[pmwiki-users] what to do in case of massive spam ?

Petko Yotov 5ko at 5ko.fr
Tue Mar 22 14:36:36 CDT 2016


On 2016-03-22 18:38, ABClf wrote:
> what can we do in case of massive spam, when dozens of pages are
> suddenly spammed (needing many delete or restore action) ?
> do pmwiki admins have tools to easily clean the pollution ?

Yes, I have SSH access so I can easily remove the newly created spam 
pages.

For a few hours last night, and two times today, pmwiki.org had massive 
spamming "attacks" with 180+ pages defaced or created, and files 
uploaded. I suspect the perpetrator is a real person operating bots 
because after I block some words and expressions, the person adapts, 
changes tactics and succeeds again. For example I blocked "0nline tech" 
(and a few more) and after it there appears "o.n.l.i.n.e  t,e,c,h": such 
variants are harder to block without accidentally blocking legitimate 
strings.

We have $EnableWhyBlocked set to 1 and it explains what is causing the 
post to be blocked, that's why I suspect a real person sees this and 
adapts.

I can easily extract and block the IP addresses* and (not that easily) 
words in SiteAdmin.Blocklist. Restoring an existing page from the 
history is done from the wiki; I can relative easily delete the last 2 
history entries from an existing page that was spammed, so that we not 
need to see the spam in the diffs; then I also remove the links in 
(All)RecentChanges pages, because sometimes the page names or summaries 
contain spam.

It is a waste of time: it took me 3 hours this morning even if a few 
others had started deleting the spam during the night (night at my time 
zone).

Huge thanks to all who helped! :-)

(Please leave to me the clean up of the AllRecentChanges page so that I 
easily notice and review what can be blocked from the deleted pages.)

It is also a waste of time for the person who does this, because all 
pages are restored or deleted a few minutes or a few hours later. :-)

Petko

(*) I use mostly the tools grep, sed from the bash shell, and vim. Now I 
think about ways to automate this.
---
Change log     :  http://www.pmwiki.org/wiki/PmWiki/ChangeLog
Release notes  :  http://www.pmwiki.org/wiki/PmWiki/ReleaseNotes
If you upgrade :  http://www.pmwiki.org/wiki/PmWiki/Upgrades





More information about the pmwiki-users mailing list