[Moin-user] Intelligent Moinmoin wiki spam bot
Tim Bird
tim.bird at am.sony.com
Sun Feb 18 21:27:44 EST 2007
Sean Dague wrote:
> For everyone running Moinmoin, you should be aware that I've had both of my
> wiki's hit by a spam bot that is smart enough to generate a Moinmoin account
> first, before spamming the wiki. My standard bar was just to restrict
> writing to logged in Users, which apparently isn't good enough any more.
>
> All the spam attacks are coming from 219.88.157.53 (some .nz host). If you
> don't check for RecentChanges frequently, you may want to check into it now.
FYI - I've seen an increase lately in spam attacks on my MoinMoin sites.
I don't know if it's from this spambot or not (the attacks aren't from
that IP address). However, just so people can be on the lookout, here
are the two methods of attack I've seen:
1) I've had a logged-in user (I assume from an automatically generated
account) attaching ".html" files to pages that they newly created.
The html files are full of links to bad sites. I have now disallowed
uploading .html files on my site.
2) I've seen lots of new accounts created, with links to bad sites
placed in the "subscribed_pages" attribute of the user account. I'm
not sure how this field is then advertised to the spammer's advantage.
Right now I'm just deleting accounts with weird junk in that field,
but I may automate rejecting or removing such things in the future.
Anyhow, I just thought I'd mention this so people are aware of these
attack methods.
-- Tim
=============================
Tim Bird
Architecture Group Chair, CE Linux Forum
Senior Staff Engineer, Sony Electronics
=============================
More information about the Moin-user
mailing list