[pmwiki-users] PmWiki and Spam
Helmut Hullen
Hullen at t-online.de
Sat Jan 12 04:39:00 CST 2008
Hallo, Petko,
Du (5ko) meintest am 12.01.08:
>> Maybe the blocklist does the job.
> Blocklist clearly does not the job. Every edit comes from a different
> IP address. I feel that this is a spambot using a list of open
> proxies to post these nonsense strings.
> And here is the proof:
> http://google.com/search?q=%2262.140.77.68%22+proxy
> (62.140.77.68 edited PITS.00108)
"Nile online", 62.140.76.0/23 (CIDR notation)
Some bot tries to infect badly managed dial-in-clients, and there are
regions (or ISPs) which have many badly managed clients.
Sometimes it may help to inform the ISP ... I had universities among
these addresses.
> I also do not understand why in the Blocklist there are whole ranges
> of blocked IPs, like :
> block:12.43.115.*
Look at the above address range - it might be represented by
62.140.76.*
62.140.77.*
> Are we sure all the 255 IPs are compromized? Blocking a range this
> way is only an effective prevention against dial-up users from tiny
> ISPs that can disconnect and reconnect and get another IP in the same
> range. Even if it is the case (which is not: these are open proxies),
> there are 254 legitimate innocent IPs that are blocked.
May be - you have to look at the innocents on the other side: all the
people who want to read about pmwiki and nothing about spam.
http://arktur.de/Wiki/Spezial:Ipblocklist
May be this side isn't as interesting as pmwiki, but you can see some IP
ranges which are worth to be blocked.
>>> We could site-protect all pages, but I'm not sure how we could make
>>> newcomers aware of the password in a way that makes sense to them.
> If this is not a malicious attack by someone who hates us, what I
> believe to be best is to have an edit password on the groups that we
> are cleaning every day. It may be written in the Site.EditForm :
> Please enter '''pmwiki''' in the following textbox in order to
> edit.
> This is less annoying than a Captcha and may work.
May be it works - we'll see.
In my special case the bot(s) tried to spam only few pages (p.e. a page
with "windows" in its name). I have blocked these few sides too: seems
to help.
-------------
By the way: in the "syslinux" mailinglist you find the same problems and
the same diskussion ...
Viele Gruesse!
Helmut
More information about the pmwiki-users
mailing list