Justin Forder wrote:
Justin Forder wrote:
There are ~1821 pages on the Wiki, and ~1171 have been updated in
January. An Anonymous Coward with IP address 87.248.161.196 changed at
least 783 pages (I and others have probably corrected some of his/her
work) between 14:18 and 16:21 on 13th January. That's more than one
page every 10 seconds, on average. It's not feasible for normal Wiki
users to detect and correct this volume of change by hand.
On the 14th someone posing as the Instiki Importer, but with IP
address 82.131.14.155, made a smaller number of changes. I have
reversed those (actually now I see I missed one on the 14th, and that
there were a couple of changes from that address on the 12th).
There are now 744 spammed pages out of 1835. The oldest is 10th January
(it's possible that there was spam before that which has now been
removed). The spam is still coming, but slowly now.
The spammer at IP address 82.131.14.155 has just changed from posing as
Instiki Importer to posing as *me*! (This is the guy whose changes I
reversed at the weekend.)
For the record, any changes I make are from 217.169.11.194.
The spam I have seen is very uniform in its nature. Scanning for its
signature and automatically rolling back the changes would be easy on
the server side - it's much slower and more laborious from the client.
I have been tending to edit rather than roll back, as earlier versions
turned out to contain spam in a large number of cases. Editing
requires a little care - the div containing the spam links is usually
right at the end of the useful content, but sometimes it isn't, and
sometimes it's truncated. Some have !OK! in front of the div, and some
don't.
Spam signatures:
1) <div id="wiki1883" style="overflow:auto; height: 1px; ">
This has all its URLs in the pp.ru domain, expressed like this:
![ innocent nude | http://innocent-nude.corp-option.pp.ru ]
2) !OK!<div style="overflow:auto; height: 1px; ">
This has URLs in many different domains, expressed like this:
<a href="http://www.u-blog.net/xzfat/";>fat hairy ladies </a>
Both share the style="overflow:auto; height: 1px; ", which is what I
used to arrive at the figure of 744 spammed pages given above.
There are 27 instances of <div id="wiki1883" - these have been coming
back in the last couple of days after I removed nearly all of them at
the weekend. The person placing these works slowly - a page a minute or
slower.
There are 728 instances of !OK! - some of these have already had the
associated div removed. Some pages have both styles of spam.
The !OK! guy works fast but hasn't been active since the 13th. January.
the LighttpdConfig page was causing a Rails Application Error until I
rearranged the <pre> and <code> tags to nest properly - and to get to
an Edit page required manually typing in the URL to create a new
version. The RailsAcademy, and the Tutorial pages are in a similar state.
Both the RailsAcademy and Tutorial pages came back to life after I took
the spam out. I don't think there are any broken pages left... but it
would be good to get rid of pages with titles like:
on%0D%0AContent-Type%3A+text%2Fplain%3B+charset%3D%22us-ascii%22%0D%0AMIME-Version%3A+1.0%0D%0AContent-Transfer-Encoding%3A+7bit%0D%0ASubject%3A+forenoon%2C+from+the+early+morning%2C+the+square%0D%0Abcc%3A+charleslegbe%40aol.com%0D%0A%0D%0Aa6499b8075b6f8f4da1e7ae3545f7f51%0D%0A.
This is disheartening to read. I cannot imagine any person who would
want to deface a community site like this, but nonetheless there are
obviously people who don't share the same standards.
This definitely needs to be fixed. I know I mentioned that I like the
number generated image that people have to type in, and for reasons that
Justin pointed out in a private email it won't work for 100% people and
it doesn't solve 100% of the issues.
What other solutions could be done to fix this or severely slow this down?
Zach
_______________________________________________
Rails-core mailing list
Rails-core@lists.rubyonrails.org
http://lists.rubyonrails.org/mailman/listinfo/rails-core
