Wow. Previously nothing of this magnitude has been encountered. Luckily
this crap is, afaik, invisible to normal users, because the pages are
linked to from anywhere (except the TitleIndex).
Based on the history of the spam pages the spammer(s) used many user
accounts, and the edits were spread over a period of over 32 hours at
least. Assuming bots have not found a way around the Google reCAPTCHA we
use in the registration webapp these are real human spammers.
Anyways, I'll turn on a bunch of other spam filtering services in Trac
today, then add a few more on Monday. I'll also get rid of this crap
after more spam filtering is in place.
I hope we can avoid the situation where all edits have to be made by
known-good people. Right now Wiki edits are disabled for everyone except
a select few.
Hi,
I turned on several new external content scanning spamfilters. In the
process I had to upgrade Trac and the Trac spam filtering plugin. We
used to only have Akismet, because we didn't really have any big spam
issues. Now we have all of these activated:
- Akismet (http://akismet.com/)
- Blogspam (http://blogspam.net/)
- StopForumSpam (http://stopforumspam.com/)
- BotScout (http://botscout.com/)
- Fspamlist (http://www.fspamlist.com/)
Based on spam monitoring and Trac logs the filters seem to work, but
we'd need actual spam attempts to prove that[*]. Right now the "karma"
setup on Trac is such that if one service thinks the content is spam
then the edit will be rejected. I also reduced the maximum number of
edits per IP to 5 per hour, and activated Google reCAPTCHA. I did not
see reCAPTCHAs, though, when doing ticket test edits, so it might only
apply to anonymous edits; in that case it would be useless for us.
There are a few other spam detection services which we can probably
activate later:
- Spamwipe (http://spamwipe.com/): registration does not work atm
- Mollom (http://mollom.com/)
I also did a mass removal of the spam Wiki pages (500+). The bastards
had contaminated some of our useful Wiki pages, but deducing which ones
was fairly easy given direct access to the database. I believe I managed
to delete all the contaminated revisions.
--
Samuli Seppänen
Community Manager
OpenVPN Technologies, Inc
irc freenode net: mattock
[*] I did not want my own IP to get added to various IP blacklists, so I
did not try "spamming" myself.
