Re: [OpenStack-Infra] Wiki.o.o sustaining spam attack

On 2016-03-28 11:36:44 +0200 (+0200), Thierry Carrez wrote: > Jeremy Stanley wrote: > >On 2016-03-25 10:51:57 -0700 (-0700), Elizabeth K. Joseph wrote: > >[...] > >>1. Spammer moved How_To_Contribute to a 555-5p4m-number-woo page > >>2. Spammer replaced the content with spam > >>3. SmitSpam

Re: [OpenStack-Infra] Wiki.o.o sustaining spam attack

Jeremy Stanley wrote: On 2016-03-25 10:51:57 -0700 (-0700), Elizabeth K. Joseph wrote: [...] 1. Spammer moved How_To_Contribute to a 555-5p4m-number-woo page 2. Spammer replaced the content with spam 3. SmitSpam deleted the page as spam [...] Great point, we need to be mindful of page moves

Re: [OpenStack-Infra] Wiki.o.o sustaining spam attack

On 2016-03-25 10:51:57 -0700 (-0700), Elizabeth K. Joseph wrote: [...] > 1. Spammer moved How_To_Contribute to a 555-5p4m-number-woo page > 2. Spammer replaced the content with spam > 3. SmitSpam deleted the page as spam [...] Great point, we need to be mindful of page moves too, so that does

Re: [OpenStack-Infra] Wiki.o.o sustaining spam attack

On Fri, Mar 25, 2016 at 6:51 AM, Jeremy Stanley wrote: > A quick search indicates we likely want a root sysadmin to run a > maintenance script[*] and purge the history of deleted pages. Keep > in mind this would be removing the history for any pages we've > deleted for any

Re: [OpenStack-Infra] Wiki.o.o sustaining spam attack

On Wed, Mar 23, 2016 at 07:04:59PM +, Jeremy Stanley wrote: > On 2016-03-23 13:05:48 +0800 (+0800), Tom Fifield wrote: > > So, *sigh*. I've been trying to use > > > > https://wiki.openstack.org/wiki/Special:Nuke > > > > to delete pages matching > > > > %1%800% (there are about 5000) > > >

Re: [OpenStack-Infra] Wiki.o.o sustaining spam attack

On 2016-03-23 13:05:48 +0800 (+0800), Tom Fifield wrote: > So, *sigh*. I've been trying to use > > https://wiki.openstack.org/wiki/Special:Nuke > > to delete pages matching > > %1%800% (there are about 5000) > > and it doesn't work :( > > Everything appears to be fine, but the pages don't get

Re: [OpenStack-Infra] Wiki.o.o sustaining spam attack

Jeremy Stanley wrote: On 2016-03-22 08:23:08 -0500 (-0500), JP Maxwell wrote: If anyone wants to approve this I am still happy to help. https://review.openstack.org/#/c/285641/1 Can you elaborate on how you intend to help which has to be done first with root access to the server (rather

Re: [OpenStack-Infra] Wiki.o.o sustaining spam attack

On 23/03/16 13:05, Tom Fifield wrote: On 23/03/16 11:19, Tom Fifield wrote: On 23/03/16 00:14, Paul Belanger wrote: On Tue, Mar 22, 2016 at 03:32:23PM +0800, Tom Fifield wrote: Hi all, I'm sad to say that: * spammers are back - 100-odd pages have gone in over the weekend

Re: [OpenStack-Infra] Wiki.o.o sustaining spam attack

On 23/03/16 11:19, Tom Fifield wrote: On 23/03/16 00:14, Paul Belanger wrote: On Tue, Mar 22, 2016 at 03:32:23PM +0800, Tom Fifield wrote: Hi all, I'm sad to say that: * spammers are back - 100-odd pages have gone in over the weekend https://wiki.openstack.org/wiki/Special:NewPages *

Re: [OpenStack-Infra] Wiki.o.o sustaining spam attack

On 23/03/16 00:14, Paul Belanger wrote: > On Tue, Mar 22, 2016 at 03:32:23PM +0800, Tom Fifield wrote: >> Hi all, >> >> >> I'm sad to say that: >> >> * spammers are back - 100-odd pages have gone in over the weekend >> https://wiki.openstack.org/wiki/Special:NewPages >> >> * Cleanup was

Re: [OpenStack-Infra] Wiki.o.o sustaining spam attack

On 2016-03-22 08:23:08 -0500 (-0500), JP Maxwell wrote: > If anyone wants to approve this I am still happy to help. > > https://review.openstack.org/#/c/285641/1 Can you elaborate on how you intend to help which has to be done first with root access to the server (rather than merely with the

Re: [OpenStack-Infra] Wiki.o.o sustaining spam attack

If anyone wants to approve this I am still happy to help. https://review.openstack.org/#/c/285641/1 I don't think you are ever going to be successful at blocking accounts or IPs. You must block the creation of the spam by the bots. IMHO focusing on improving the captcha or understanding the

Re: [OpenStack-Infra] Wiki.o.o sustaining spam attack

On Tue, Mar 22, 2016 at 03:32:23PM +0800, Tom Fifield wrote: > Hi all, > > > I'm sad to say that: > > * spammers are back - 100-odd pages have gone in over the weekend > https://wiki.openstack.org/wiki/Special:NewPages > > * Cleanup was ineffective, with many spam pages still existing on the

Re: [OpenStack-Infra] Wiki.o.o sustaining spam attack

On Tue, Mar 22, 2016 at 08:23:08AM -0500, JP Maxwell wrote: > If anyone wants to approve this I am still happy to help. > > https://review.openstack.org/#/c/285641/1 > Looking at the review, Jim would like to see more history of collaborting in git first. Which is a fair requirement. > I don't

Re: [OpenStack-Infra] Wiki.o.o sustaining spam attack

If anyone wants to approve this I am still happy to help. https://review.openstack.org/#/c/285641/1 I don't think you are ever going to be successful at blocking accounts or IPs. You must block the creation of the spam by the bots. IMHO focusing on improving the captcha or understanding the

Re: [OpenStack-Infra] Wiki.o.o sustaining spam attack

On Tue, Mar 22, 2016 at 03:32:23PM +0800, Tom Fifield wrote: > Hi all, > > > I'm sad to say that: > > * spammers are back - 100-odd pages have gone in over the weekend > https://wiki.openstack.org/wiki/Special:NewPages > > * Cleanup was ineffective, with many spam pages still existing on the

Re: [OpenStack-Infra] Wiki.o.o sustaining spam attack

Hi all, I'm sad to say that: * spammers are back - 100-odd pages have gone in over the weekend https://wiki.openstack.org/wiki/Special:NewPages * Cleanup was ineffective, with many spam pages still existing on the wiki (scroll through the NewPages link above) Regards, Tom On 28/02/16

Re: [OpenStack-Infra] Wiki.o.o sustaining spam attack

Ok, I'll be there. M. On Sat, Feb 27, 2016 at 5:15 PM Elizabeth K. Joseph wrote: > We'll be getting together on Monday around 1700 UTC to work through this > together in a debug session in #openstack-infra (I'm too sick this weekend, > plus we need a time when more

Re: [OpenStack-Infra] Wiki.o.o sustaining spam attack

Elizabeth I hope you feel better. Just FYI, this is going full force in IRC right now. I’ve bowed out as the approach I was suggesting didn’t get traction. I proposed to manually iterate on this to confirm precisely which change solves the spam problem. Once that has been identified we can revert

Re: [OpenStack-Infra] Wiki.o.o sustaining spam attack

We'll be getting together on Monday around 1700 UTC to work through this together in a debug session in #openstack-infra (I'm too sick this weekend, plus we need a time when more infra-root folks with the institutional knowledge are around). On Feb 27, 2016 05:37, "Marton Kiss"

Re: [OpenStack-Infra] Wiki.o.o sustaining spam attack

On phone but patch puppet-mediawiki and enable captcha for all pages. We only did edit and create On Feb 26, 2016 10:38 AM, Marton Kiss wrote: I see a ton of incoming post requests: POST

Re: [OpenStack-Infra] Wiki.o.o sustaining spam attack

Yeah, the Settings.php was overriden by the latest puppet run. We need to wait for some infra guys to approve my patches and make it permanent: https://review.openstack.org/285669 Disable standard password based auth https://review.openstack.org/285672 Disable mobile frontend M. On Sat, Feb 27,

Re: [OpenStack-Infra] Wiki.o.o sustaining spam attack

FYI. Still seeing the mobile view... J.P. Maxwell | tipit.net | fibercove.com On Feb 27, 2016 6:53 AM, "Marton Kiss" wrote: > Yes, applied them manually. Let's wait a few hours, and check for new spam > content / user accounts. > > M. > JP Maxwell

Re: [OpenStack-Infra] Wiki.o.o sustaining spam attack

Yes, applied them manually. Let's wait a few hours, and check for new spam content / user accounts. M. JP Maxwell (időpont: 2016. febr. 27., Szo, 13:50) ezt írta: > Cool. Are these applied? Any indication it has stopped the spam? Should we > clear out these non launchpad

Re: [OpenStack-Infra] Wiki.o.o sustaining spam attack

Cool. Are these applied? Any indication it has stopped the spam? Should we clear out these non launchpad accounts from the DB? J.P. Maxwell | tipit.net | fibercove.com On Feb 27, 2016 6:47 AM, "Marton Kiss" wrote: > And the mobile frontend will be disabled permanently

Re: [OpenStack-Infra] Wiki.o.o sustaining spam attack

And the mobile frontend will be disabled permanently with this patch: https://review.openstack.org/285672 Disable mobile frontend M. On Sat, Feb 27, 2016 at 1:39 PM Marton Kiss wrote: > I made some investigation, and it seems to be that the spam pages are > created by

Re: [OpenStack-Infra] Wiki.o.o sustaining spam attack

I made some investigation, and it seems to be that the spam pages are created by accounts registered with password accounts, and the launchpad openid auth is not affected at all. So the spam script is creating accounts like this: mysql> select * from user where user_name = 'CedricJamieson'\G;

Re: [OpenStack-Infra] Wiki.o.o sustaining spam attack

Hi, I created the following patch, infra cores must approve that: https://review.openstack.org/285641 Add ssh key of JP Maxwell to wiki.o.o Marton On Sat, Feb 27, 2016 at 6:41 AM JP Maxwell wrote: > Marton has SSH access and applied a patch earlier today. It appears the >

Re: [OpenStack-Infra] Wiki.o.o sustaining spam attack

Marton has SSH access and applied a patch earlier today. It appears the spam continues to flow: https://wiki.openstack.org/wiki/40_Thoughts_Of_Using_Open_Shelves_On_A_Kitchen Marton let me know if you can look at it some more or Infra if you want to give me SSH I'll do so as well in the morning

Re: [OpenStack-Infra] Wiki.o.o sustaining spam attack

Super thankful for all the folks that have jumped in over the last couple of days to help with the puppetization, etc... I just feel like we're taking a very wrong approach here. Paul Belanger wrote: Right, and I don't have an issue with that approach. Based on the work we did yesterday,

Re: [OpenStack-Infra] Wiki.o.o sustaining spam attack

A quick google indicates this may be an unrelated issue that should be fixed, but I don’t *think* it is related to the spam. J.P. Maxwell | tipit.net [http://tipit.net] | fibercove.com [http://www.fibercove.com] On Fri, Feb 26, 2016 at 11:56 AM, Marton Kiss wrote: I'm

Re: [OpenStack-Infra] Wiki.o.o sustaining spam attack

Yeah, I checked it and it is internal job runner: https://www.mediawiki.org/wiki/Manual:Job_queue M. On Fri, Feb 26, 2016 at 7:00 PM JP Maxwell wrote: > A quick google indicates this may be an unrelated issue that should be > fixed, but I don’t *think* it is related to the

Re: [OpenStack-Infra] Wiki.o.o sustaining spam attack

I'm going to get a dinner, but I'll be on irc after, so if I can help somehow, I will be here. #openstack-infra mrmartin M. On Fri, Feb 26, 2016 at 6:51 PM Paul Belanger wrote: > On phone but patch puppet-mediawiki and enable captcha for all pages. We > only did edit and

Re: [OpenStack-Infra] Wiki.o.o sustaining spam attack

On the wiki instance, my ssh access is working now. What I see in the logs are the continuous POST requests. M. On Fri, Feb 26, 2016 at 6:42 PM JP Maxwell wrote: > Marton > > Where are you seeing the logs? > > Paul > > The point is that to comment out a line in VI and watch the

Re: [OpenStack-Infra] Wiki.o.o sustaining spam attack

I see a ton of incoming post requests: POST /w/index.php?title=Special%3ARunJobs=jobs=1=1456508270=571cfb216f944b15d2eee1c0253d08b77003328e M. On Fri, Feb 26, 2016 at 6:35 PM Marton Kiss wrote: > Oh, I can login. So what we need? > > M. > > On Fri, Feb 26, 2016 at 6:33

Re: [OpenStack-Infra] Wiki.o.o sustaining spam attack

On Fri, Feb 26, 2016 at 11:29:31AM -0600, JP Maxwell wrote: > I think what Jimmy is referring to is what I was suggesting by removing the > extensions / making the question impossible to answer. Basically a series of > rapid fire changes while tailing the logs and seeing what stops the spam. >

Re: [OpenStack-Infra] Wiki.o.o sustaining spam attack

Oh, I can login. So what we need? M. On Fri, Feb 26, 2016 at 6:33 PM JP Maxwell wrote: > I think what Jimmy is referring to is what I was suggesting by removing > the extensions / making the question impossible to answer. Basically a > series of rapid fire changes while

Re: [OpenStack-Infra] Wiki.o.o sustaining spam attack

I think what Jimmy is referring to is what I was suggesting by removing the extensions / making the question impossible to answer. Basically a series of rapid fire changes while tailing the logs and seeing what stops the spam. Once you know what worked then you can submit as an official patch.

Re: [OpenStack-Infra] Wiki.o.o sustaining spam attack

On Fri, Feb 26, 2016 at 11:08:18AM -0600, Jimmy McArthur wrote: > Given the state of the wiki a the moment, I think taking the quickest path > to get it fixed would be prudent. Is there a way we can get JP root access > to this server, even temporarily? We get 25% of our website traffic (2 >

Re: [OpenStack-Infra] Wiki.o.o sustaining spam attack

Given the state of the wiki a the moment, I think taking the quickest path to get it fixed would be prudent. Is there a way we can get JP root access to this server, even temporarily? We get 25% of our website traffic (2 million visitors) to the wiki. I realize we're all after the same thing,

Re: [OpenStack-Infra] Wiki.o.o sustaining spam attack

On Fri, Feb 26, 2016 at 10:12:12AM -0600, JP Maxwell wrote: > But if you wanted to upgrade everything, remove the mobile view extension, > test in a dev/staging environment then deploy to production fingers > crossed, I think that would be a valid approach as well. > Current review up[1]. I'll

Re: [OpenStack-Infra] Wiki.o.o sustaining spam attack

But if you wanted to upgrade everything, remove the mobile view extension, test in a dev/staging environment then deploy to production fingers crossed, I think that would be a valid approach as well. J.P. Maxwell | tipit.net | fibercove.com On Feb 26, 2016 10:08 AM, "JP Maxwell"

Re: [OpenStack-Infra] Wiki.o.o sustaining spam attack

Plus one except in this case it is much easier to know if our efforts are working on production because the spam either stops or not. J.P. Maxwell | tipit.net | fibercove.com On Feb 26, 2016 9:48 AM, "Paul Belanger" wrote: > On Fri, Feb 26, 2016 at 09:18:00AM -0600, JP

Re: [OpenStack-Infra] Wiki.o.o sustaining spam attack

On Fri, Feb 26, 2016 at 09:18:00AM -0600, JP Maxwell wrote: > I really think you might consider the option that there is a vulnerability > in one of the extensions. If that is the case black listing IPs will be an > ongoing wild goose chase. > > I think this would be easily proven or disproven by

Re: [OpenStack-Infra] Wiki.o.o sustaining spam attack

I really think you might consider the option that there is a vulnerability in one of the extensions. If that is the case black listing IPs will be an ongoing wild goose chase. I think this would be easily proven or disproven by making the questy question impossible and see if the spam continues.

Re: [OpenStack-Infra] Wiki.o.o sustaining spam attack

On Thu, Feb 25, 2016 at 08:10:34PM -0800, Elizabeth K. Joseph wrote: > On Thu, Feb 25, 2016 at 6:35 AM, Jeremy Stanley wrote: > > On 2016-02-25 02:46:13 -0600 (-0600), JP Maxwell wrote: > >> Please be aware that you can now create accounts under the mobile > >> view in the wiki

Re: [OpenStack-Infra] Wiki.o.o sustaining spam attack

Marton Make sure you are using the right upstream repository. They are in version 1.25. Check out: https://wiki.openstack.org/wiki/Special:Version Not that it shouldn't all be upgraded ;) be aware there seem to be config file formatting differences in the latest version vs 1.25 as well. J.P.

Re: [OpenStack-Infra] Wiki.o.o sustaining spam attack

Is it an option to put the question back to an impossible answer for even a little while? I think it would be very telling if the spam continues then there may be an exploit possibly tied to the launchpad SSO. It would at least give a clue where to focus. J.P. Maxwell | tipit.net | fibercove.com

Re: [OpenStack-Infra] Wiki.o.o sustaining spam attack

On Thu, Feb 25, 2016 at 6:35 AM, Jeremy Stanley wrote: > On 2016-02-25 02:46:13 -0600 (-0600), JP Maxwell wrote: >> Please be aware that you can now create accounts under the mobile >> view in the wiki native user table. I just created an account for >> JpMaxMan. Not sure if

Re: [OpenStack-Infra] Wiki.o.o sustaining spam attack

On 2016-02-25 02:46:13 -0600 (-0600), JP Maxwell wrote: > Please be aware that you can now create accounts under the mobile > view in the wiki native user table. I just created an account for > JpMaxMan. Not sure if this matters but wanted to make sure you > were aware. Oh, yes I think having a

Re: [OpenStack-Infra] Wiki.o.o sustaining spam attack

Please be aware that you can now create accounts under the mobile view in the wiki native user table. I just created an account for JpMaxMan. Not sure if this matters but wanted to make sure you were aware. J.P. Maxwell | tipit.net | fibercove.com On Feb 24, 2016 6:16 PM, "Elizabeth K. Joseph"

Re: [OpenStack-Infra] Wiki.o.o sustaining spam attack

On Wed, Feb 24, 2016 at 12:50 PM, Paul Belanger wrote: > I've started updating our LocalSettings.pp based on we're talking about here. > We'll start with edit / create captcha then move to other pages if spaming > continues. We just landed a captcha change and I have

Re: [OpenStack-Infra] Wiki.o.o sustaining spam attack

On Wed, Feb 24, 2016 at 02:33:41PM -0600, JP Maxwell wrote: > It looks like you are using it (you can see it in the mobile login view), > but it is not being used once you are logged in: > > $wgGroupPermissions['user' ]['skipcaptcha'] = true; > > I think you need to remove the above

Re: [OpenStack-Infra] Wiki.o.o sustaining spam attack

On Wed, Feb 24, 2016 at 12:33 PM, JP Maxwell wrote: > It looks like you are using it (you can see it > in the mobile login view), but it is not being used once you are logged > in: > > $wgGroupPermissions['user' > ]['skipcaptcha'] = true; > > I think you need to remove the above

Re: [OpenStack-Infra] Wiki.o.o sustaining spam attack

It looks like you are using it (you can see it in the mobile login view), but it is not being used once you are logged in: $wgGroupPermissions['user' ]['skipcaptcha'] = true; I think you need to remove the above line. And add in the two below: $wgCaptchaTriggers['edit'] = true;

Re: [OpenStack-Infra] Wiki.o.o sustaining spam attack

On Mon, Feb 22, 2016 at 11:34 PM, JP Maxwell wrote: > OK - so per the info here, you have to set the type of Captcha and add in > editing and create page as triggers requiring Captcha. > > As an example to use QuestyCaptcha a the bottom of the LocalSettings.php > file: > >

Re: [OpenStack-Infra] Wiki.o.o sustaining spam attack

Understood on the issue tracker. As I've said before I love the automation dream. Let me know what we can do in the short term and long term. Cheers! J.P. Maxwell / tipit.net On Tue, Feb 23, 2016 at 11:46 AM, Elizabeth K. Joseph wrote: > On

Re: [OpenStack-Infra] Wiki.o.o sustaining spam attack

On Tue, Feb 23, 2016 at 9:33 AM, JP Maxwell wrote: > Thanks Elizabeth - good info - that document answers the questions of where > the code lives and how updates are performed. It would all require ssh > access to the server it seems, which I don’t have. Right, this is not the

Re: [OpenStack-Infra] Wiki.o.o sustaining spam attack

Thanks Elizabeth - good info - that document answers the questions of where the code lives and how updates are performed. It would all require ssh access to the server it seems, which I don’t have. I created an ether pad here: https://etherpad.openstack.org/p/wiki.openstack.org

Re: [OpenStack-Infra] Wiki.o.o sustaining spam attack

I did setup a wiki and have a look at this briefly. Can you confirm what extensions you are loading? When you setup the wiki it generates a localsettings.php file that lists the extensions: [image: Inline image 1] # Enabled Extensions. Most extensions are enabled by including the base

Re: [OpenStack-Infra] Wiki.o.o sustaining spam attack

On Tue, Feb 23, 2016 at 8:53 AM, JP Maxwell wrote: > Thanks Marton & Paul. > > Marton, however the infra community wants to handle the puppetization of the > local settings file is fine with me. It is a very typical PHP app. > Whatever is done we should have an easy path to

Re: [OpenStack-Infra] Wiki.o.o sustaining spam attack

Thanks Marton & Paul. Marton, however the infra community wants to handle the puppetization of the local settings file is fine with me. It is a very typical PHP app. Whatever is done we should have an easy path to update it. The MediaWiki version should also be updated to the latest version at

Re: [OpenStack-Infra] Wiki.o.o sustaining spam attack

On Tue, Feb 23, 2016 at 02:43:55PM +0800, Tom Fifield wrote: > Hi all, > > Spam pages now outnumber content pages on our wiki. > > I have stopped trying to keep up with deleting them, after putting in many, > many hours. > > > Is there any chance someone can make the configuration changes I

Re: [OpenStack-Infra] Wiki.o.o sustaining spam attack

It is using the openstack-infra's puppet-mediawiki module, and for first sight this setting seems to be unmanaged by puppet. I not found any related entries in system-config's wiki.pp. Would be great to ssh in, but just an infra core have access for this instance. Maybe we could replace rlane's

Re: [OpenStack-Infra] Wiki.o.o sustaining spam attack

Thanks Marton. So is there a Git repo for the code or are you just relying on an upstream wiki media repository directly? If so is this setting file populated by puppet or unmanaged? If the latter I would suggest we just ssh in and make the change to the file as the wiki is being effectively

Re: [OpenStack-Infra] Wiki.o.o sustaining spam attack

One final thought, I recall on the mobile view there is a secret word request in the account creation page: https://wiki.openstack.org/w/index.php?title=Special:UserLogin=signup=Main+Page=mobileaction%3Dtoggle_view_mobile%26welcome%3Dyes So, this is probably already setup. It's possible you

Re: [OpenStack-Infra] Wiki.o.o sustaining spam attack

Hah. Well, I'm not entirely sure how this is setup to manage code changes. I looked in GitHub and just see the puppet configs. Not sure where or how I could push changes into LocalSettings.php, otherwise I'd be happy to do it :D Gotta catch a little rest now, but will check in on this in a few

Re: [OpenStack-Infra] Wiki.o.o sustaining spam attack

Cheers, that's exactly what we need someone to do. On 23/02/16 15:34, JP Maxwell wrote: OK - so per the info here, you have to set the type of Captcha and add in editing and create page as triggers requiring Captcha. As an example to use QuestyCaptcha a the bottom of the LocalSettings.php

Re: [OpenStack-Infra] Wiki.o.o sustaining spam attack

OK - so per the info here, you have to set the type of Captcha and add in editing and create page as triggers requiring Captcha. As an example to use QuestyCaptcha a the bottom of the LocalSettings.php file: https://www.mediawiki.org/wiki/Extension:ConfirmEdit#QuestyCaptcha And make sure the

Re: [OpenStack-Infra] Wiki.o.o sustaining spam attack

Hi all, Spam pages now outnumber content pages on our wiki. I have stopped trying to keep up with deleting them, after putting in many, many hours. Is there any chance someone can make the configuration changes I posted a couple weeks back, as an emergency measure? * update Apache web

Re: [OpenStack-Infra] Wiki.o.o sustaining spam attack

> > > > Thanks for taking some time to look at this today! If we could find an > open source captcha option, that may be part of the solution. > > Do you think you might have some time to also look at the other > generalized Mediawiki proposals that Clint Byrum linked to earlier in > the thread? I

Re: [OpenStack-Infra] Wiki.o.o sustaining spam attack

On Mon, Feb 15, 2016 at 7:46 AM, Jeremy Stanley wrote: > On 2016-02-15 09:04:41 -0600 (-0600), JP Maxwell wrote: >> Tom, yes we can probably help. Do you want to ping me off list - >> need to get some more info about how it is setup / version >> controlled / deployed / etc. > >

Re: [OpenStack-Infra] Wiki.o.o sustaining spam attack

On 2016-02-15 09:04:41 -0600 (-0600), JP Maxwell wrote: > Tom, yes we can probably help. Do you want to ping me off list - > need to get some more info about how it is setup / version > controlled / deployed / etc. Our openstack_project::wiki class[1] calls into our mediawiki Puppet module[2].

Re: [OpenStack-Infra] Wiki.o.o sustaining spam attack

Tom, yes we can probably help. Do you want to ping me off list - need to get some more info about how it is setup / version controlled / deployed / etc. J.P. Maxwell | tipit.net [http://tipit.net] | fibercove.com [http://www.fibercove.com] On Mon, Feb 15, 2016 at 8:05 AM, Tom Fifield

Re: [OpenStack-Infra] Wiki.o.o sustaining spam attack

Is there anyone who can help with this? There's still a ton of spam going in, and manually cleaning it is a ton of effort. On 12/02/16 06:40, Tom Fifield wrote: OK, so, MediaWiki nas a nice manual on how to combat spam ( https://www.mediawiki.org/wiki/Manual:Combating_spam ) Would it be

Re: [OpenStack-Infra] Wiki.o.o sustaining spam attack

Excerpts from Tom Fifield's message of 2016-02-12 11:33:46 +0800: > Hi, > > Since about 11th January, wiki.o.o has been under attack by spammers. > > They're creating new pages at a rate of more than 50 a day, with titles > that hint at calling certain phone numbers for various services. As a

Re: [OpenStack-Infra] Wiki.o.o sustaining spam attack

On 2016-02-12 09:03:16 -0600 (-0600), JP Maxwell wrote: > I don't think it currently used open ID as far as I can see from the login > screen. Could be mistaken though :) > > https://drive.google.com/file/d/0B47GGpF8-_XHb2JFeUVHTG4tTU0/view?usp=docslist_api Wow! That's interesting. I wonder if

Re: [OpenStack-Infra] Wiki.o.o sustaining spam attack

Jeremy Stanley writes: > On 2016-02-12 09:03:16 -0600 (-0600), JP Maxwell wrote: >> I don't think it currently used open ID as far as I can see from the login >> screen. Could be mistaken though :) >> >>

Re: [OpenStack-Infra] Wiki.o.o sustaining spam attack

On Fri, Feb 12, 2016 at 9:34 AM, James E. Blair wrote: > I spot-checked three of the spammer accounts in the db; they had > launchpad OpenID accounts. As a data-point from Ubuntu-land, the Ubuntu wikis (MoinMoin, not MediaWiki, but also requiring Launchpad OpenID auth) have

Re: [OpenStack-Infra] Wiki.o.o sustaining spam attack

Ahh - gotcha - makes sense. Yes, it seems the mobile view wasn't modified to use open ID sso. Is it using an extension to accomplish this? There are a lot of auth extensions available ( https://www.mediawiki.org/wiki/Category:User_identity_extensions ). Or was it extended by hand? J.P.

Re: [OpenStack-Infra] Wiki.o.o sustaining spam attack

Jeremy Stanley writes: > On 2016-02-12 17:09:12 + (+), Jeremy Stanley wrote: >> Wow! That's interesting. I wonder if there's an auth hole in the >> mobile browser support in Mediawiki? If you try to log in with a >> normal browser it sends you to login.launchpad.net to

Re: [OpenStack-Infra] Wiki.o.o sustaining spam attack

OK, so, MediaWiki nas a nice manual on how to combat spam ( https://www.mediawiki.org/wiki/Manual:Combating_spam ) Would it be possible to get these implemented: * update Apache web server configuration to block all spammer IPs in lists available from www.stopforumspam.com . Alternate, use

Re: [OpenStack-Infra] Wiki.o.o sustaining spam attack

Excerpts from Tom Fifield's message of 2016-02-11 19:33:46 -0800: > Hi, > > Since about 11th January, wiki.o.o has been under attack by spammers. > > They're creating new pages at a rate of more than 50 a day, with titles > that hint at calling certain phone numbers for various services. As a

Re: [OpenStack-Infra] Wiki.o.o sustaining spam attack

It looks like this plugin is bundled with media wiki: https://m.mediawiki.org/wiki/Extension:ConfirmEdit Which offers various different types of captcha. It also looks like you might be using it (see: https://drive.google.com/file/d/0B47GGpF8-_XHTXFfR3RIbXozSDg/view?usp=docslist_api ). Maybe

[OpenStack-Infra] Wiki.o.o sustaining spam attack

Hi, Since about 11th January, wiki.o.o has been under attack by spammers. They're creating new pages at a rate of more than 50 a day, with titles that hint at calling certain phone numbers for various services. As a result, google has started de-ranking o.o :) If you look at