On 2016-05-03 06:56, Samuli Seppänen wrote:
Hi,
I turned on several new external content scanning spamfilters. In the
process I had to upgrade Trac and the Trac spam filtering plugin. We
used to only have Akismet, because we didn't really have any big spam
issues. Now we have all of these activated:
- Akismet (http://akismet.com/)
- Blogspam (http://blogspam.net/)
- StopForumSpam (http://stopforumspam.com/)
- BotScout (http://botscout.com/)
- Fspamlist (http://www.fspamlist.com/)
Based on spam monitoring and Trac logs the filters seem to work, but
we'd need actual spam attempts to prove that[*]. Right now the
"karma"
setup on Trac is such that if one service thinks the content is spam
then the edit will be rejected. I also reduced the maximum number of
edits per IP to 5 per hour, and activated Google reCAPTCHA. I did not
see reCAPTCHAs, though, when doing ticket test edits, so it might
only
apply to anonymous edits; in that case it would be useless for us.
There are a few other spam detection services which we can probably
activate later:
- Spamwipe (http://spamwipe.com/): registration does not work atm
- Mollom (http://mollom.com/)
I also did a mass removal of the spam Wiki pages (500+). The bastards
had contaminated some of our useful Wiki pages, but deducing which
ones
was fairly easy given direct access to the database. I believe I
managed
to delete all the contaminated revisions.
Hi,
I setup urlwatch to watch the "Recent changes" page every ten minutes:
<https://community.openvpn.net/openvpn/wiki/RecentChanges>
Adding, deleting or modifying a Wiki page will now trigger an email
notification. The attack such as the last one would have triggered a
huge number of emails and would have allowed us respond much faster.
The
Trac front page has been successfully monitored for a long while,
resulting in removal of quite a bit of attachment spam. Notifications
to
Trac tickets are already sent to #openvpn-devel IRC channel, so that
part is covered already.
Right now the notification emails go only to me, but sending them to
additional people would improve our response time. I don't expect a
huge
number of emails, even though RecentChanges page will see more
activity
than Wikistart.
Let me know if you want to help monitor the Wiki and I'll add your
email
to the urlwatch list.
It seems that the spam attack continued well into last Saturday evening
in the ticketing system. One last(?) attempt was made yesterday and
then
things went silent. Fortunately the mix of new spam filters seemed to
block all the latest attempts properly. There was also one legitimate
edit which got through without issues.
Today I added Mollom filter to the mix to provide additional
protection.
I also started training the built-in Bayesian filter to make things
even
more difficult for spammers.
--
Samuli Seppänen
Community Manager
OpenVPN Technologies, Inc
This article sheds some light on what we're seeing - at least we're not
alone in the world. ;)
https://blog.malwarebytes.org/cybercrime/2015/04/tech-support-spam-plague-linkedin-and-other-high-traffic-sites/
Eric Crist
