote: > >> I still like the idea of providing a way to roll back all entries >> from a >> specific IP address. Perhaps also provide the ability to limit the >> time >> period. Seems a shame to lock everything down, I feel that''s one >> of the >> things that makes our wiki successful. >> > > I like the idea of disabling anonymous edits, requiring logins, and > then banning accounts that spam. If the spammers have to constantly > register new accounts just to spam, they''d get tired of it I think ;) > > Also, you could implement a "disable this acount and revert all of > it''s edits" action which would make it super easy to undo spam. > > -- > Urban Artography > http://artography.ath.cx > _______________________________________________ > Rails mailing list > Rails-1W37MKcQCpIf0INCOvqR/iCwEArCW2h5@public.gmane.org > http://lists.rubyonrails.org/mailman/listinfo/rails >
On Fri, 15 Jul 2005, Toby Boudreaux wrote:> Greylisting each edit until someone from a pool of approved users > whitelists it would be highly effective. > > > On Jul 15, 2005, at 4:35 PM, Rob Park wrote: > > > I like the idea of disabling anonymous edits, requiring logins, and > > then banning accounts that spam. If the spammers have to constantly > > register new accounts just to spam, they''d get tired of it I think ;) > > > > Also, you could implement a "disable this acount and revert all of > > it''s edits" action which would make it super easy to undo spam.I like a combination of the above two approaches. -- _Deirdre web / blog: http://deirdre.net/ yarn: http://fuzzyorange.com cat''s blog: http://fuzzyorange.com/vsd/ "Memes are a hoax! Pass it on!"
I turned on mod_security and a bunch of filters to keep the spammers at bay. Please do report if you see new spam or if you get a "Precondition failed" error (that means the spam trap sprung). Hopefully this will help keep them at bay. At least until there''s focus to implement more vigilant methods. -- David Heinemeier Hansson http://www.loudthinking.com -- Broadcasting Brain http://www.basecamphq.com -- Online project management http://www.backpackit.com -- Personal information manager http://www.rubyonrails.com -- Web-application framework
Did we completely lose a lot of content? e.g. http://manuals.rubyonrails.com/read/chapter/48 Used to be populated with a great tutorial (I was working through it) but is now empty except for chapter and page names... On Jul 16, 2005, at 9:27 AM, David Heinemeier Hansson wrote:> I turned on mod_security and a bunch of filters to keep the spammers > at bay. Please do report if you see new spam or if you get a > "Precondition failed" error (that means the spam trap sprung). > > Hopefully this will help keep them at bay. At least until there''s > focus to implement more vigilant methods.-- John Athayde bobo-8WfjrGkLNeNByuSxxbvQtw@public.gmane.org Meticulous | www.meticulous.com (work) Rotoscope | www.rotoscope.com (sound: rock band) Boboroshi & Kynz | www.boboroshiandkynz.com (sound: electronic) Personal Weblog | www.boboroshi.com (play) "Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety." - Benjamin Franklin (1706-1790) Reply of the Pennsylvania Assembly to the Governor November 11, 1755 _______________________________________________ Rails mailing list Rails-1W37MKcQCpIf0INCOvqR/iCwEArCW2h5@public.gmane.org http://lists.rubyonrails.org/mailman/listinfo/rails