OSFaq has been spammed bigtime

All off topic discussions go here. Everything from the funny thing your cat did to your favorite tv shows. Non-programming computer questions are ok too.
User avatar
Colonel Kernel
Member
Member
Posts: 1437
Joined: Tue Oct 17, 2006 6:06 pm
Location: Vancouver, BC, Canada
Contact:

OSFaq has been spammed bigtime

Post by Colonel Kernel »

Hi,
I just noticed that the OSFaq has fallen victim to a nuclear spam attack. There are many new pages with spam links, as well as edits to existing pages. I don't have the time at the moment to go through all of them and fix things up...

Could whoever administers the FAQ maybe just roll it back to before the spam attack started...?

I @#)$* hate spammers. >:(
Top three reasons why my OS project died:
  1. Too much overtime at work
  2. Got married
  3. My brain got stuck in an infinite loop while trying to design the memory manager
Don't let this happen to you!
User avatar
Solar
Member
Member
Posts: 7615
Joined: Thu Nov 16, 2006 12:01 pm
Location: Germany
Contact:

Re:OSFaq has been spammed bigtime

Post by Solar »

As I said on osdever.net, I'm at it. (If someone has an up-to-date backup and the ability to install it on the server, feel free to do so, that way we'll lose the spam from the versioning, too.)
Every good solution is obvious once you've found it.
User avatar
Solar
Member
Member
Posts: 7615
Joined: Thu Nov 16, 2006 12:01 pm
Location: Germany
Contact:

Re:OSFaq has been spammed bigtime

Post by Solar »

Since the spammer has returned mid-effort, the OS FAQ is effectively dead for now until we can a) block the spammer's IPs and b) locate a halfway up-to-date backup of the FAQ.

I'll bring a static XHTML backup online ASAP at http://www.rootdirectory.de/osfaq/ (will take about four hours though before I can get home).
Every good solution is obvious once you've found it.
User avatar
df
Member
Member
Posts: 1076
Joined: Fri Oct 22, 2004 11:00 pm
Contact:

Re:OSFaq has been spammed bigtime

Post by df »

everything exceed my companies proxy threshold so I cant do anything at work. all pages break exceeded banned prhase limit and such.

i'm so done with the stupid phpwiki....
-- Stu --
User avatar
Pype.Clicker
Member
Member
Posts: 5964
Joined: Wed Oct 18, 2006 2:31 am
Location: In a galaxy, far, far away
Contact:

Re:OSFaq has been spammed bigtime

Post by Pype.Clicker »

good to know you're on this, DF. The fact it appeared together with the board moves disorganized our fightback ...

note that not only the OSFAQ , but also the Internet as a whole is under massive Spam attack

Here are the address blocks used by the spammers i've gathered so far:
209.8.40.*
206.161.192.*
205.252.23.*
206.161.205.*
209.8.22.*

I guess they should go to the black list ASAP.
User avatar
df
Member
Member
Posts: 1076
Joined: Fri Oct 22, 2004 11:00 pm
Contact:

Re:OSFaq has been spammed bigtime

Post by df »

ok, adding to my .htaccess as I type
-- Stu --
User avatar
Pype.Clicker
Member
Member
Posts: 5964
Joined: Wed Oct 18, 2006 2:31 am
Location: In a galaxy, far, far away
Contact:

Re:OSFaq has been spammed bigtime

Post by Pype.Clicker »

thanks. I removed spam from the "People" pages (well, as many as i found) so that we can at least test the effectiveness of the .htaccess ...

i'll wait a bit before pushing more effort in despamming ... got work to be done if i want money to be paid :P
User avatar
Solar
Member
Member
Posts: 7615
Joined: Thu Nov 16, 2006 12:01 pm
Location: Germany
Contact:

Re:OSFaq has been spammed bigtime

Post by Solar »

Honestly no-one with a functional backup of the Wiki? I'd much rather add a dozen edits made after the backup instead of undoing hundreds of spam edits, and I can't picture Pype being too fond of the idea, either.

I could also test my leet Perl skillz and see if I could reverse-engineer the Wiki sources from the XHTML dump...
Every good solution is obvious once you've found it.
User avatar
df
Member
Member
Posts: 1076
Joined: Fri Oct 22, 2004 11:00 pm
Contact:

Re:OSFaq has been spammed bigtime

Post by df »

i used to do a DB dump everyday... but I have been so busy with dealing with my mortgage, closing on the new house, and all associated stuff I have not done one in a while... aka long time... :( sorry guys
-- Stu --
User avatar
Pype.Clicker
Member
Member
Posts: 5964
Joined: Wed Oct 18, 2006 2:31 am
Location: In a galaxy, far, far away
Contact:

Re:OSFaq has been spammed bigtime

Post by Pype.Clicker »

well, i've been toying with the wiclicker databases once and tried to retrieve things. I think if i have a recent dump of the database (unspammed), a dump of the current database (even spammed), i could quick-retrieve the pages that can be restored "as is" and leave other page for manual restore.

Maybe i could even find a free day to do it. Don't take me wrong: i'm not too happy with the idea of manually changing all the pages ...

And no, i have no recent dump myself: all my attemps to get a snapshot or a dump of the wiki just resulted in corrupted zip files. All i could ever gather are XHTML dumps.

I remember i changed phpwiki version used in wiclicker (and stopped osdeving for weeks while doing so) for that very purpose ...

Probably we'll have to change the policy and opt for a registration-required framework before people can edit more than one page a day ... problem is that the spammers we're facing now are apparently big (bad) boyz that have pow3rful 3v!l scripts capable of creating hundreds of "fake" accounts on several php-based community software (including e.g. phpnuke boards) ... i'm not even sure we could flood more than 1% of their bandwidth even if were were all synchronizing our resources (and thus probably 'd get fired for resource abuse by our respective managers ::) )

I saw something about "spam-free wiki" where unless you're using a password and have been approved by a moderator, you can't e.g. post URLs in your text ... I'm not sure it'll be easy to migrate the OSFAQ to that system.
User avatar
Solar
Member
Member
Posts: 7615
Joined: Thu Nov 16, 2006 12:01 pm
Location: Germany
Contact:

Re:OSFaq has been spammed bigtime

Post by Solar »

A static HTML version of the FAQ (as of 2006-06-01) is online at http://www.rootdirectory.de/osfaq/. Feel free to link to that, I'll holler when my bandwidth allowance bursts. ;)

I'll see what I can do scripting-wise. df, could you mayhaps provide me with a MySQL dump of the Wiki, spam and all (perhaps for download from an URL you send me by PM)? That'd give me another "attack vector" to try.
Every good solution is obvious once you've found it.
srg_13

Re:OSFaq has been spammed bigtime

Post by srg_13 »

You should try mediawiki. I think that that keeps a history of page edits, so you can just click on a previous version to revert to that.

-Stephen
User avatar
Solar
Member
Member
Posts: 7615
Joined: Thu Nov 16, 2006 12:01 pm
Location: Germany
Contact:

Re:OSFaq has been spammed bigtime

Post by Solar »

PhpWiki does the very same thing. It's just that it isn't fun when you have to revert >100 pages that way.
Every good solution is obvious once you've found it.
User avatar
Pype.Clicker
Member
Member
Posts: 5964
Joined: Wed Oct 18, 2006 2:31 am
Location: In a galaxy, far, far away
Contact:

Re:OSFaq has been spammed bigtime

Post by Pype.Clicker »

well, it seems it has been reverted to the content as of 7 of June ... good news. How has it been ? Have you found a backup dump DF ? or has Solar's 1337 scr1p71n9 sk!llz been invoked ?
User avatar
Solar
Member
Member
Posts: 7615
Joined: Thu Nov 16, 2006 12:01 pm
Location: Germany
Contact:

Re:OSFaq has been spammed bigtime

Post by Solar »

Nah, df discovered his 1337 SQL1n9 sk!llz. ;)
Every good solution is obvious once you've found it.
Post Reply