List Info

Thread: Intelligent Moinmoin wiki spam bot
Intelligent Moinmoin wiki spam bot
user name
 2007-02-18 20:08:21 
For everyone running Moinmoin, you should be aware that I've
had both of my
wiki's hit by a spam bot that is smart enough to generate a
Moinmoin account
first, before spamming the wiki.  My standard bar was just
to restrict
writing to logged in Users, which apparently isn't good
enough any more.

All the spam attacks are coming from 219.88.157.53 (some .nz
host).  If you
don't check for RecentChanges frequently, you may want to
check into it now.

	-Sean

-- 
____________________________________________________________
______

Sean Dague                                       Mid-Hudson
Valley
sean at dague dot net                            Linux Users
Group
http://dague.net             
                   http://mhvlug.org

There is no silver bullet.  Plus, werewolves make better
neighbors
than zombies, and they tend to keep the vampire population
down.
____________________________________________________________
______

------------------------------------------------------------
-------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the
chance to share your
opinions on IT & business topics through brief
surveys-and earn cash
http://www.techsay.com/default.
php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
Moin-user mailing list
Moin-userlists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/moin-user
Re: Intelligent Moinmoin wiki spam bot
country flaguser name
Japan		 2007-02-18 20:27:44 
Sean Dague wrote:
> For everyone running Moinmoin, you should be aware that
I've had both of my
> wiki's hit by a spam bot that is smart enough to
generate a Moinmoin account
> first, before spamming the wiki.  My standard bar was
just to restrict
> writing to logged in Users, which apparently isn't good
enough any more.
> 
> All the spam attacks are coming from 219.88.157.53
(some .nz host).  If you
> don't check for RecentChanges frequently, you may want
to check into it now.

FYI - I've seen an increase lately in spam attacks on my
MoinMoin sites.
I don't know if it's from this spambot or not (the attacks
aren't from 
that IP address).  However, just so people can be on the
lookout, here
are the two methods of attack I've seen:

1) I've had a logged-in user (I assume from an automatically
generated
account) attaching ".html" files to pages that
they newly created.
The html files are full of links to bad sites.  I have now
disallowed
uploading .html files on my site.

2) I've seen lots of new accounts created, with links to bad
sites
placed in the "subscribed_pages" attribute of the
user account.  I'm
not sure how this field is then advertised to the spammer's
advantage.
Right now I'm just deleting accounts with weird junk in that
field,
but I may automate rejecting or removing such things in the
future.

Anyhow, I just thought I'd mention this so people are aware
of these
attack methods.
  -- Tim

=============================
Tim Bird
Architecture Group Chair, CE Linux Forum
Senior Staff Engineer, Sony Electronics
=============================


------------------------------------------------------------
-------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the
chance to share your
opinions on IT & business topics through brief
surveys-and earn cash
http://www.techsay.com/default.
php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
Moin-user mailing list
Moin-userlists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/moin-user
Re: Intelligent Moinmoin wiki spam bot
user name
 2007-02-19 20:28:41 
On 2/18/07, Tim Bird wrote:
>  I have now disallowed
> uploading .html files on my site.
How did you do that? I can find no information on it.

-- Gnarlie
http://Gnarlodious.com/

------------------------------------------------------------
-------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the
chance to share your
opinions on IT & business topics through brief
surveys-and earn cash
http://www.techsay.com/default.
php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
Moin-user mailing list
Moin-userlists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/moin-user
[1-3]

about | contact  Other archives ( Real Estate discussion Medical topics )