On 07.01.2015 21:51, Guido van Rossum wrote: > This sounds like a serious and lasting infrastructure issue. Dropbox is hit > by similar attacks all the time. The hackers are likely looking to match > large databases of email addresses (think many, many millions) against > large databases of easy passwords; if they find a match they are likely to > test the same email/password combination at a large set of other services. > (I can't explain the account creations but these are likely to the hackers > useful in some other way.) > > Sooner or later this will be used to hack or impersonate someone important. > > There is no perfect solution, but we should definitely be watching this > more carefully and slow down login attempts and account creations. Do we > have a captcha yet? Can we block IP addresses? Nothing stops all attempts, > but you must at least do all of these.
We have a textcha on the account creation page, which blocks bots (but not necessarily humans). The attempts do seem to be programmed, since we're not getting a lot of hits for the password reminder link which is on the login page as well. I guess we could try to use fail2ban on the VM which some special rules setup to watch for excessive login and account creation requests. However, the IP addresses don't repeat often, so this may not be all that effective. MoinMoin itself also has a built-in surge protection: http://moinmo.in/HelpOnConfiguration/SurgeProtection but this will likely not help much due to the same problem with the varying IP addresses. It also sometimes causes problems for people behind firewalls - as we experienced at PyCon UK a couple of years ago. > The times of spambayes are over. The adversaries are persistent and clever > and have huge resources. > > (Sadly I can't say much more except over beer. But this is serious.) The wiki VM runs behind a load balancer, so perhaps we ought to look for a more generic solution to install there. > On Wed, Jan 7, 2015 at 12:36 PM, M.-A. Lemburg <m...@egenix.com> wrote: > >> I've had a look around on the system at what might be causing the >> slowness of the wiki. >> >> The number of used inodes was a bit high, so I ran some >> maintenance tools on the wikis to reduce them. >> >> A restart of Apache didn't help much. The processes went straight >> to 100% again. >> >> I then ran a log trace of the access log and found that the >> wiki us being hit by massive and continuous stream of login attempts >> and new account creations. I guess the spammers have us on the >> radar again... >> >> The IP addresses vary a lot, but the user agent strings are mostly >> the same: "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; >> Trident/5.0)". >> >> All three wikis are affected, so this may be a botnet. >> >> -- >> Marc-Andre Lemburg >> eGenix.com >> >> Professional Python Services directly from the Source (#1, Jan 07 2015) >>>>> Python Projects, Coaching and Consulting ... http://www.egenix.com/ >>>>> mxODBC Plone/Zope Database Adapter ... http://zope.egenix.com/ >>>>> mxODBC, mxDateTime, mxTextTools ... http://python.egenix.com/ >> ________________________________________________________________________ >> >> ::::: Try our mxODBC.Connect Python Database Interface for free ! :::::: >> >> eGenix.com Software, Skills and Services GmbH Pastor-Loeh-Str.48 >> D-40764 Langenfeld, Germany. CEO Dipl.-Math. Marc-Andre Lemburg >> Registered at Amtsgericht Duesseldorf: HRB 46611 >> http://www.egenix.com/company/contact/ >> _______________________________________________ >> pydotorg-www mailing list >> pydotorg-www@python.org >> https://mail.python.org/mailman/listinfo/pydotorg-www >> > > > -- Marc-Andre Lemburg eGenix.com Professional Python Services directly from the Source (#1, Jan 07 2015) >>> Python Projects, Coaching and Consulting ... http://www.egenix.com/ >>> mxODBC Plone/Zope Database Adapter ... http://zope.egenix.com/ >>> mxODBC, mxDateTime, mxTextTools ... http://python.egenix.com/ ________________________________________________________________________ ::::: Try our mxODBC.Connect Python Database Interface for free ! :::::: eGenix.com Software, Skills and Services GmbH Pastor-Loeh-Str.48 D-40764 Langenfeld, Germany. CEO Dipl.-Math. Marc-Andre Lemburg Registered at Amtsgericht Duesseldorf: HRB 46611 http://www.egenix.com/company/contact/ _______________________________________________ pydotorg-www mailing list pydotorg-www@python.org https://mail.python.org/mailman/listinfo/pydotorg-www
