Hi all
I thought it was good moment to give an update from the wiki spam fighting front. I performed a thorough check on the nature and type of the recent vandalism. It is actually quite possible that there is only a single vandal. Because there is no captcha system active, anybody with even very basic programming skills is able to make a simple bot in a few hours that allows automated account creation, uploading fake images and adding spam links. Luckily, all vandalism appears to come from a few specific but broad ranges of open proxies. The reason is that if a vandal is using the IP address he gets from his internet server provider, he gets quickly blocked. Even if he is lucky to have a very dynamic IP address, he generally runs out of available IP addresses quite soon. Therefore, if he is able to, a vandal can (and will) use badly configured open proxies to have a bigger impact. Anyhow, I first checked for the individual vandal IP addresses, which I blocked. After a while, I was able to detect a line in the vandalism and IPs used, so I was able to block a few relatively small /24 IP ranges. With information from wikipedia about known and dangerous or abused open proxy ranges, I finally blocked 5 quite wide IP ranges. As far as I can see, no genuine wiki edit is done from these ranges nor any genuine account created. Since the blocks, no vandal activity was seen. Hopefully this keeps on being the case.
Kind regards Kris
Thanks, Got your email been really busy haven't had a chance to reply, but just an FYI osuosl installed and setup http://www.mediawiki.org/wiki/Extension:ConfirmEdit too to help with spam. Thanks, Ian
On Fri, Nov 11, 2011 at 12:57 PM, Kris De Gussem <kris.degussem@...400...>wrote:
Hi all
I thought it was good moment to give an update from the wiki spam fighting front. I performed a thorough check on the nature and type of the recent vandalism. It is actually quite possible that there is only a single vandal. Because there is no captcha system active, anybody with even very basic programming skills is able to make a simple bot in a few hours that allows automated account creation, uploading fake images and adding spam links. Luckily, all vandalism appears to come from a few specific but broad ranges of open proxies. The reason is that if a vandal is using the IP address he gets from his internet server provider, he gets quickly blocked. Even if he is lucky to have a very dynamic IP address, he generally runs out of available IP addresses quite soon. Therefore, if he is able to, a vandal can (and will) use badly configured open proxies to have a bigger impact. Anyhow, I first checked for the individual vandal IP addresses, which I blocked. After a while, I was able to detect a line in the vandalism and IPs used, so I was able to block a few relatively small /24 IP ranges. With information from wikipedia about known and dangerous or abused open proxy ranges, I finally blocked 5 quite wide IP ranges. As far as I can see, no genuine wiki edit is done from these ranges nor any genuine account created. Since the blocks, no vandal activity was seen. Hopefully this keeps on being the case.
Kind regards Kris
RSA(R) Conference 2012 Save $700 by Nov 18 Register now http://p.sf.net/sfu/rsa-sfdev2dev1 _______________________________________________ Inkscape-devel mailing list Inkscape-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/inkscape-devel
participants (2)
-
Ian Caldwell
-
Kris De Gussem