[pmwiki-users] what to do in case of massive spam ?

Simon nzskiwi at gmail.com
Tue Mar 22 15:20:23 CDT 2016


Petko

thanks for all the work you do having to clean/tidy this all up.

I'm curious as to to how the bot got past the 'bot protection measures' in
place,
or is this again because the is custom code being written to defeat them?

I trust too that you are able to clean up all the uploaded files.
Is there a process in place to identify and remove all files that are not
linked to PmWiki pages?

again, thanks

Simon


____
http://kiwiwiki.nz

On 23 March 2016 at 08:36, Petko Yotov <5ko at 5ko.fr> wrote:

> On 2016-03-22 18:38, ABClf wrote:
>
>> what can we do in case of massive spam, when dozens of pages are
>> suddenly spammed (needing many delete or restore action) ?
>> do pmwiki admins have tools to easily clean the pollution ?
>>
>
> Yes, I have SSH access so I can easily remove the newly created spam pages.
>
> For a few hours last night, and two times today, pmwiki.org had massive
> spamming "attacks" with 180+ pages defaced or created, and files uploaded.
> I suspect the perpetrator is a real person operating bots because after I
> block some words and expressions, the person adapts, changes tactics and
> succeeds again. For example I blocked "0nline tech" (and a few more) and
> after it there appears "o.n.l.i.n.e  t,e,c,h": such variants are harder to
> block without accidentally blocking legitimate strings.
>
> We have $EnableWhyBlocked set to 1 and it explains what is causing the
> post to be blocked, that's why I suspect a real person sees this and adapts.
>
> I can easily extract and block the IP addresses* and (not that easily)
> words in SiteAdmin.Blocklist. Restoring an existing page from the history
> is done from the wiki; I can relative easily delete the last 2 history
> entries from an existing page that was spammed, so that we not need to see
> the spam in the diffs; then I also remove the links in (All)RecentChanges
> pages, because sometimes the page names or summaries contain spam.
>
> It is a waste of time: it took me 3 hours this morning even if a few
> others had started deleting the spam during the night (night at my time
> zone).
>
> Huge thanks to all who helped! :-)
>
> (Please leave to me the clean up of the AllRecentChanges page so that I
> easily notice and review what can be blocked from the deleted pages.)
>
> It is also a waste of time for the person who does this, because all pages
> are restored or deleted a few minutes or a few hours later. :-)
>
> Petko
>
> (*) I use mostly the tools grep, sed from the bash shell, and vim. Now I
> think about ways to automate this.
> ---
> Change log     :  http://www.pmwiki.org/wiki/PmWiki/ChangeLog
> Release notes  :  http://www.pmwiki.org/wiki/PmWiki/ReleaseNotes
> If you upgrade :  http://www.pmwiki.org/wiki/PmWiki/Upgrades
>
>
>
>
> _______________________________________________
> pmwiki-users mailing list
> pmwiki-users at pmichaud.com
> http://www.pmichaud.com/mailman/listinfo/pmwiki-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.pmichaud.com/pipermail/pmwiki-users/attachments/20160323/65c35a9d/attachment.html>


More information about the pmwiki-users mailing list