[OpenStack-Infra] Wiki.o.o sustaining spam attack

JP Maxwell jp at tipit.net
Fri Feb 26 04:16:48 UTC 2016


Is it an option to put the question back to an impossible answer for even a
little while? I think it would be very telling if the spam continues then
there may be an exploit possibly tied to the launchpad SSO.  It would at
least give a clue where to focus.

J.P. Maxwell | tipit.net | fibercove.com
On Feb 25, 2016 10:10 PM, "Elizabeth K. Joseph" <lyz at princessleia.com>
wrote:

> On Thu, Feb 25, 2016 at 6:35 AM, Jeremy Stanley <fungi at yuggoth.org> wrote:
> > On 2016-02-25 02:46:13 -0600 (-0600), JP Maxwell wrote:
> >> Please be aware that you can now create accounts under the mobile
> >> view in the wiki native user table. I just created an account for
> >> JpMaxMan.  Not sure if this matters but wanted to make sure you
> >> were aware.
> >
> > Oh, yes I think having a random garbage question/answer was in fact
> > previously preventing account creation under the mobile view. We
> > probably need a way to disable mobile view account creation as it
> > bypasses OpenID authentication entirely.
>
> So that's what it was doing! We'll have to tackle the mobile view issue.
>
> Otherwise, quick update here:
>
> The captcha didn't appear to help stem the spam tide. We'll want to
> explore and start implementing some of the other solutions.
>
> I did some database poking around today and it does seem like all the
> users do have launchpad accounts and email addresses.
>
> --
> Elizabeth Krumbach Joseph || Lyz || pleia2
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-infra/attachments/20160225/d90302e1/attachment-0001.html>


More information about the OpenStack-Infra mailing list