Page 1 of 2
OSFaq has been spammed bigtime
Posted: Thu Jun 08, 2006 10:56 pm
by Colonel Kernel
Hi,
I just noticed that the OSFaq has fallen victim to a nuclear spam attack. There are many new pages with spam links, as well as edits to existing pages. I don't have the time at the moment to go through all of them and fix things up...
Could whoever administers the FAQ maybe just roll it back to before the spam attack started...?
I @#)$* hate spammers. >:(
Re:OSFaq has been spammed bigtime
Posted: Fri Jun 09, 2006 2:51 am
by Solar
As I said on osdever.net, I'm at it. (If someone has an up-to-date backup and the ability to install it on the server, feel free to do so, that way we'll lose the spam from the versioning, too.)
Re:OSFaq has been spammed bigtime
Posted: Fri Jun 09, 2006 5:16 am
by Solar
Since the spammer has returned mid-effort, the OS FAQ is effectively dead for now until we can a) block the spammer's IPs and b) locate a halfway up-to-date backup of the FAQ.
I'll bring a static XHTML backup online ASAP at
http://www.rootdirectory.de/osfaq/ (will take about four hours though before I can get home).
Re:OSFaq has been spammed bigtime
Posted: Fri Jun 09, 2006 5:54 am
by df
everything exceed my companies proxy threshold so I cant do anything at work. all pages break exceeded banned prhase limit and such.
i'm so done with the stupid phpwiki....
Re:OSFaq has been spammed bigtime
Posted: Fri Jun 09, 2006 6:26 am
by Pype.Clicker
good to know you're on this, DF. The fact it appeared together with the board moves disorganized our fightback ...
note that not only the OSFAQ , but also the Internet as a whole is under massive Spam attack
Here are the address blocks used by the spammers i've gathered so far:
209.8.40.*
206.161.192.*
205.252.23.*
206.161.205.*
209.8.22.*
I guess they should go to the black list ASAP.
Re:OSFaq has been spammed bigtime
Posted: Fri Jun 09, 2006 6:33 am
by df
ok, adding to my .htaccess as I type
Re:OSFaq has been spammed bigtime
Posted: Fri Jun 09, 2006 6:51 am
by Pype.Clicker
thanks. I removed spam from the "People" pages (well, as many as i found) so that we can at least test the effectiveness of the .htaccess ...
i'll wait a bit before pushing more effort in despamming ... got work to be done if i want money to be paid
Re:OSFaq has been spammed bigtime
Posted: Fri Jun 09, 2006 7:13 am
by Solar
Honestly no-one with a functional backup of the Wiki? I'd much rather add a dozen edits made after the backup instead of undoing hundreds of spam edits, and I can't picture Pype being too fond of the idea, either.
I could also test my leet Perl skillz and see if I could reverse-engineer the Wiki sources from the XHTML dump...
Re:OSFaq has been spammed bigtime
Posted: Fri Jun 09, 2006 8:17 am
by df
i used to do a DB dump everyday... but I have been so busy with dealing with my mortgage, closing on the new house, and all associated stuff I have not done one in a while... aka long time...
sorry guys
Re:OSFaq has been spammed bigtime
Posted: Fri Jun 09, 2006 8:45 am
by Pype.Clicker
well, i've been toying with the wiclicker databases once and tried to retrieve things. I think if i have a recent dump of the database (unspammed), a dump of the current database (even spammed), i could quick-retrieve the pages that can be restored "as is" and leave other page for manual restore.
Maybe i could even find a free day to do it. Don't take me wrong: i'm not too happy with the idea of manually changing all the pages ...
And no, i have no recent dump myself: all my attemps to get a snapshot or a dump of the wiki just resulted in corrupted zip files. All i could ever gather are XHTML dumps.
I remember i changed phpwiki version used in wiclicker (and stopped osdeving for weeks while doing so) for that very purpose ...
Probably we'll have to change the policy and opt for a registration-required framework before people can edit more than one page a day ... problem is that the spammers we're facing now are apparently big (bad) boyz that have pow3rful 3v!l scripts capable of creating hundreds of "fake" accounts on several php-based community software (including e.g. phpnuke boards) ... i'm not even sure we could flood more than 1% of their bandwidth even if were were all synchronizing our resources (and thus probably 'd get fired for resource abuse by our respective managers ::) )
I saw something about "spam-free wiki" where unless you're using a password and have been approved by a moderator, you can't e.g. post URLs in your text ... I'm not sure it'll be easy to migrate the OSFAQ to that system.
Re:OSFaq has been spammed bigtime
Posted: Fri Jun 09, 2006 10:53 am
by Solar
A static HTML version of the FAQ (as of 2006-06-01) is online at
http://www.rootdirectory.de/osfaq/. Feel free to link to that, I'll holler when my bandwidth allowance bursts.
I'll see what I can do scripting-wise. df, could you mayhaps provide me with a MySQL dump of the Wiki, spam and all (perhaps for download from an URL you send me by PM)? That'd give me another "attack vector" to try.
Re:OSFaq has been spammed bigtime
Posted: Sat Jun 10, 2006 2:11 am
by srg_13
You should try mediawiki. I think that that keeps a history of page edits, so you can just click on a previous version to revert to that.
-Stephen
Re:OSFaq has been spammed bigtime
Posted: Sat Jun 10, 2006 2:42 am
by Solar
PhpWiki does the very same thing. It's just that it isn't fun when you have to revert >100 pages that way.
Re:OSFaq has been spammed bigtime
Posted: Sat Jun 10, 2006 9:58 am
by Pype.Clicker
well, it seems it has been reverted to the content as of 7 of June ... good news. How has it been ? Have you found a backup dump DF ? or has Solar's 1337 scr1p71n9 sk!llz been invoked ?
Re:OSFaq has been spammed bigtime
Posted: Sun Jun 11, 2006 2:22 am
by Solar
Nah, df discovered his 1337 SQL1n9 sk!llz.