<div dir="ltr">Petko<div><br></div><div>thanks for all the work you do having to clean/tidy this all up.</div><div><br></div><div>I'm curious as to to how the bot got past the 'bot protection measures' in place,</div><div>or is this again because the is custom code being written to defeat them?</div><div><br></div><div>I trust too that you are able to clean up all the uploaded files.</div><div>Is there a process in place to identify and remove all files that are not linked to PmWiki pages?</div><div><br></div><div>again, thanks</div><div><br></div><div>Simon</div><div><br></div></div><div class="gmail_extra"><br clear="all"><div><div class="gmail_signature"><div dir="ltr"><div>____<br><a href="http://kiwiwiki.nz" target="_blank"><font size="1">http://kiwiwiki.nz</font></a></div></div></div></div>
<br><div class="gmail_quote">On 23 March 2016 at 08:36, Petko Yotov <span dir="ltr"><<a href="mailto:5ko@5ko.fr" target="_blank">5ko@5ko.fr</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span class="">On 2016-03-22 18:38, ABClf wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
what can we do in case of massive spam, when dozens of pages are<br>
suddenly spammed (needing many delete or restore action) ?<br>
do pmwiki admins have tools to easily clean the pollution ?<br>
</blockquote>
<br></span>
Yes, I have SSH access so I can easily remove the newly created spam pages.<br>
<br>
For a few hours last night, and two times today, <a href="http://pmwiki.org" rel="noreferrer" target="_blank">pmwiki.org</a> had massive spamming "attacks" with 180+ pages defaced or created, and files uploaded. I suspect the perpetrator is a real person operating bots because after I block some words and expressions, the person adapts, changes tactics and succeeds again. For example I blocked "0nline tech" (and a few more) and after it there appears "o.n.l.i.n.e t,e,c,h": such variants are harder to block without accidentally blocking legitimate strings.<br>
<br>
We have $EnableWhyBlocked set to 1 and it explains what is causing the post to be blocked, that's why I suspect a real person sees this and adapts.<br>
<br>
I can easily extract and block the IP addresses* and (not that easily) words in SiteAdmin.Blocklist. Restoring an existing page from the history is done from the wiki; I can relative easily delete the last 2 history entries from an existing page that was spammed, so that we not need to see the spam in the diffs; then I also remove the links in (All)RecentChanges pages, because sometimes the page names or summaries contain spam.<br>
<br>
It is a waste of time: it took me 3 hours this morning even if a few others had started deleting the spam during the night (night at my time zone).<br>
<br>
Huge thanks to all who helped! :-)<br>
<br>
(Please leave to me the clean up of the AllRecentChanges page so that I easily notice and review what can be blocked from the deleted pages.)<br>
<br>
It is also a waste of time for the person who does this, because all pages are restored or deleted a few minutes or a few hours later. :-)<br>
<br>
Petko<br>
<br>
(*) I use mostly the tools grep, sed from the bash shell, and vim. Now I think about ways to automate this.<br>
---<br>
Change log : <a href="http://www.pmwiki.org/wiki/PmWiki/ChangeLog" rel="noreferrer" target="_blank">http://www.pmwiki.org/wiki/PmWiki/ChangeLog</a><br>
Release notes : <a href="http://www.pmwiki.org/wiki/PmWiki/ReleaseNotes" rel="noreferrer" target="_blank">http://www.pmwiki.org/wiki/PmWiki/ReleaseNotes</a><br>
If you upgrade : <a href="http://www.pmwiki.org/wiki/PmWiki/Upgrades" rel="noreferrer" target="_blank">http://www.pmwiki.org/wiki/PmWiki/Upgrades</a><div class="HOEnZb"><div class="h5"><br>
<br>
<br>
<br>
_______________________________________________<br>
pmwiki-users mailing list<br>
<a href="mailto:pmwiki-users@pmichaud.com" target="_blank">pmwiki-users@pmichaud.com</a><br>
<a href="http://www.pmichaud.com/mailman/listinfo/pmwiki-users" rel="noreferrer" target="_blank">http://www.pmichaud.com/mailman/listinfo/pmwiki-users</a><br>
</div></div></blockquote></div><br></div>