Basically a good idea, but it does not look like any of the addresses collected by Christoph are in any of the AHBL's block lists (just a random sampling though, didn't go through them all). From my own list, I tried five and got only one positive response. None of them were Tor nodes; I think they mostly are from zombie machines.
However, it's been estimated that the bigger botnets only control maybe 20,000 computers. So it might be possible to automatically gather a list of known wikispam addresses (and be subjected to a large number of DOS attempts after that :-). We would, in any case, need to develop the SpamFilter a bit more so that it could return multiple responses and trigger either a direct rejection or captcha. Not that it would be that difficult, I'm kinda working on it already. /Janne On Thu, Jan 03, 2008 at 11:12:27AM +0100, Fabian Haupt wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > I quickly looked over those addresses. Just dialup ranges. Maybe we > could use something like the abusive hosts blocking list[1] to identify > the evil ones? > > [1] http://www.ahbl.org/ > > Christoph Sauer wrote: > > No, not the same subnet. Here's a list I collected... > > > > <Valve className="org.apache.catalina.valves.RemoteAddrValve" > > allow="" deny="60.10.6.170, 60.32.219.68, 60.190.243.173, > > 60.190.240.76, i61.57.40.31, 66.46.148.201, 74.231.24.2, 80.71.135.2, > > i81.201.58.55, 83.236.135.140, 87.3.58.149, 122.214.180.254, 122.252.226.40, > > 161.200.255.162, 200.226.134.53, 201.12.178.33, 202.70.201.34, > > 203.69.39.251, 207.248.164, 207.248.164.199, 210.17.247.39, 210.73.88.144, > > 216.32.162.164, 211.7.138.14, 217.149.193.70, 218.58.136.4, 222.221.6.144, > > 222.190.96.196"/> > > > > -----Ursprüngliche Nachricht----- > > Von: Fabian Haupt [mailto:[EMAIL PROTECTED] > > Gesendet: Donnerstag, 3. Januar 2008 10:28 > > An: [email protected] > > Betreff: Re: The guy's back... > > > > Just a thought, but maybe he's using something like TOR? Are the IP > > addresses completely unrelated or more or less in the same subnet? If he > > just redialed his line, i figure they would. > > > > A thing we thought of as possibility to defend those, would be to allow > > tor-edits just through some captchas. So we wouldn't have to shut out > > tor-users completely, but had some control over spammers (assumed he > > really is using tor). > > > > But that's just something we came up for the wikipedia-vs-tor problem. > > > > Greets > > Fabian > > > > Janne Jalkanen wrote: > >>> Not sure if that's any help, but there'd be no counter to it unless > >>> the jerk was willing to edit a single page every ten minutes or so in > >>> some fashion that we couldn't identify as sub-human. > >> Spambots already do this. Here are the modification dates from the last > >> ten attempts by this guy. Each and everyone from a different IP address. > > > >> 2008-01-02 08:56:27 > >> 2008-01-02 13:36:48 > >> 2008-01-02 14:20:05 > >> 2008-01-02 15:46:48 > >> 2008-01-02 15:47:45 > >> 2008-01-02 23:54:31 > >> 2008-01-03 00:18:08 > >> 2008-01-03 00:37:03 > >> 2008-01-03 01:47:51 > >> 2008-01-03 06:49:43 > > > >> /Janne > > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v2.0.8 (GNU/Linux) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org > > iEYEARECAAYFAkd8tQsACgkQtC//DIQj2V8hzQCcCMMlqZi7UKgGTZKjpStiPE8J > lK0AoJX97BfMveOegUbkhy4FAVRo5qiA > =k2GV > -----END PGP SIGNATURE-----
