[OpenStack-Infra] Wiki.o.o sustaining spam attack

Paul Belanger pabelanger at redhat.com
Fri Feb 26 15:48:12 UTC 2016


On Fri, Feb 26, 2016 at 09:18:00AM -0600, JP Maxwell wrote:
> I really think you might consider the option that there is a vulnerability
> in one of the extensions. If that is the case black listing IPs will be an
> ongoing wild goose chase.
> 
> I think this would be easily proven or disproven by making the questy
> question impossible and see if the spam continues.
> 
We'll have to let an infra-root make that call. Since nobody would be able to
use the wiki. Honestly, I'd rather spend the time standing up a mirror dev
instance for us to work on, rather then production.

> J.P. Maxwell | tipit.net | fibercove.com
> On Feb 26, 2016 9:12 AM, "Paul Belanger" <pabelanger at redhat.com> wrote:
> 
> > On Thu, Feb 25, 2016 at 08:10:34PM -0800, Elizabeth K. Joseph wrote:
> > > On Thu, Feb 25, 2016 at 6:35 AM, Jeremy Stanley <fungi at yuggoth.org>
> > wrote:
> > > > On 2016-02-25 02:46:13 -0600 (-0600), JP Maxwell wrote:
> > > >> Please be aware that you can now create accounts under the mobile
> > > >> view in the wiki native user table. I just created an account for
> > > >> JpMaxMan.  Not sure if this matters but wanted to make sure you
> > > >> were aware.
> > > >
> > > > Oh, yes I think having a random garbage question/answer was in fact
> > > > previously preventing account creation under the mobile view. We
> > > > probably need a way to disable mobile view account creation as it
> > > > bypasses OpenID authentication entirely.
> > >
> > > So that's what it was doing! We'll have to tackle the mobile view issue.
> > >
> > > Otherwise, quick update here:
> > >
> > > The captcha didn't appear to help stem the spam tide. We'll want to
> > > explore and start implementing some of the other solutions.
> > >
> > > I did some database poking around today and it does seem like all the
> > > users do have launchpad accounts and email addresses.
> > >
> > So, I have a few hours before jumping on my plane and checked into this.
> > We are
> > using QuestyCaptcha which according to docs, should almost be impossible
> > for
> > spammers to by pass in an automated fashion.  So, either our captcha is too
> > easy, or we didn't set it up properly.  I don't have SSH on wiki.o.o so
> > others
> > will have to check logs.  I did test new pages and edits, and was promoted
> > by
> > captcha.
> >
> > As a next step, we might need to add additional apache2 configuration to
> > blacklist IPs.  I am reading up on that now.
> >
> > > --
> > > Elizabeth Krumbach Joseph || Lyz || pleia2
> > >
> > > _______________________________________________
> > > OpenStack-Infra mailing list
> > > OpenStack-Infra at lists.openstack.org
> > > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-infra
> >
> > _______________________________________________
> > OpenStack-Infra mailing list
> > OpenStack-Infra at lists.openstack.org
> > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-infra
> >



More information about the OpenStack-Infra mailing list