Re: [Axiom-developer] spam attack

[Bob McElrath]

Page, Bill address@hidden wrote:
> > I like to point how important it is not only because it is
> > annoying but also because it will make the axiom web page a
> > so called "farm link" meaning loosing rating or not even showing
> > up in Google and co. 
> 
> Yes you are right, this could happen if we let too much spam
> accumulate.   
> 
> The spam attach is still continuing at the rate of more than 60
> attempts per minute. Uncaught spam arriving at this rate could
> easily overwhelm our server and cause it to fail.

Since wiki spam must occur over a HTTP connection, it is 2-way.  So, you
have the verified IP's of the attackers.  Someone is clearly using a
zombie net.  Consider spawning:
     iptables -A INPUT -s "$IP" -j DROP
when someone posts something in the banned_links.  Then, one would want
to remove the ban on reguar links or you would hit legitimate users.
I'm assuming banned_links would contain only the bad URL's/domain names.
So in each case you would get at least one spam.  

I don't think it's possible or practical to try to ban spam *before*
seeing spam from a given source.  They can always find a way around any
system you set up.

> My second attempt to control this threat is to continue the ban
> on http external links for unauthenticated (i.e. non Zope) users.
> This is the way the ban was originally supposed to work - users
> who have a specially assigned user id - over and above that set
> in their preferences - are allowed to ignore the ban. If they
> are editing a page or adding a comment that contains banned
> content, then they will be prompted to enter their user id and
> password. If it is valid, the edit will be allowed to continue.
> If not, then they (and all those damned robots!) will receive
> a 401 Unauthorized return code.
> 
> This seems to be working now. Would those of you who have the
> Zope user accounts, i.e. Ralf, Marten, and Bob McElrath, please
> try this and confirm that it is working the way it is supposed
> to.

That's an interesting idea...can the post be held for moderation too, in
case someone makes an interesting edit but doesn't have a zope userid?

> It might be possible to lift the ban on external links at some
> point in the future if these spam attacks stop, but in the
> mean time, if you are an Axiom developer or Axiom user and you
> want to be able to freely edit and post comments to the Axiom
> Wiki, please contact me by email and I will provide you with a
> Zope user id. If you would like just to make one or two simple
> pages and you get caught by this ban, maybe the best approach
> would be for you to send your changes to one someone who already
> has a Zope user id.

This is one of the major drawbacks to ZWiki -- there is no way for the
user to create and manage his account.  Plone, for instance, allows the
user to create an account and login with a password.  User rights can be
managed from there.  (if anyone wants to consider dumping the zwiki
portal in favor of putting everything in plone...)  There are lots of
zope user management products:
    http://www.zope.org/Products/user_management
but it would require some coding to get it to interface with zwiki.

--
Cheers,
Bob McElrath [Univ. of California at Davis, Department of Physics]

    Only after you've tried to figure something out for yourself and
    failed are you ready to absorb "the answer."

signature.asc
Description: Digital signature