All of the suggestions in this thread are viable options, although some will require more work than others:
* Changing the password: Trivial, easy to do * Blocking more IP's: Trivial, easy to do * Adding basic auth login: Requires sysadmin work + ongoing account admin * Adding adv. auth login: Requires perl or php coding + sysadmin work * Randomizing password: Requires a little perl coding * Randomized image: Requires more perl coding * Changing wiki's: Requires sysadmin work + lots of content conversion
I would be happy to change the password but I think that'll only be a temporary fix. Several people have admin access for banning IP's. I assume the IP's are already banned now; if not then we probably need more wiki admin's.
For the other options, if someone else has the time to do it, and is willing to do it within certain guidelines, that might give us a longer term fix.
I like Mental's idea of getting a better feel for what's going on, although honestly I sense that we're just in a war of escalation, so whatever we do, the spammers will catch up eventually.
FWIW, we're also getting a larger amount of spam to the mailing lists than normal; fortunately mailman catches most of it, so I just go through and discard it each morning. I don't know if this spam and the wiki spam are related, but it's curious that both got significantly worse within the last week or two.
Bryce
On Tue, 1 Feb 2005 mental@...3... wrote:
Quoting bulia byak <buliabyak@...400...>:
It looks like 82.194.62.17 and 193.188.105.16 automatically spam our wiki, they spammed pages minutes after my reversals. I reverted them several times, but then quit, so they're likely spammed again now.
Maybe it's time to change the password, make it random for each page, and less easy to extract from the text. And in any case, please ban those IPs.
I would be very curious to see what happened if we simply changed the password but left the IPs unbanned. Depending on how quickly (or if) the board is respammed that will give us some idea how the attack is being performed -- i.e.:
Is it parsing the page for the password?
Has the spamming software been manually adjusted for the site?
Are we being specifically targetted?
It might be nice to add a feature for "blackholing" IPs as well -- i.e. accept the submission, but log the attempt and don't update the actual wiki page.
I think collecting hints towards this information would be very helpful.
The point is that blindly making changes may not be the best use of resources; it's better to gather some intelligence about the specifics of the attack (rather than guessing) and focus our efforts accordingly.
-mental
This SF.Net email is sponsored by: IntelliVIEW -- Interactive Reporting Tool for open source databases. Create drag-&-drop reports. Save time by over 75%! Publish reports on the web. Export to DOC, XLS, RTF, etc. Download a FREE copy at http://www.intelliview.com/go/osdn_nl _______________________________________________ Inkscape-devel mailing list Inkscape-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/inkscape-devel