vandalism in the object library
Posted by ohiomike
|
vandalism in the object library July 05, 2007 04:10PM |
Registered: 17 years ago Posts: 97 |
|
Re: vandalism in the object library July 05, 2007 05:23PM |
Registered: 16 years ago Posts: 113 |
|
Re: vandalism in the object library July 29, 2007 09:01PM |
Registered: 16 years ago Posts: 1 |
|
Re: vandalism in the object library July 30, 2007 05:52PM |
Registered: 17 years ago Posts: 246 |
This looks identical to an attack on another wikimedia I've found.
I think it's probably one person, with a 'bot that hunts down wikis, and replaces the first line with a line of garbage.
It appears that each junk page is given to a new, randomly generated, account, using random characters. The way the same "account" will fight for a page, while ignoring any other pages, and the way, when that account is visited to see its contributions, it is responsible for only one page, leads me to believe either the account is randomly generated, then assigned to a database to monitor that page, or else it is a hash of that page.
Seeing that two accounts have fought to deface the same page, suggests that it is not a hash, (and brings into question my belief it is a single individual.)
I can see some steps, but they'd all be short-term, (in that they could be routed around.)
1. Require registration in a message that has to actually be read, and parsed. Multiple links, one that starts the new account up, nine that kill it, (you might also get away with camoflaging those nine links so they don't look like links at all...unless you're looking at the raw HTML...at least for awhile.)
Be sure to use the correct link...no reliable guessing which link is it this time...maybe the first, maybe the fifth, maybe the last. No telling what the link will say either. Perhaps "apply", possibly "submit". Could be "verify". Or just a raw link.
2. Send in a script to clean the database. If a username fails to follow Dr. Websters rules for english words, it's probably garbage...(or else not english...which is a legitimate concern with this crowd.)
3. Watch the IP/MAC addresses, and if a spammer is detected, devalue all other messages made from that same combination, or at least flag them for human consideration. (Probably be better to assume if one spam, all spam. You might kill a good poster who got infected by a trojan, but still.) It might also be prudent to block all future postings/accounts from that IP until a human asks for access.
3a. Give every well behaved user the ability to bring in new people, but attach their reputation to the sponsoring user. The sponsored acts up, it reflects badly on the sponsor. The sponsored always acts up, the sponsor is fronting spammers and needs to have their privileges revoked. This allows for a potentially logarithmic number of new posters, while still allowing community policing. It MIGHT be possible to also have reputation go the other way as well. If a person consistently flags people as spammers, and those persons survive the scrutiny, perhaps their own reputation should be reconsidered, as should their sponsor. Give moderators unalterable reputations, of course. There has to be someone who can say "right" and "wrong", and can't be naysayed by a large population of potential 'bots.
4. When a spammer is detected, as they are currently watching one post apiece, spoof it. Give it its own last page when it asks, but don't actually use it. Probably be easier to just block all changes by that user, while still letting it log in. Regrettably, an error message of this sort would be one of the easier ones to route around.
5. Restrict links to no more than, say, ten external links, while allowing any number of external links. This can get in the way of bibliographies, but would definately interfere with the CURRENT pattern of spam.
6. When a spammer is detected, forward the linked page to root@ the pages URL, along with a form message about it being involved in wiki-spam, and likely a hijacked site itself. (I'm sorry, I don't see the likelihood of that many cialis advertisements legitimately coming from university 'sites...is the current student body having a little ...trouble...in that area?)
I'd say these were off the top of my head, but I've been mulling this over since the day before yesterday, and some of the ideas I suggested to a different wiki, Saturday.
I think it's probably one person, with a 'bot that hunts down wikis, and replaces the first line with a line of garbage.
It appears that each junk page is given to a new, randomly generated, account, using random characters. The way the same "account" will fight for a page, while ignoring any other pages, and the way, when that account is visited to see its contributions, it is responsible for only one page, leads me to believe either the account is randomly generated, then assigned to a database to monitor that page, or else it is a hash of that page.
Seeing that two accounts have fought to deface the same page, suggests that it is not a hash, (and brings into question my belief it is a single individual.)
I can see some steps, but they'd all be short-term, (in that they could be routed around.)
1. Require registration in a message that has to actually be read, and parsed. Multiple links, one that starts the new account up, nine that kill it, (you might also get away with camoflaging those nine links so they don't look like links at all...unless you're looking at the raw HTML...at least for awhile.)
Be sure to use the correct link...no reliable guessing which link is it this time...maybe the first, maybe the fifth, maybe the last. No telling what the link will say either. Perhaps "apply", possibly "submit". Could be "verify". Or just a raw link.
2. Send in a script to clean the database. If a username fails to follow Dr. Websters rules for english words, it's probably garbage...(or else not english...which is a legitimate concern with this crowd.)
3. Watch the IP/MAC addresses, and if a spammer is detected, devalue all other messages made from that same combination, or at least flag them for human consideration. (Probably be better to assume if one spam, all spam. You might kill a good poster who got infected by a trojan, but still.) It might also be prudent to block all future postings/accounts from that IP until a human asks for access.
3a. Give every well behaved user the ability to bring in new people, but attach their reputation to the sponsoring user. The sponsored acts up, it reflects badly on the sponsor. The sponsored always acts up, the sponsor is fronting spammers and needs to have their privileges revoked. This allows for a potentially logarithmic number of new posters, while still allowing community policing. It MIGHT be possible to also have reputation go the other way as well. If a person consistently flags people as spammers, and those persons survive the scrutiny, perhaps their own reputation should be reconsidered, as should their sponsor. Give moderators unalterable reputations, of course. There has to be someone who can say "right" and "wrong", and can't be naysayed by a large population of potential 'bots.
4. When a spammer is detected, as they are currently watching one post apiece, spoof it. Give it its own last page when it asks, but don't actually use it. Probably be easier to just block all changes by that user, while still letting it log in. Regrettably, an error message of this sort would be one of the easier ones to route around.
5. Restrict links to no more than, say, ten external links, while allowing any number of external links. This can get in the way of bibliographies, but would definately interfere with the CURRENT pattern of spam.
6. When a spammer is detected, forward the linked page to root@ the pages URL, along with a form message about it being involved in wiki-spam, and likely a hijacked site itself. (I'm sorry, I don't see the likelihood of that many cialis advertisements legitimately coming from university 'sites...is the current student body having a little ...trouble...in that area?)
I'd say these were off the top of my head, but I've been mulling this over since the day before yesterday, and some of the ideas I suggested to a different wiki, Saturday.
|
Re: vandalism in the object library July 30, 2007 06:10PM |
Registered: 17 years ago Posts: 246 |
Oh. The following page is currently vandalized.
[objects.reprap.org]
I reverted the other tux page that was vandalized, but there isn't an earlier version of this page that isn't simply blank.
My line in the sand is, I'll replace a garbage page, with information that came before, but otherwise, I'm not willing to delete something based on my belief it is garbage.
On this, I feel confident I'd be considered correct by the community, but better to draw a conservative line in the sand than to set myself up as decency monitor.
No one has appointed me, and I refuse to appoint myself.
[objects.reprap.org]
I reverted the other tux page that was vandalized, but there isn't an earlier version of this page that isn't simply blank.
My line in the sand is, I'll replace a garbage page, with information that came before, but otherwise, I'm not willing to delete something based on my belief it is garbage.
On this, I feel confident I'd be considered correct by the community, but better to draw a conservative line in the sand than to set myself up as decency monitor.
No one has appointed me, and I refuse to appoint myself.
|
Re: vandalism in the object library July 31, 2007 12:32PM |
Admin Registered: 17 years ago Posts: 1,487 |
|
Re: vandalism in the object library July 31, 2007 09:10PM |
Registered: 17 years ago Posts: 246 |
Sorry, only registered users may post in this forum.