You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@jspwiki.apache.org by Harry Metske <ha...@gmail.com> on 2016/02/03 10:23:51 UTC
spam on jspwiki and couter measures
Hi all,
yesterday we received a lot of spam on https://jspwiki-wiki.apache.org.
Hundreds of spam pages were created, and also many existing pages were
updated with spam. Eventually it also OOMed the JVM.
Spammer is coming from multiple IP addresses and used many (just created)
wiki accounts, our SpamFilter does not handle this.
We tried to stop this in an elegant way, but given our limited time we
have, we had to take drastic measures to stop the spammer.
* We changed the security policy so that only Admin users can create/update
pages.
* We restored all pages from a backup of yesterday (2016-02-02 06:41)
* deleted all jspwiki userids that were created since this timestamp
* recycled tomcat
We will keep this configuration for a couple of days and think about
further steps on how to proceed.
If you have made page changes after the backup timestamp and you definitely
want these changes in, drop us a mail.
Other comments are welcome too.
kind regards,
Harry
Re: spam on jspwiki and couter measures
Posted by Ichiro Furusato <ic...@gmail.com>.
Hi Harry,
Sorry, but I don't have access to the code anymore for that, and it was a
proprietary
extension to the WikiPageProvider so it wouldn't have fit into the trunk
anyway. But it
was almost trivial. All I did was add a boolean 'locked' flag and
interjected a check for
that in the #putPageGext(WikiPage,String) method, the only method that
generally
gets called that's not a administrator method.
If the flag was false the method simply exited. As I mentioned I also
provided a
#isLocked() method that I then called in the JSPs to note that the wiki is
locked.
You could implement this in the AbstractFileProvider class if you only
wanted it to
affect those providers, but there wasn't/isn't really a provider-universal
way I can
think of. It was admittedly a bit of an emergency hack.
Ichiro
On Thu, Feb 4, 2016 at 10:02 PM, Harry Metske <ha...@gmail.com>
wrote:
> that looks a useful enhancement to me. Could you provide patches for that ?
>
> Another improvement I was thinking about is enhancing the SpamFilter with a
> SpamFilterIPList (beside the already existing SpamFilterWordList). This
> should allow you to have a wikipage listing the IP addresses (regexes) to
> ban.
>
> regards,
> Harry
>
>
> On 3 February 2016 at 21:44, Ichiro Furusato <ic...@gmail.com>
> wrote:
>
> > Hi Harry,
> >
> > A note out of the blue perhaps, but at one point I modified one of our
> > PageProviders to have a simple admin flag that if set kept pages from
> > being saved. It was used in emergencies of the sort you've mentioned.
> >
> > It could be added to the API and provided with an additional isLocked()
> > method to permit JSPs to post a notice that the wiki has been locked
> > down. Given most wikis are run on a shoestring or no budget at all I
> > felt this was a reasonable approach.
> >
> > Cheers,
> >
> > Ichiro
> >
> > On Wed, Feb 3, 2016 at 10:23 PM, Harry Metske <ha...@gmail.com>
> > wrote:
> >
> > > Hi all,
> > >
> > > yesterday we received a lot of spam on https://jspwiki-wiki.apache.org
> .
> > > Hundreds of spam pages were created, and also many existing pages were
> > > updated with spam. Eventually it also OOMed the JVM.
> > > Spammer is coming from multiple IP addresses and used many (just
> created)
> > > wiki accounts, our SpamFilter does not handle this.
> > >
> > > We tried to stop this in an elegant way, but given our limited time we
> > > have, we had to take drastic measures to stop the spammer.
> > >
> > > * We changed the security policy so that only Admin users can
> > create/update
> > > pages.
> > > * We restored all pages from a backup of yesterday (2016-02-02 06:41)
> > > * deleted all jspwiki userids that were created since this timestamp
> > > * recycled tomcat
> > >
> > > We will keep this configuration for a couple of days and think about
> > > further steps on how to proceed.
> > >
> > > If you have made page changes after the backup timestamp and you
> > definitely
> > > want these changes in, drop us a mail.
> > > Other comments are welcome too.
> > >
> > > kind regards,
> > > Harry
> > >
> >
>
Re: spam on jspwiki and couter measures
Posted by Harry Metske <ha...@gmail.com>.
that looks a useful enhancement to me. Could you provide patches for that ?
Another improvement I was thinking about is enhancing the SpamFilter with a
SpamFilterIPList (beside the already existing SpamFilterWordList). This
should allow you to have a wikipage listing the IP addresses (regexes) to
ban.
regards,
Harry
On 3 February 2016 at 21:44, Ichiro Furusato <ic...@gmail.com>
wrote:
> Hi Harry,
>
> A note out of the blue perhaps, but at one point I modified one of our
> PageProviders to have a simple admin flag that if set kept pages from
> being saved. It was used in emergencies of the sort you've mentioned.
>
> It could be added to the API and provided with an additional isLocked()
> method to permit JSPs to post a notice that the wiki has been locked
> down. Given most wikis are run on a shoestring or no budget at all I
> felt this was a reasonable approach.
>
> Cheers,
>
> Ichiro
>
> On Wed, Feb 3, 2016 at 10:23 PM, Harry Metske <ha...@gmail.com>
> wrote:
>
> > Hi all,
> >
> > yesterday we received a lot of spam on https://jspwiki-wiki.apache.org.
> > Hundreds of spam pages were created, and also many existing pages were
> > updated with spam. Eventually it also OOMed the JVM.
> > Spammer is coming from multiple IP addresses and used many (just created)
> > wiki accounts, our SpamFilter does not handle this.
> >
> > We tried to stop this in an elegant way, but given our limited time we
> > have, we had to take drastic measures to stop the spammer.
> >
> > * We changed the security policy so that only Admin users can
> create/update
> > pages.
> > * We restored all pages from a backup of yesterday (2016-02-02 06:41)
> > * deleted all jspwiki userids that were created since this timestamp
> > * recycled tomcat
> >
> > We will keep this configuration for a couple of days and think about
> > further steps on how to proceed.
> >
> > If you have made page changes after the backup timestamp and you
> definitely
> > want these changes in, drop us a mail.
> > Other comments are welcome too.
> >
> > kind regards,
> > Harry
> >
>
Re: spam on jspwiki and couter measures
Posted by Ichiro Furusato <ic...@gmail.com>.
Hi Harry,
A note out of the blue perhaps, but at one point I modified one of our
PageProviders to have a simple admin flag that if set kept pages from
being saved. It was used in emergencies of the sort you've mentioned.
It could be added to the API and provided with an additional isLocked()
method to permit JSPs to post a notice that the wiki has been locked
down. Given most wikis are run on a shoestring or no budget at all I
felt this was a reasonable approach.
Cheers,
Ichiro
On Wed, Feb 3, 2016 at 10:23 PM, Harry Metske <ha...@gmail.com>
wrote:
> Hi all,
>
> yesterday we received a lot of spam on https://jspwiki-wiki.apache.org.
> Hundreds of spam pages were created, and also many existing pages were
> updated with spam. Eventually it also OOMed the JVM.
> Spammer is coming from multiple IP addresses and used many (just created)
> wiki accounts, our SpamFilter does not handle this.
>
> We tried to stop this in an elegant way, but given our limited time we
> have, we had to take drastic measures to stop the spammer.
>
> * We changed the security policy so that only Admin users can create/update
> pages.
> * We restored all pages from a backup of yesterday (2016-02-02 06:41)
> * deleted all jspwiki userids that were created since this timestamp
> * recycled tomcat
>
> We will keep this configuration for a couple of days and think about
> further steps on how to proceed.
>
> If you have made page changes after the backup timestamp and you definitely
> want these changes in, drop us a mail.
> Other comments are welcome too.
>
> kind regards,
> Harry
>