[pmwiki-users] DOS-Attacs and SPAM on action?edit
Patrick R. Michaud
pmichaud at pobox.com
Tue Dec 19 14:10:23 CST 2006
On Tue, Dec 19, 2006 at 07:19:05PM +0100, Laurent Meister wrote:
> Hello,
> we still have lot of attacs on the action=edit function. We blocked the
> libwww User-Agent, but it doesn't help. The User agent now is "Mozilla/4.0
> (compatible; MSIE 6.0; Windows NT 5.1; SV1; Maxthon)"
> Does any one has an idea? Our provider is still blocking the action=edit.
> This is not very helpful for a wiki.
What sort of answer are you looking for?
One possibility would be to change ?action=edit to a different name:
$HandleActions['real_edit'] = 'HandleEdit';
$HandleAuth['real_edit'] = 'edit';
and then change Site.PageActions or other links to use ?action=real_edit
instead of ?action=edit. For example:
$LinkPageCreateFmt =
"<a class='createlinktext' rel='nofollow'
href='{\$PageUrl}?action=real_edit'>\$LinkText</a><a rel='nofollow'
class='createlink' href='{\$PageUrl}?action=real_edit'>?</a>";
Then your provider could block ?action=edit while editing will still
get through. But if the robots are grabbing the ?action=edit links
from the site anyway, this won't really stop them as the robots
will then start using ?action=real_edit .
Sadly, it all depends on the nature of the robots that are
attacking your site. But any public-facing site that contains
links is going to end up having those links be activated by a robot
somewhere -- there's not much that can be done to prevent it.
Also, are you certain it's a DOS attack -- are all of the requests
coming from the same set of hosts? By way of comparison, here are
some statistics for pmwiki.org for December 18th (one day):
total number of requests with ?action=edit : 2,589
coming from Yahoo! Slurp : 183
coming from Googlebot : 87
number of unique hosts issuing ?action=edit : 478
maximum number of requests from
a single host (80.253.81.178) : 1,041
There are just some poorly-behaved systems on the web, and
afaict there's not a reliable method for separating the good
robots from the bad ones.
Pm
More information about the pmwiki-users
mailing list