[pmwiki-users] DOS-Attacs and SPAM on action?edit

Patrick R. Michaud pmichaud at pobox.com
Tue Dec 19 14:10:23 CST 2006


On Tue, Dec 19, 2006 at 07:19:05PM +0100, Laurent Meister wrote:
>    Hello,
>    we still have lot of attacs on the action=edit function. We blocked the
>    libwww User-Agent, but it doesn't help. The User agent now is "Mozilla/4.0
>    (compatible; MSIE 6.0; Windows NT 5.1; SV1; Maxthon)"
>    Does any one has an idea? Our provider is still blocking the action=edit.
>    This is not very helpful for a wiki.

What sort of answer are you looking for?

One possibility would be to change ?action=edit to a different name:

    $HandleActions['real_edit'] = 'HandleEdit';
    $HandleAuth['real_edit'] = 'edit';

and then change Site.PageActions or other links to use ?action=real_edit
instead of ?action=edit.  For example:

    $LinkPageCreateFmt =
      "<a class='createlinktext' rel='nofollow'
        href='{\$PageUrl}?action=real_edit'>\$LinkText</a><a rel='nofollow'
        class='createlink' href='{\$PageUrl}?action=real_edit'>?</a>";

Then your provider could block ?action=edit while editing will still
get through.  But if the robots are grabbing the ?action=edit links
from the site anyway, this won't really stop them as the robots
will then start using ?action=real_edit .

Sadly, it all depends on the nature of the robots that are
attacking your site.   But any public-facing site that contains
links is going to end up having those links be activated by a robot
somewhere -- there's not much that can be done to prevent it.

Also, are you certain it's a DOS attack -- are all of the requests
coming from the same set of hosts?  By way of comparison, here are
some statistics for pmwiki.org for December 18th (one day):

   total number of requests with ?action=edit   : 2,589
      coming from Yahoo! Slurp                  :   183
      coming from Googlebot                     :    87
   number of unique hosts issuing ?action=edit  :   478
   maximum number of requests from 
      a single host (80.253.81.178)             : 1,041

There are just some poorly-behaved systems on the web, and
afaict there's not a reliable method for separating the good
robots from the bad ones.

Pm




More information about the pmwiki-users mailing list