Re: [OpenStack-Infra] Wiki.o.o sustaining spam attack

[Tom Fifield]

On 23/03/16 13:05, Tom Fifield wrote:

On 23/03/16 11:19, Tom Fifield wrote:

On 23/03/16 00:14, Paul Belanger wrote:

On Tue, Mar 22, 2016 at 03:32:23PM +0800, Tom Fifield wrote:

Hi all,


I'm sad to say that:

* spammers are back - 100-odd pages have gone in over the weekend
https://wiki.openstack.org/wiki/Special:NewPages

* Cleanup was ineffective, with many spam pages still existing on
the wiki
(scroll through the NewPages link above)


So, just a quick update to this.  We just landed 287323[1] which
installs
SmiteSpam[2]. If you are in the bureaucrat group on wiki.o.o you'll
be able to
access it.

Currently I've started the process on cleanup the wiki.  At the
moment, I've
blocked 54[3] account and delete 430+[4] pages. I'll send a follow up
email once
I am done for the day, but moving forward it will be easier for
admins to detect
the spam and stop it faster.

[1] https://review.openstack.org/#/c/287232/
[2] https://wiki.openstack.org/wiki/Special:SmiteSpam
[3] https://wiki.openstack.org/wiki/Special:Log/block
[4] https://wiki.openstack.org/wiki/Special:Log/delete



Cheers Paul! This looks like a very handy extension. I've deleted a
couple pages already



So, *sigh*. I've been trying to use

https://wiki.openstack.org/wiki/Special:Nuke

to delete pages matching

%1%800% (there are about 5000)

and it doesn't work :(

Everything appears to be fine, but the pages don't get deleted or appear
on the deletion log.


Also, appear to have exhausted the usefulness of smitespam for our 
particular case (though I suspect it will be good for the future). It 
appears to focus on pages with lots of external links, whereas our spam 
was mainly text-based, so even though many spam pages remain they aren't 
listed at smitespam.




___
OpenStack-Infra mailing list
OpenStack-Infra@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-infra

Re: [OpenStack-Infra] Wiki.o.o sustaining spam attack

[Tom Fifield]

On 23/03/16 11:19, Tom Fifield wrote:

On 23/03/16 00:14, Paul Belanger wrote:

On Tue, Mar 22, 2016 at 03:32:23PM +0800, Tom Fifield wrote:

Hi all,


I'm sad to say that:

* spammers are back - 100-odd pages have gone in over the weekend
https://wiki.openstack.org/wiki/Special:NewPages

* Cleanup was ineffective, with many spam pages still existing on the wiki
(scroll through the NewPages link above)


So, just a quick update to this.  We just landed 287323[1] which installs
SmiteSpam[2]. If you are in the bureaucrat group on wiki.o.o you'll be able to
access it.

Currently I've started the process on cleanup the wiki.  At the moment, I've
blocked 54[3] account and delete 430+[4] pages. I'll send a follow up email once
I am done for the day, but moving forward it will be easier for admins to detect
the spam and stop it faster.

[1] https://review.openstack.org/#/c/287232/
[2] https://wiki.openstack.org/wiki/Special:SmiteSpam
[3] https://wiki.openstack.org/wiki/Special:Log/block
[4] https://wiki.openstack.org/wiki/Special:Log/delete



Cheers Paul! This looks like a very handy extension. I've deleted a
couple pages already



So, *sigh*. I've been trying to use

https://wiki.openstack.org/wiki/Special:Nuke

to delete pages matching

%1%800% (there are about 5000)

and it doesn't work :(

Everything appears to be fine, but the pages don't get deleted or appear 
on the deletion log.



___
OpenStack-Infra mailing list
OpenStack-Infra@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-infra

Re: [OpenStack-Infra] Wiki.o.o sustaining spam attack

[Tom Fifield]

On 23/03/16 00:14, Paul Belanger wrote:
> On Tue, Mar 22, 2016 at 03:32:23PM +0800, Tom Fifield wrote:
>> Hi all,
>>
>>
>> I'm sad to say that:
>>
>> * spammers are back - 100-odd pages have gone in over the weekend
>> https://wiki.openstack.org/wiki/Special:NewPages
>>
>> * Cleanup was ineffective, with many spam pages still existing on the wiki
>> (scroll through the NewPages link above)
>>
> So, just a quick update to this.  We just landed 287323[1] which installs
> SmiteSpam[2]. If you are in the bureaucrat group on wiki.o.o you'll be able to
> access it.
> 
> Currently I've started the process on cleanup the wiki.  At the moment, I've
> blocked 54[3] account and delete 430+[4] pages. I'll send a follow up email 
> once
> I am done for the day, but moving forward it will be easier for admins to 
> detect
> the spam and stop it faster.
> 
> [1] https://review.openstack.org/#/c/287232/
> [2] https://wiki.openstack.org/wiki/Special:SmiteSpam
> [3] https://wiki.openstack.org/wiki/Special:Log/block
> [4] https://wiki.openstack.org/wiki/Special:Log/delete
> 

Cheers Paul! This looks like a very handy extension. I've deleted a
couple pages already

Regards,


Tom

___
OpenStack-Infra mailing list
OpenStack-Infra@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-infra

Re: [OpenStack-Infra] Network Requirements for Infracloud Relocation Deployment

[Jeremy Stanley]

On 2016-03-22 12:49:32 -0700 (-0700), Remo Mattei wrote:
> hi guys I have been on this list for many months and have not
> being able to attend, can someone remind me when the meeting is? I
> would love to provide / help and share some tips. 

This was a one-time conference call (earlier today) with the data
center management at HPE to work out cabling and configuration
requirements for the hardware currently being relocated.
-- 
Jeremy Stanley

___
OpenStack-Infra mailing list
OpenStack-Infra@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-infra

Re: [OpenStack-Infra] Wiki.o.o sustaining spam attack

[Jeremy Stanley]

On 2016-03-22 08:23:08 -0500 (-0500), JP Maxwell wrote:
> If anyone wants to approve this I am still happy to help.
> 
> https://review.openstack.org/#/c/285641/1

Can you elaborate on how you intend to help which has to be done
first with root access to the server (rather than merely with the
assistance of someone with root access)? The commit message on that
change indicates you just want access to logs files, which I or
other root sysadmins can certainly provide.

We want to make sure that all modifications are reflected in
configuration management so that it's reviewed, tracked and
repeatable, and this is why we generally limit production server
root access to people who also have the ability to approve
configuration management changes for the same servers. This service
is already in a bit of an unfortunate state because years ago we
were less strict and in a moment of weakness allowed the MW
deployment/migration to precede the configuration management of that
deployment (which was subsequently never completed). We need to make
sure its tenuous situation doesn't regress further.

> I don't think you are ever going to be successful at blocking
> accounts or IPs. You must block the creation of the spam by the
> bots. IMHO focusing on improving the captcha or understanding the
> bypass path around the captcha is the best short term path to
> accomplish this.

I'm pretty sure we have consensus on this already. Blocking accounts
and manual cleanup are only viewed as a temporary workaround while
we plan for a safe upgrade to a more recent MW (and as a
prerequisite, more recent Ubuntu) release so that we can take
advantage of current access control measures and similar mitigation
solutions developed by their community in response to escalating
advancement in defacement and valdalism on Wikipedia and elsewhere.
-- 
Jeremy Stanley

___
OpenStack-Infra mailing list
OpenStack-Infra@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-infra

Re: [OpenStack-Infra] Austin Design Summit space needs

[Elizabeth K. Joseph]

On Fri, Mar 11, 2016 at 9:27 AM, Elizabeth K. Joseph
 wrote:
> https://etherpad.openstack.org/p/infra-newton-summit-planning

I've also gone ahead and added a section at the bottom for "Other
sessions of interest" for non-infra sessions that an infra presence
would be particularly valuable at.

We've been pretty good at divide and conquer on the fly at summits,
but with the team growing I thought it would be valuable to call out
some of the key sessions ahead of time to make sure we have coverage.
I know I could always use some infra backup at the translations
sessions, which I've added a reference to seed this section.

-- 
Elizabeth Krumbach Joseph || Lyz || pleia2

___
OpenStack-Infra mailing list
OpenStack-Infra@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-infra

Re: [OpenStack-Infra] Wiki.o.o sustaining spam attack

[JP Maxwell]

If anyone wants to approve this I am still happy to help.

https://review.openstack.org/#/c/285641/1

I don't think you are ever going to be successful at blocking accounts or
IPs. You must block the creation of the spam by the bots. IMHO focusing on
improving the captcha or understanding the bypass path around the captcha
is the best short term path to accomplish this.

J.P. Maxwell | tipit.net | fibercove.com
On Mar 22, 2016 8:15 AM, "Paul Belanger"  wrote:

> On Tue, Mar 22, 2016 at 03:32:23PM +0800, Tom Fifield wrote:
> > Hi all,
> >
> >
> > I'm sad to say that:
> >
> > * spammers are back - 100-odd pages have gone in over the weekend
> > https://wiki.openstack.org/wiki/Special:NewPages
> >
> > * Cleanup was ineffective, with many spam pages still existing on the
> wiki
> > (scroll through the NewPages link above)
> >
> So, we are still working through the clean up of the wiki.  Right now,
> we've
> only stopped the creation of new accounts.  Both from openid and mobile
> users.
>
> We're going to be adding SmitSpam[1] to allow admins to run some cleanup
> tools.
> But that hasn't landed yet.
>
> Until now, I am going into the wiki every few days to ban existing
> accounts that
> have already been created manually.
>
> [1] https://review.openstack.org/#/c/287232/
> >
> >
> > Regards,
> >
> >
> > Tom
> >
> >
> > On 28/02/16 01:11, JP Maxwell wrote:
> > >Elizabeth
> > >
> > >I hope you feel better.
> > >
> > >Just FYI, this is going full force in IRC right now.  I’ve bowed out as
> > >the approach I was suggesting didn’t get traction.
> > >
> > >I proposed to manually iterate on this to confirm precisely which change
> > >solves the spam problem.  Once that has been identified we can revert
> > >and come up with a proper patch.  Right now the assumption is that
> > >disabling manual accounts will solve the problem (and it might).  As a
> > >result the team is trying to solve for the consequences of not having
> > >manual accounts.  Some bots currently use manual accounts among other
> > >issues.  If the assumption is correct, these efforts will be worth it.
> > >  However, if it isn’t it will have been a great waste of energy.
> > >
> > >In any case have a good weekend everyone.  I’m off to eat some delicious
> > >central Texas BBQ!
> > >
> > >
> > >*J.P. Maxwell* | tipit.net  | fibercove.com
> > >
> > >
> > >On Sat, Feb 27, 2016 at 10:15 AM, Elizabeth K. Joseph
> > > wrote:
> > >
> > >We'll be getting together on Monday around 1700 UTC to work through
> > >this together in a debug session in #openstack-infra (I'm too sick
> > >this weekend, plus we need a time when more infra-root folks with
> > >the institutional knowledge are around).
> > >
> > >On Feb 27, 2016 05:37, "Marton Kiss"  > >> wrote:
> > >
> > >Yeah, the Settings.php was overriden by the latest puppet run.
> > >We need to wait for some infra guys to approve my patches and
> > >make it permanent:
> > >https://review.openstack.org/285669 Disable standard password
> > >based auth
> > >https://review.openstack.org/285672 Disable mobile frontend
> > >
> > >M.
> > >
> > >On Sat, Feb 27, 2016 at 2:27 PM JP Maxwell  > >> wrote:
> > >
> > >FYI. Still seeing the mobile view...
> > >
> > >J.P. Maxwell | tipit.net  | fibercove.com
> > >
> > >
> > >On Feb 27, 2016 6:53 AM, "Marton Kiss"
> > >>
> wrote:
> > >
> > >Yes, applied them manually. Let's wait a few hours, and
> > >check for new spam content / user accounts.
> > >
> > >M.
> > >JP Maxwell >
> > >(időpont: 2016. febr. 27., Szo, 13:50) ezt írta:
> > >
> > >Cool. Are these applied? Any indication it has
> > >stopped the spam? Should we clear out these non
> > >launchpad accounts from the DB?
> > >
> > >J.P. Maxwell | tipit.net  |
> > >fibercove.com 
> > >
> > >On Feb 27, 2016 6:47 AM, "Marton Kiss"
> > > > >> wrote:
> > >
> > >And the mobile frontend will be disabled
> > >permanently with this patch:
> > >https://review.openstack.org/285672 Disable
> > >mobile frontend
> > >
> > >M.
> > >
> > >On Sat, Feb 27, 2016 at 1:39 PM Marton Kiss
> > >

Re: [OpenStack-Infra] Network Requirements for Infracloud Relocation Deployment

[Remo Mattei]

hi guys I have been on this list for many months and have not being able to 
attend, can someone remind me when the meeting is? I would love to provide / 
help and share some tips. 

Thanks 
> On Mar 22, 2016, at 12:19, Cody A.W. Somerville  
> wrote:
> 
> 
> 
> On Tue, Mar 22, 2016 at 3:07 PM, Paul Belanger  > wrote:
> On Tue, Mar 22, 2016 at 11:45:12AM -0700, Colleen Murphy wrote:
> > 3) how many vlans?
> >  - one untagged for pxe/management, one tagged for public
> >
> I had to drop off after this point, but did we talk about them (HP team) 
> wiring
> up 2 network interfaces, assuming our NICs support it?  I know we currently 
> are
> doing everything with a single interface.
> 
> Even if we continue to use the single NIC, asking to have the 2nd wired might 
> be
> worth it for down the road.
> 
> > 4) keep 10.10.16.0/24  for internal network
> >
> > 5) Do we need nic bonding?
> >  - no
> >
> 
> Agreed. I was going to make the same point. 
> 
> 
> -- 
> Cody A.W. Somerville
> !DSPAM:1,56f19b36257132002351958! 
> ___
> OpenStack-Infra mailing list
> OpenStack-Infra@lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-infra
> 
> 
> !DSPAM:1,56f19b36257132002351958!

___
OpenStack-Infra mailing list
OpenStack-Infra@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-infra

Re: [OpenStack-Infra] Network Requirements for Infracloud Relocation Deployment

[Cody A.W. Somerville]

On Tue, Mar 22, 2016 at 3:07 PM, Paul Belanger 
wrote:

> On Tue, Mar 22, 2016 at 11:45:12AM -0700, Colleen Murphy wrote:
> > 3) how many vlans?
> >  - one untagged for pxe/management, one tagged for public
> >
> I had to drop off after this point, but did we talk about them (HP team)
> wiring
> up 2 network interfaces, assuming our NICs support it?  I know we
> currently are
> doing everything with a single interface.
>
> Even if we continue to use the single NIC, asking to have the 2nd wired
> might be
> worth it for down the road.
>
> > 4) keep 10.10.16.0/24 for internal network
> >
> > 5) Do we need nic bonding?
> >  - no
> >


Agreed. I was going to make the same point.


-- 
Cody A.W. Somerville
___
OpenStack-Infra mailing list
OpenStack-Infra@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-infra

Re: [OpenStack-Infra] Network Requirements for Infracloud Relocation Deployment

[Paul Belanger]

On Tue, Mar 22, 2016 at 11:45:12AM -0700, Colleen Murphy wrote:
> On Mon, Mar 21, 2016 at 10:17 AM, Colleen Murphy 
> wrote:
> 
> > On Thu, Mar 17, 2016 at 11:48 AM, Colleen Murphy 
> > wrote:
> >
> >> The networking team at HPE received our request and would like to have a
> >> call next week to review it. Our liaison, Venu, should have a draft network
> >> diagram we can review. Who would like to join, and what times/days work
> >> best? I would propose Tuesday at 1800 UTC (one hour before the Infra
> >> meeting).
> >>
> >> Colleen
> >>
> > A call has been scheduled for 1800-1845 UTC on Tuesday, March 22.
> > Invitations were sent out to folks who expressed interest in attending and
> > I can share the meeting phone number and conference ID with anyone who was
> > missed.
> >
> > Allison brought up using the asterisk server for the call and it was not
> > responded to - I suspect either they didn't understand or didn't feel
> > comfortable with it. It would be my preference to not push the issue, as
> > they are extending the invitation to us, not the other way around. Instead
> > I can commit to taking and dispersing detailed notes.
> >
> > Colleen
> >
> Notes from today's meeting:
> 
> 1) 1G or 10G?
>  - 10G useful for image transfers and mirrors in cloud
>  - Venu to connect with DC ops ensure 10G
> 
> 2) ipv6?
>  - Venu to ask verizon to activate /48 block, will take a couple of days
> 
> 3) how many vlans?
>  - one untagged for pxe/management, one tagged for public
> 
I had to drop off after this point, but did we talk about them (HP team) wiring
up 2 network interfaces, assuming our NICs support it?  I know we currently are
doing everything with a single interface.

Even if we continue to use the single NIC, asking to have the 2nd wired might be
worth it for down the road.

> 4) keep 10.10.16.0/24 for internal network
> 
> 5) Do we need nic bonding?
>  - no
> 
> 6) Any load balancing requirement?
>  - no
>  - if we were to add load balancing we would host it ourselves
> 
> 5) Access requirements?
>  - full inbound/outbound internet access - no ports blocked
>  - firewalls managed locally
> 
> The network diagram will need to have some parts redacted before we can
> share it publicly.
> 
> Colleen

> ___
> OpenStack-Infra mailing list
> OpenStack-Infra@lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-infra


___
OpenStack-Infra mailing list
OpenStack-Infra@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-infra

Re: [OpenStack-Infra] Network Requirements for Infracloud Relocation Deployment

[Colleen Murphy]

On Mon, Mar 21, 2016 at 10:17 AM, Colleen Murphy 
wrote:

> On Thu, Mar 17, 2016 at 11:48 AM, Colleen Murphy 
> wrote:
>
>> The networking team at HPE received our request and would like to have a
>> call next week to review it. Our liaison, Venu, should have a draft network
>> diagram we can review. Who would like to join, and what times/days work
>> best? I would propose Tuesday at 1800 UTC (one hour before the Infra
>> meeting).
>>
>> Colleen
>>
> A call has been scheduled for 1800-1845 UTC on Tuesday, March 22.
> Invitations were sent out to folks who expressed interest in attending and
> I can share the meeting phone number and conference ID with anyone who was
> missed.
>
> Allison brought up using the asterisk server for the call and it was not
> responded to - I suspect either they didn't understand or didn't feel
> comfortable with it. It would be my preference to not push the issue, as
> they are extending the invitation to us, not the other way around. Instead
> I can commit to taking and dispersing detailed notes.
>
> Colleen
>
Notes from today's meeting:

1) 1G or 10G?
 - 10G useful for image transfers and mirrors in cloud
 - Venu to connect with DC ops ensure 10G

2) ipv6?
 - Venu to ask verizon to activate /48 block, will take a couple of days

3) how many vlans?
 - one untagged for pxe/management, one tagged for public

4) keep 10.10.16.0/24 for internal network

5) Do we need nic bonding?
 - no

6) Any load balancing requirement?
 - no
 - if we were to add load balancing we would host it ourselves

5) Access requirements?
 - full inbound/outbound internet access - no ports blocked
 - firewalls managed locally

The network diagram will need to have some parts redacted before we can
share it publicly.

Colleen
___
OpenStack-Infra mailing list
OpenStack-Infra@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-infra

Re: [OpenStack-Infra] Wiki.o.o sustaining spam attack

[Paul Belanger]

On Tue, Mar 22, 2016 at 03:32:23PM +0800, Tom Fifield wrote:
> Hi all,
> 
> 
> I'm sad to say that:
> 
> * spammers are back - 100-odd pages have gone in over the weekend
> https://wiki.openstack.org/wiki/Special:NewPages
> 
> * Cleanup was ineffective, with many spam pages still existing on the wiki
> (scroll through the NewPages link above)
> 
So, just a quick update to this.  We just landed 287323[1] which installs
SmiteSpam[2]. If you are in the bureaucrat group on wiki.o.o you'll be able to
access it.

Currently I've started the process on cleanup the wiki.  At the moment, I've
blocked 54[3] account and delete 430+[4] pages. I'll send a follow up email once
I am done for the day, but moving forward it will be easier for admins to detect
the spam and stop it faster.

[1] https://review.openstack.org/#/c/287232/
[2] https://wiki.openstack.org/wiki/Special:SmiteSpam
[3] https://wiki.openstack.org/wiki/Special:Log/block
[4] https://wiki.openstack.org/wiki/Special:Log/delete

___
OpenStack-Infra mailing list
OpenStack-Infra@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-infra

Re: [OpenStack-Infra] Wiki.o.o sustaining spam attack

[Paul Belanger]

On Tue, Mar 22, 2016 at 08:23:08AM -0500, JP Maxwell wrote:
> If anyone wants to approve this I am still happy to help.
> 
> https://review.openstack.org/#/c/285641/1
> 
Looking at the review, Jim would like to see more history of collaborting in git
first. Which is a fair requirement.

> I don't think you are ever going to be successful at blocking accounts or
> IPs. You must block the creation of the spam by the bots. IMHO focusing on
> improving the captcha or understanding the bypass path around the captcha
> is the best short term path to accomplish this.
> 
I think we're also wanting to upgrade to ubuntu trusty next and bump our
version of mediawiki too.  I understand you want to look into why captcha is
getting bypassed but I think we are in 2 camps currently, we have a security
issue (which gets resolved by patching / upgrading) or they've cracked our
captcha with humans (which means rotate our questions more often).

Something else on the plate has been the discussion to move from launchpad.net
to openstackid.org as our SSO provider, which in theory will have less spammers.

So, moving forward. We'll land 287232[1], then purge / block users created with
no passwords (these are mobile users), use SmiteSpam to clean up current
content.

Then, plan migration to ubuntu trusty sometime after summit. With latest version
of mediawiki.

[1] https://review.openstack.org/#/c/287232/

> J.P. Maxwell | tipit.net | fibercove.com
> On Mar 22, 2016 8:15 AM, "Paul Belanger"  wrote:
> 
> > On Tue, Mar 22, 2016 at 03:32:23PM +0800, Tom Fifield wrote:
> > > Hi all,
> > >
> > >
> > > I'm sad to say that:
> > >
> > > * spammers are back - 100-odd pages have gone in over the weekend
> > > https://wiki.openstack.org/wiki/Special:NewPages
> > >
> > > * Cleanup was ineffective, with many spam pages still existing on the
> > wiki
> > > (scroll through the NewPages link above)
> > >
> > So, we are still working through the clean up of the wiki.  Right now,
> > we've
> > only stopped the creation of new accounts.  Both from openid and mobile
> > users.
> >
> > We're going to be adding SmitSpam[1] to allow admins to run some cleanup
> > tools.
> > But that hasn't landed yet.
> >
> > Until now, I am going into the wiki every few days to ban existing
> > accounts that
> > have already been created manually.
> >
> > [1] https://review.openstack.org/#/c/287232/
> > >
> > >
> > > Regards,
> > >
> > >
> > > Tom
> > >
> > >
> > > On 28/02/16 01:11, JP Maxwell wrote:
> > > >Elizabeth
> > > >
> > > >I hope you feel better.
> > > >
> > > >Just FYI, this is going full force in IRC right now.  I’ve bowed out as
> > > >the approach I was suggesting didn’t get traction.
> > > >
> > > >I proposed to manually iterate on this to confirm precisely which change
> > > >solves the spam problem.  Once that has been identified we can revert
> > > >and come up with a proper patch.  Right now the assumption is that
> > > >disabling manual accounts will solve the problem (and it might).  As a
> > > >result the team is trying to solve for the consequences of not having
> > > >manual accounts.  Some bots currently use manual accounts among other
> > > >issues.  If the assumption is correct, these efforts will be worth it.
> > > >  However, if it isn’t it will have been a great waste of energy.
> > > >
> > > >In any case have a good weekend everyone.  I’m off to eat some delicious
> > > >central Texas BBQ!
> > > >
> > > >
> > > >*J.P. Maxwell* | tipit.net  | fibercove.com
> > > >
> > > >
> > > >On Sat, Feb 27, 2016 at 10:15 AM, Elizabeth K. Joseph
> > > > wrote:
> > > >
> > > >We'll be getting together on Monday around 1700 UTC to work through
> > > >this together in a debug session in #openstack-infra (I'm too sick
> > > >this weekend, plus we need a time when more infra-root folks with
> > > >the institutional knowledge are around).
> > > >
> > > >On Feb 27, 2016 05:37, "Marton Kiss"  > > >> wrote:
> > > >
> > > >Yeah, the Settings.php was overriden by the latest puppet run.
> > > >We need to wait for some infra guys to approve my patches and
> > > >make it permanent:
> > > >https://review.openstack.org/285669 Disable standard password
> > > >based auth
> > > >https://review.openstack.org/285672 Disable mobile frontend
> > > >
> > > >M.
> > > >
> > > >On Sat, Feb 27, 2016 at 2:27 PM JP Maxwell  > > >> wrote:
> > > >
> > > >FYI. Still seeing the mobile view...
> > > >
> > > >J.P. Maxwell | tipit.net  | fibercove.com
> > > >
> > > >
> > > >On Feb 27, 2016 6:53 AM, "Marton Kiss"
> > > >>
> > wrote:
> > > >
> > > >

Re: [OpenStack-Infra] Wiki.o.o sustaining spam attack

[JP Maxwell]

If anyone wants to approve this I am still happy to help.

https://review.openstack.org/#/c/285641/1

I don't think you are ever going to be successful at blocking accounts or
IPs. You must block the creation of the spam by the bots. IMHO focusing on
improving the captcha or understanding the bypass path around the captcha
is the best short term path to accomplish this.

J.P. Maxwell | tipit.net | fibercove.com
___
OpenStack-Infra mailing list
OpenStack-Infra@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-infra

Re: [OpenStack-Infra] Wiki.o.o sustaining spam attack

[Paul Belanger]

On Tue, Mar 22, 2016 at 03:32:23PM +0800, Tom Fifield wrote:
> Hi all,
> 
> 
> I'm sad to say that:
> 
> * spammers are back - 100-odd pages have gone in over the weekend
> https://wiki.openstack.org/wiki/Special:NewPages
> 
> * Cleanup was ineffective, with many spam pages still existing on the wiki
> (scroll through the NewPages link above)
> 
So, we are still working through the clean up of the wiki.  Right now, we've
only stopped the creation of new accounts.  Both from openid and mobile users.

We're going to be adding SmitSpam[1] to allow admins to run some cleanup tools.
But that hasn't landed yet.

Until now, I am going into the wiki every few days to ban existing accounts that
have already been created manually.

[1] https://review.openstack.org/#/c/287232/
> 
> 
> Regards,
> 
> 
> Tom
> 
> 
> On 28/02/16 01:11, JP Maxwell wrote:
> >Elizabeth
> >
> >I hope you feel better.
> >
> >Just FYI, this is going full force in IRC right now.  I’ve bowed out as
> >the approach I was suggesting didn’t get traction.
> >
> >I proposed to manually iterate on this to confirm precisely which change
> >solves the spam problem.  Once that has been identified we can revert
> >and come up with a proper patch.  Right now the assumption is that
> >disabling manual accounts will solve the problem (and it might).  As a
> >result the team is trying to solve for the consequences of not having
> >manual accounts.  Some bots currently use manual accounts among other
> >issues.  If the assumption is correct, these efforts will be worth it.
> >  However, if it isn’t it will have been a great waste of energy.
> >
> >In any case have a good weekend everyone.  I’m off to eat some delicious
> >central Texas BBQ!
> >
> >
> >*J.P. Maxwell* | tipit.net  | fibercove.com
> >
> >
> >On Sat, Feb 27, 2016 at 10:15 AM, Elizabeth K. Joseph
> > wrote:
> >
> >We'll be getting together on Monday around 1700 UTC to work through
> >this together in a debug session in #openstack-infra (I'm too sick
> >this weekend, plus we need a time when more infra-root folks with
> >the institutional knowledge are around).
> >
> >On Feb 27, 2016 05:37, "Marton Kiss"  >> wrote:
> >
> >Yeah, the Settings.php was overriden by the latest puppet run.
> >We need to wait for some infra guys to approve my patches and
> >make it permanent:
> >https://review.openstack.org/285669 Disable standard password
> >based auth
> >https://review.openstack.org/285672 Disable mobile frontend
> >
> >M.
> >
> >On Sat, Feb 27, 2016 at 2:27 PM JP Maxwell  >> wrote:
> >
> >FYI. Still seeing the mobile view...
> >
> >J.P. Maxwell | tipit.net  | fibercove.com
> >
> >
> >On Feb 27, 2016 6:53 AM, "Marton Kiss"
> >> wrote:
> >
> >Yes, applied them manually. Let's wait a few hours, and
> >check for new spam content / user accounts.
> >
> >M.
> >JP Maxwell >
> >(időpont: 2016. febr. 27., Szo, 13:50) ezt írta:
> >
> >Cool. Are these applied? Any indication it has
> >stopped the spam? Should we clear out these non
> >launchpad accounts from the DB?
> >
> >J.P. Maxwell | tipit.net  |
> >fibercove.com 
> >
> >On Feb 27, 2016 6:47 AM, "Marton Kiss"
> > >> wrote:
> >
> >And the mobile frontend will be disabled
> >permanently with this patch:
> >https://review.openstack.org/285672 Disable
> >mobile frontend
> >
> >M.
> >
> >On Sat, Feb 27, 2016 at 1:39 PM Marton Kiss
> > >> wrote:
> >
> >I made some investigation, and it seems to
> >be that the spam pages are created by
> >accounts registered with password accounts,
> >and the launchpad openid auth is not
> >affected at all.
> >
> >So the spam script is creating accounts like
> >this:
> >mysql> select * from user where user_name =
> >'CedricJamieson'\G;
> >

Re: [OpenStack-Infra] Wiki.o.o sustaining spam attack

[Tom Fifield]

Hi all,


I'm sad to say that:

* spammers are back - 100-odd pages have gone in over the weekend
https://wiki.openstack.org/wiki/Special:NewPages

* Cleanup was ineffective, with many spam pages still existing on the 
wiki (scroll through the NewPages link above)




Regards,


Tom


On 28/02/16 01:11, JP Maxwell wrote:

Elizabeth

I hope you feel better.

Just FYI, this is going full force in IRC right now.  I’ve bowed out as
the approach I was suggesting didn’t get traction.

I proposed to manually iterate on this to confirm precisely which change
solves the spam problem.  Once that has been identified we can revert
and come up with a proper patch.  Right now the assumption is that
disabling manual accounts will solve the problem (and it might).  As a
result the team is trying to solve for the consequences of not having
manual accounts.  Some bots currently use manual accounts among other
issues.  If the assumption is correct, these efforts will be worth it.
  However, if it isn’t it will have been a great waste of energy.

In any case have a good weekend everyone.  I’m off to eat some delicious
central Texas BBQ!


*J.P. Maxwell* | tipit.net  | fibercove.com


On Sat, Feb 27, 2016 at 10:15 AM, Elizabeth K. Joseph
 wrote:

We'll be getting together on Monday around 1700 UTC to work through
this together in a debug session in #openstack-infra (I'm too sick
this weekend, plus we need a time when more infra-root folks with
the institutional knowledge are around).

On Feb 27, 2016 05:37, "Marton Kiss" > wrote:

Yeah, the Settings.php was overriden by the latest puppet run.
We need to wait for some infra guys to approve my patches and
make it permanent:
https://review.openstack.org/285669 Disable standard password
based auth
https://review.openstack.org/285672 Disable mobile frontend

M.

On Sat, Feb 27, 2016 at 2:27 PM JP Maxwell > wrote:

FYI. Still seeing the mobile view...

J.P. Maxwell | tipit.net  | fibercove.com


On Feb 27, 2016 6:53 AM, "Marton Kiss"
> wrote:

Yes, applied them manually. Let's wait a few hours, and
check for new spam content / user accounts.

M.
JP Maxwell >
(időpont: 2016. febr. 27., Szo, 13:50) ezt írta:

Cool. Are these applied? Any indication it has
stopped the spam? Should we clear out these non
launchpad accounts from the DB?

J.P. Maxwell | tipit.net  |
fibercove.com 

On Feb 27, 2016 6:47 AM, "Marton Kiss"
> wrote:

And the mobile frontend will be disabled
permanently with this patch:
https://review.openstack.org/285672 Disable
mobile frontend

M.

On Sat, Feb 27, 2016 at 1:39 PM Marton Kiss
> wrote:

I made some investigation, and it seems to
be that the spam pages are created by
accounts registered with password accounts,
and the launchpad openid auth is not
affected at all.

So the spam script is creating accounts like
this:
mysql> select * from user where user_name =
'CedricJamieson'\G;
*** 1. row
***
user_id: 7494
user_name: CedricJamieson
user_real_name: Cedric Jamieson
user_password:

:pbkdf2:sha256:1:128:Mlo9tdaP+38niZrrEka7Ow==:jEVnrTclkwIpE1RzJywDlrSvkY5G3idYwOwYRkv5O0J/MSHjY+gdhtKmArQ53v6/w7o8E1wXb2QOR6HdL5TPfOI1bswS/fYXVVYjPjkEEdxqZ8q9L5p2f3N6rEYpMfT5tk+wDiy+j5aimrHrGSga44hndAHgX9/SnqUyxlutDVY=
user_newpassword:
user_newpass_time: NULL
user_email: balashkina.evdok...@mail.ru

user_touched: