[pmwiki-users] PmWiki and Spam

Helmut Hullen Hullen at t-online.de
Sat Jan 12 04:39:00 CST 2008 

Hallo, Petko,

Du (5ko) meintest am 12.01.08:

>> Maybe the blocklist does the job.

> Blocklist clearly does not the job. Every edit comes from a different
> IP address. I feel that this is a spambot using a list of open
> proxies to post these nonsense strings.

> And here is the proof:
>    http://google.com/search?q=%2262.140.77.68%22+proxy

> (62.140.77.68 edited PITS.00108)

"Nile online", 62.140.76.0/23 (CIDR notation)

Some bot tries to infect badly managed dial-in-clients, and there are  
regions (or ISPs) which have many badly managed clients.

Sometimes it may help to inform the ISP ... I had universities among  
these addresses.

> I also do not understand why in the Blocklist there are whole ranges
> of blocked IPs, like :
>    block:12.43.115.*

Look at the above address range - it might be represented by

        62.140.76.*
        62.140.77.*

> Are we sure all the 255 IPs are compromized? Blocking a range this
> way is only an effective prevention against dial-up users from tiny
> ISPs that can disconnect and reconnect and get another IP in the same
> range. Even if it is the case (which is not: these are open proxies),
> there are 254 legitimate innocent IPs that are blocked.

May be - you have to look at the innocents on the other side: all the  
people who want to read about pmwiki and nothing about spam.


        http://arktur.de/Wiki/Spezial:Ipblocklist

May be this side isn't as interesting as pmwiki, but you can see some IP  
ranges which are worth to be blocked.

>>> We could site-protect all pages, but I'm not sure how we could make
>>> newcomers aware of the password in a way that makes sense to them.

> If this is not a malicious attack by someone who hates us, what I
> believe to be best is to have an edit password on the groups that we
> are cleaning every day. It may be written in the Site.EditForm :

>   Please enter '''pmwiki''' in the following textbox in order to
> edit.

> This is less annoying than a Captcha and may work.

May be it works - we'll see.

In my special case the bot(s) tried to spam only few pages (p.e. a page  
with "windows" in its name). I have blocked these few sides too: seems  
to help.

-------------

By the way: in the "syslinux" mailinglist you find the same problems and  
the same diskussion ...

Viele Gruesse!
Helmut

More information about the pmwiki-users mailing list