Axiom Developers, I am sorry but while I slept I see that the link spammers finally managed to break through. :( I guess my attempts over the last few days must have really irritated them...
To stop this attack I had to temporarily disable sendmail from axiom-developer.org. Delete the mail queue. Then I modified the spam filter to disallow all comments and edits containing external links. And restarted sendmail. Now things are back to normal, I think. Disabling external links means that http:// is no longer allowed in any comment. Links that are internal to the Axiom Wiki are still ok and can be written in the form: "link name":/xxx/yyy or as standard wiki names. I hope that is enough to hold them off for now. If it continues we could at least disable the notices from the Axiom Wiki and this would prevent the email part of the spam (but not the pollution of the web site). Or we may be forced (as a last resort) to only permit comments and edits by registered users which would of course defeat the main purpose of the wiki. Who ever did this seems to know what they are doing since it appears as if they have successfully spoofed a large number of different ip addresses in a kind of "deny of service" attack. Here is a list of the ip addresses used by whoever caused the most recent spam attack on Axiom Wiki. 125.131.171.215 125.7.33.74 193.170.68.244 200.17.89.80 200.242.249.70 200.3.183.52 200.35.89.157 200.71.62.6 201.147.158.52 201.155.170.232 201.52.4.158 202.110.217.130 202.68.151.116 203.128.5.37 203.158.215.2 210.111.191.107 210.87.251.41 211.113.242.88 211.162.0.131 211.168.194.31 211.173.149.116 211.177.83.80 211.186.170.244 211.195.242.221 211.199.92.168 211.210.36.234 211.213.114.26 211.216.169.71 211.219.155.41 211.221.207.78 211.247.92.76 211.48.66.198 211.62.70.97 212.138.113.12 212.138.113.16 212.9.224.211 213.140.56.3 213.249.155.231 216.207.123.200 217.113.234.7 217.56.108.227 218.11.207.244 218.113.240.98 218.128.16.116 218.152.81.59 218.16.121.26 219.136.249.79 219.240.91.191 220.121.133.210 220.121.153.109 220.126.1.182 220.82.189.124 220.85.41.91 220.89.68.166 220.95.73.118 221.13.66.161 221.142.178.181 221.147.115.15 221.153.14.37 222.104.77.104 222.105.70.230 222.108.109.21 222.238.39.79 58.235.225.18 58.74.245.219 58.76.178.142 59.150.212.199 59.15.50.100 59.4.4.84 61.103.229.60 61.109.90.189 61.18.195.245 61.185.219.235 61.248.150.105 61.35.129.226 61.35.225.92 61.35.66.84 61.41.231.149 61.52.97.61 61.74.139.240 72.2.18.19 80.50.243.250 80.50.82.90 ------- I don't see any immediate pattern in this list, so for now I must assume that these are bogus ip addresses. If they were real, we would have grounds to contact the people and companies to which these addresses are assigned. If anyone sees a pattern to this list of ip addresses please let me know. I apologize for the email pain. Regards, Bill Page. _______________________________________________ Axiom-developer mailing list [email protected] http://lists.nongnu.org/mailman/listinfo/axiom-developer
