[SAC] another ongoing spam storm
Alex M
tech_dev at wildintellect.com
Mon May 2 18:02:40 PDT 2016
It was re-enabled with Recaptcha implemented. Would be good to see the
logs to figure out if the registration is still being used or if these
are pre-existing spam accounts.
Is it all Trac instances or specific ones? I disabled authenticated
permissions on Ubuntugis a few days ago, and that seems to kill the
posting, while we query and find all the spam account names. Maybe that
needs to happen for all the Trac instances for a few hours.
The trac-admin command line turns out to be pretty good for this,
including killing sessions.
Examples:
See the sessions
trac-admin /osgeo/trac/ubuntugis/ session list
Make a list of users from the results and pipe it to the session delete
trac-admin /osgeo/trac/ubuntugis/ session delete baduser1 baduser2
Look up the permissions (Save a copy so you can tell what to put back later)
trac-admin /osgeo/trac/ubuntugis/ permission list
Lockout everyone but admins from making edits
trac-admin /osgeo/trac/ubuntugis/ permission delete authenticated '*'
Take the list of badusers and pass it to Martin to remove from LDAP (we
could come up with a better way to do this). It would be nice to
actually dump those records first so we can look for patterns in IP,
email etc.
Thanks,
Alex
On 05/02/2016 05:45 PM, Sandro Santilli wrote:
> Spammers are back flooding trac, was the OSGeo Userid registration
> form re-enabled ? Or these users must have been sitting there in wait
> for a long time!
>
> An updated list of offending accounts can be extracted from
> the script I'm using to cleanup instances on trac.osgeo.org:
>
> grep '^(' /var/www/trac/emergency_clean.sql
>
> Could someone please block/ban those users ?
>
> --strk;
More information about the Sac
mailing list