Re: [cgiapp] CGI::Application wiki page SettingDropDownValues updated by BryanSmith
On Thu, Oct 25, 2012 at 4:58 PM, Ron Savage r...@savage.net.au wrote: On 10/25/2012 10:51 AM, Brian Wightman wrote: Are we able to block this username (I know it won't be very effective) from doing any type of updates? Perhaps just bit-bucketing them or blacklisting the IP for a period of time? I believe we have, or can have, root access on the server where the site is hosted. So we have some options to block IPs at the OS or Apache level. On 26/10/12 02:01, Mark Stosberg wrote: AFAIK, some ISPs, including Amazon, share IPs among many users, so blocking an IP is contentious. I agree on the IP sharing concerns. When done, I have seen it happen for a limited time. I would still have a potential impact on legitimate edits. The application could be patched to ban this username as well. Could be done, but then he'd switch. I suggesting disabling edits unless the user name is on a list. Then there's the chance the abuser would see legit edits and impersonate that user... The suggestions I have seen so far (mine included) are easily circumvented. I am not certain how much coding is worth doing to only raise the bar to such a low level. If there is something to implement any of the username suggestions already present in the software, it might be worth turning on. Anything requiring additional coding for minimal return, IMO, is probably not worth the effort. Just my $0.02. --mlx # CGI::Application community mailing list #### ## To unsubscribe, or change your message delivery options, ## ## visit: http://www.erlbaum.net/mailman/listinfo/cgiapp## #### ## Web archive: http://www.erlbaum.net/pipermail/cgiapp/ ## ## Wiki: http://cgiapp.erlbaum.net/ ## ####
Re: [cgiapp] CGI::Application wiki page SettingDropDownValues updated by BryanSmith
Hi Mark, I'd be happy to volunteer. I'm about to disappear for a week with the family, but I'll ping you when I get back and see if a login is available. Regards, Mike If anyone is interested to work on it, I would be grateful, and see what can done about arranging appropriate access. # CGI::Application community mailing list #### ## To unsubscribe, or change your message delivery options, ## ## visit: http://www.erlbaum.net/mailman/listinfo/cgiapp## #### ## Web archive: http://www.erlbaum.net/pipermail/cgiapp/ ## ## Wiki: http://cgiapp.erlbaum.net/ ## ####
Re: [cgiapp] CGI::Application wiki page SettingDropDownValues updated by BryanSmith
On 10/25/2012 05:58 PM, Ron Savage wrote: Hi Mark On 26/10/12 02:01, Mark Stosberg wrote: On 10/25/2012 10:51 AM, Brian Wightman wrote: Are we able to block this username (I know it won't be very effective) from doing any type of updates? Perhaps just bit-bucketing them or blacklisting the IP for a period of time? I believe we have, or can have, root access on the server where the site is hosted. So we have some options to block IPs at the OS or Apache level. AFAIK, some ISPs, including Amazon, share IPs among many users, so blocking an IP is contentious. The application could be patched to ban this username as well. Could be done, but then he'd switch. I suggesting disabling edits unless the user name is on a list. Then there's the chance the abuser would see legit edits and impersonate that user... Ron, You are right on all points. That brings me to Plan B, which is perhaps over due: Start over the wiki using a new platform. It's due for a refresh anyway. I'm sure a lot of the content should use a review for updates, purging and adding, and the design is stale now as well. More modern choices have decent option for spam prevention built in. Mark # CGI::Application community mailing list #### ## To unsubscribe, or change your message delivery options, ## ## visit: http://www.erlbaum.net/mailman/listinfo/cgiapp## #### ## Web archive: http://www.erlbaum.net/pipermail/cgiapp/ ## ## Wiki: http://cgiapp.erlbaum.net/ ## ####
Re: [cgiapp] CGI::Application wiki page SettingDropDownValues updated by BryanSmith
Hi Mark On 27/10/12 01:27, Mark Stosberg wrote: On 10/25/2012 05:58 PM, Ron Savage wrote: Ron, You are right on all points. That brings me to Plan B, which is perhaps over due: Thanx. Start over the wiki using a new platform. It's due for a refresh anyway. I'm sure a lot of the content should use a review for updates, purging and adding, and the design is stale now as well. Are you thinking of a pre-existing system? -- Ron Savage http://savage.net.au/ Ph: 0421 920 622 # CGI::Application community mailing list #### ## To unsubscribe, or change your message delivery options, ## ## visit: http://www.erlbaum.net/mailman/listinfo/cgiapp## #### ## Web archive: http://www.erlbaum.net/pipermail/cgiapp/ ## ## Wiki: http://cgiapp.erlbaum.net/ ## ####
Re: [cgiapp] CGI::Application wiki page SettingDropDownValues updated by BryanSmith
Are we able to block this username (I know it won't be very effective) from doing any type of updates? Perhaps just bit-bucketing them or blacklisting the IP for a period of time? --mlx On Thu, Oct 25, 2012 at 9:47 AM, cgi...@erlbaum.net wrote: CGI::Application page http://cgi-app.org/index.cgi?SettingDropDownValuesedited by BryanSmith # CGI::Application community mailing list #### ## To unsubscribe, or change your message delivery options, ## ## visit: http://www.erlbaum.net/mailman/listinfo/cgiapp## #### ## Web archive: http://www.erlbaum.net/pipermail/cgiapp/ ## ## Wiki: http://cgiapp.erlbaum.net/ ## #### # CGI::Application community mailing list #### ## To unsubscribe, or change your message delivery options, ## ## visit: http://www.erlbaum.net/mailman/listinfo/cgiapp## #### ## Web archive: http://www.erlbaum.net/pipermail/cgiapp/ ## ## Wiki: http://cgiapp.erlbaum.net/ ## ####
Re: [cgiapp] CGI::Application wiki page SettingDropDownValues updated by BryanSmith
On 10/25/2012 10:51 AM, Brian Wightman wrote: Are we able to block this username (I know it won't be very effective) from doing any type of updates? Perhaps just bit-bucketing them or blacklisting the IP for a period of time? I believe we have, or can have, root access on the server where the site is hosted. So we have some options to block IPs at the OS or Apache level. The application could be patched to ban this username as well. If anyone is interested to work on it, I would be grateful, and see what can done about arranging appropriate access. Mark # CGI::Application community mailing list #### ## To unsubscribe, or change your message delivery options, ## ## visit: http://www.erlbaum.net/mailman/listinfo/cgiapp## #### ## Web archive: http://www.erlbaum.net/pipermail/cgiapp/ ## ## Wiki: http://cgiapp.erlbaum.net/ ## ####
Re: [cgiapp] CGI::Application wiki page SettingDropDownValues updated by BryanSmith
Hi Mark On 26/10/12 02:01, Mark Stosberg wrote: On 10/25/2012 10:51 AM, Brian Wightman wrote: Are we able to block this username (I know it won't be very effective) from doing any type of updates? Perhaps just bit-bucketing them or blacklisting the IP for a period of time? I believe we have, or can have, root access on the server where the site is hosted. So we have some options to block IPs at the OS or Apache level. AFAIK, some ISPs, including Amazon, share IPs among many users, so blocking an IP is contentious. The application could be patched to ban this username as well. Could be done, but then he'd switch. I suggesting disabling edits unless the user name is on a list. Then there's the chance the abuser would see legit edits and impersonate that user... If anyone is interested to work on it, I would be grateful, and see what can done about arranging appropriate access. Mark # CGI::Application community mailing list #### ## To unsubscribe, or change your message delivery options, ## ## visit: http://www.erlbaum.net/mailman/listinfo/cgiapp## #### ## Web archive: http://www.erlbaum.net/pipermail/cgiapp/ ## ## Wiki: http://cgiapp.erlbaum.net/ ## #### -- Ron Savage http://savage.net.au/ Ph: 0421 920 622 # CGI::Application community mailing list #### ## To unsubscribe, or change your message delivery options, ## ## visit: http://www.erlbaum.net/mailman/listinfo/cgiapp## #### ## Web archive: http://www.erlbaum.net/pipermail/cgiapp/ ## ## Wiki: http://cgiapp.erlbaum.net/ ## ####