CFD Online Logo CFD Online URL
www.cfd-online.com
[Sponsors]
Home > Forums > OpenFOAM

Wiki

Register Blogs Members List Search Today's Posts Mark Forums Read

Like Tree35Likes

Reply
 
LinkBack Thread Tools Display Modes
Old   August 6, 2012, 18:47
Default
  #101
Assistant Moderator
 
Bernhard Gschaider
Join Date: Mar 2009
Posts: 3,915
Rep Power: 40
gschaider will become famous soon enoughgschaider will become famous soon enough
Quote:
Originally Posted by wyldckat View Post
Hi Bernhard,

About the problem with the spammer registrations - have you thought/checked the option of using something similar to this: http://www.paraview.org/Wiki/Special:RequestAccount !?
I want to keep the threshold for new contributors as low as possible. And if nobody approves the new accounts for 3 days my guess is that at least 34.76% of the people won't write what they originally wanted (BTW: did you know that 43% of all statistics used in an argument are made up)

What puzzles me about these accounts is that they got past the "security question" but never created any spam content (for which the same questions are used)

Quote:
Originally Posted by wyldckat View Post
As for the emails for confirmation, maybe it's due to something similar to this: Alert mail for new messages post #6
I THINK the problem is that there currently is no reverse DNS lookup for the server. I will address that problem once the domain is registered with the new provider
gschaider is offline   Reply With Quote

Old   August 7, 2012, 06:44
Default
  #102
Super Moderator
 
Bruno Santos
Join Date: Mar 2009
Location: Lisbon, Portugal
Posts: 8,301
Blog Entries: 34
Rep Power: 84
wyldckat is just really nicewyldckat is just really nicewyldckat is just really nicewyldckat is just really nice
Quote:
Originally Posted by gschaider View Post
What puzzles me about these accounts is that they got past the "security question" but never created any spam content (for which the same questions are used)
This happened with the comment system on our company's website. Somehow the spammers got through the custom captcha system, and somehow sent HTML based POST packages directly to the php comment script. But since there was a second layer of security (admin approval), they gave up after a couple of days.
Therefore, the issue might be on the final PHP script that handles the registration, which should require checking the captcha cookie as well...
wyldckat is offline   Reply With Quote

Old   August 15, 2012, 06:21
Default
  #103
Super Moderator
 
Bruno Santos
Join Date: Mar 2009
Location: Lisbon, Portugal
Posts: 8,301
Blog Entries: 34
Rep Power: 84
wyldckat is just really nicewyldckat is just really nicewyldckat is just really nicewyldckat is just really nice
Hi Bernhard,

Yesterday there was a big inflow on new users, mostly dummy ones.

I've been reading up on this subject and ended up with the following conclusions:
  • This kind of question protection system should update its question list every once in a while, to keep trained bots away.
  • "Hot pot" method of using a hidden second question can lead automated bots astray, since the second question isn't meant to be answered. But this isn't full proof neither.
  • Since dummy users only register, it's possible that these are being used as a public form of indicating that a particular attack bot is up and running in a infected host.
    Additionally, yesterdays surplus can indicate that either the number of bots that infiltrate/attack has grown, or that other public areas have been closed and bots have been diverted to the existing pool of bulletin boards.
  • An allegedly good way of keeping these kinds of dummy users at bay is with this extension: http://www.mediawiki.org/wiki/Extension:TitleBlacklist
There are a few wikis out there that (try to) explain how they are keeping spammers away for good... but the last one I remembered about, I went back to check and that one has apparently decided to switch to human based checking. It is this one: http://www.cookipedia.co.uk/recipes_...on_a_MediaWiki

Best regards,
Bruno
wyldckat is offline   Reply With Quote

Old   August 18, 2012, 09:23
Default
  #104
Super Moderator
 
Bruno Santos
Join Date: Mar 2009
Location: Lisbon, Portugal
Posts: 8,301
Blog Entries: 34
Rep Power: 84
wyldckat is just really nicewyldckat is just really nicewyldckat is just really nicewyldckat is just really nice
Note: I'm at this moment doing some adjustments to how version templates are created in openfoamwiki.net. I hope to have this resolved in the next 10-20 minutes...

edit: Problem solved, I think...

Last edited by wyldckat; August 18, 2012 at 09:49. Reason: see "edit:"
wyldckat is offline   Reply With Quote

Old   August 20, 2012, 17:22
Default
  #105
Assistant Moderator
 
Bernhard Gschaider
Join Date: Mar 2009
Posts: 3,915
Rep Power: 40
gschaider will become famous soon enoughgschaider will become famous soon enough
Quote:
Originally Posted by wyldckat View Post
Hi Bernhard,

Yesterday there was a big inflow on new users, mostly dummy ones.

I've been reading up on this subject and ended up with the following conclusions:
  • This kind of question protection system should update its question list every once in a while, to keep trained bots away.
  • "Hot pot" method of using a hidden second question can lead automated bots astray, since the second question isn't meant to be answered. But this isn't full proof neither.
  • Since dummy users only register, it's possible that these are being used as a public form of indicating that a particular attack bot is up and running in a infected host.
    Additionally, yesterdays surplus can indicate that either the number of bots that infiltrate/attack has grown, or that other public areas have been closed and bots have been diverted to the existing pool of bulletin boards.
  • An allegedly good way of keeping these kinds of dummy users at bay is with this extension: http://www.mediawiki.org/wiki/Extension:TitleBlacklist
There are a few wikis out there that (try to) explain how they are keeping spammers away for good... but the last one I remembered about, I went back to check and that one has apparently decided to switch to human based checking. It is this one: http://www.cookipedia.co.uk/recipes_...on_a_MediaWiki

Best regards,
Bruno
Thanks. I'm back from vacation and will look into the matter. I had a look at the IPs the bot-accounts originate from (with http://www.mediawiki.org/wiki/Extension:CheckUser) and it seems I would have to Blacklist half china to get rid of them (they always use different IPs)

The title blacklist-extension is not an option I'm afraid. I can't think of a regexp that would block these false users and not leggit users.
gschaider is offline   Reply With Quote

Old   August 20, 2012, 17:28
Default
  #106
Super Moderator
 
Bruno Santos
Join Date: Mar 2009
Location: Lisbon, Portugal
Posts: 8,301
Blog Entries: 34
Rep Power: 84
wyldckat is just really nicewyldckat is just really nicewyldckat is just really nicewyldckat is just really nice
Well, this isn't exactly a solution, but this old cartoon I know of came to mind just know: http://xkcd.com/810/
VdG likes this.
wyldckat is offline   Reply With Quote

Old   August 21, 2012, 11:26
Default
  #107
Assistant Moderator
 
Bernhard Gschaider
Join Date: Mar 2009
Posts: 3,915
Rep Power: 40
gschaider will become famous soon enoughgschaider will become famous soon enough
Quote:
Originally Posted by wyldckat View Post
Well, this isn't exactly a solution, but this old cartoon I know of came to mind just know: http://xkcd.com/810/
It is possible that the invasion of illegal users was made possible by the last upgrade and an attempt to make the configuration better. Seems that I switched off
http://bad-behavior.ioerror.us/suppo...ion/mediawiki/

(Fun fact: did you know that "$IP" is not the same as '$IP' in PHP. Damn. I hate that 'language')

Whether this was the case: if there are no new users in the next 24h this would prove two things:
a) I should forbid my emacs to open any files ending with .php
b) BadBehaviour is working well

About xkcd: it is used in the documentation of real programming languages. You don't have to scroll too far down on http://docs.python.org/library/sqlite3.html
gschaider is offline   Reply With Quote

Old   August 22, 2012, 16:21
Default
  #108
Super Moderator
 
Bruno Santos
Join Date: Mar 2009
Location: Lisbon, Portugal
Posts: 8,301
Blog Entries: 34
Rep Power: 84
wyldckat is just really nicewyldckat is just really nicewyldckat is just really nicewyldckat is just really nice
Quote:
Originally Posted by gschaider View Post
Whether this was the case: if there are no new users in the next 24h this would prove two things:
a) I should forbid my emacs to open any files ending with .php
b) BadBehaviour is working well
Either BadBehaviour is still not properly configured, or these spammers are using normal browsers. Nowadays it's pretty simple to create a plug-in for Firefox and other browsers, so I think it would be rather easy to create one that fools BadBehaviour At least by the description I read on the official site.

Quote:
Originally Posted by gschaider View Post
About xkcd: it is used in the documentation of real programming languages. You don't have to scroll too far down on http://docs.python.org/library/sqlite3.html
I didn't remember this one... niiiice
wyldckat is offline   Reply With Quote

Old   August 22, 2012, 17:33
Default
  #109
Assistant Moderator
 
Bernhard Gschaider
Join Date: Mar 2009
Posts: 3,915
Rep Power: 40
gschaider will become famous soon enoughgschaider will become famous soon enough
Quote:
Originally Posted by wyldckat View Post
Either BadBehaviour is still not properly configured, or these spammers are using normal browsers. Nowadays it's pretty simple to create a plug-in for Firefox and other browsers, so I think it would be rather easy to create one that fools BadBehaviour At least by the description I read on the official site.
I noticed.

I'll keep it in and update it regularly (BB adapted quite well in the past).

Add some other things too but will avoid any threshold for leggit new users
gschaider is offline   Reply With Quote

Old   August 31, 2012, 08:18
Default
  #110
Assistant Moderator
 
Bernhard Gschaider
Join Date: Mar 2009
Posts: 3,915
Rep Power: 40
gschaider will become famous soon enoughgschaider will become famous soon enough
Quote:
Originally Posted by gschaider View Post
I noticed.

I'll keep it in and update it regularly (BB adapted quite well in the past).

Add some other things too but will avoid any threshold for leggit new users
For those interested: added two blacklist-services. Since then the number of bogus users per day dropped from 10+ to 2-4.

I checked with a dummy account: the user shows up on the RecentChanges as soon as he creates the account. But this doesn't mean that he confirmed his eMail and thus can't edit the pages. I found no easy way to check whether these users confirmed their EMail (without inspecting the database). For the time being I assume that they're not confirmed and all is well (I can live with a low single-digit number of bogus users per day)
wyldckat likes this.
gschaider is offline   Reply With Quote

Old   October 12, 2012, 08:49
Default
  #111
Assistant Moderator
 
Bernhard Gschaider
Join Date: Mar 2009
Posts: 3,915
Rep Power: 40
gschaider will become famous soon enoughgschaider will become famous soon enough
Quote:
Originally Posted by gschaider View Post
For those interested: added two blacklist-services. Since then the number of bogus users per day dropped from 10+ to 2-4.

I checked with a dummy account: the user shows up on the RecentChanges as soon as he creates the account. But this doesn't mean that he confirmed his eMail and thus can't edit the pages. I found no easy way to check whether these users confirmed their EMail (without inspecting the database). For the time being I assume that they're not confirmed and all is well (I can live with a low single-digit number of bogus users per day)
Those bogus users still get created. I'm finished with all measures that do not involve manually verifying users (and I don't want to do that as I want to keep the threshold for new users low).

Not sure how many people are really bothered by these bogus users populating the "Recent Changes"
__________________
Note: I don't use "Friend"-feature on this forum out of principle. Ah. And by the way: I'm not on Facebook either. So don't be offended if I don't accept your invitation/friend request
gschaider is offline   Reply With Quote

Old   October 12, 2012, 10:26
Default
  #112
ngj
Senior Member
 
Niels Gjoel Jacobsen
Join Date: Mar 2009
Location: Deltares, Delft, The Netherlands
Posts: 1,607
Rep Power: 25
ngj will become famous soon enoughngj will become famous soon enough
Hi Bernhard,

I only have friendly changes on the Wiki-page, which I "run".

Have a nice weekend

Niels
ngj is offline   Reply With Quote

Old   October 12, 2012, 15:38
Default
  #113
Super Moderator
 
Bruno Santos
Join Date: Mar 2009
Location: Lisbon, Portugal
Posts: 8,301
Blog Entries: 34
Rep Power: 84
wyldckat is just really nicewyldckat is just really nicewyldckat is just really nicewyldckat is just really nice
Greetings to all!

Quote:
Originally Posted by gschaider View Post
Those bogus users still get created. I'm finished with all measures that do not involve manually verifying users (and I don't want to do that as I want to keep the threshold for new users low).

Not sure how many people are really bothered by these bogus users populating the "Recent Changes"
Well... I keep track of changes using an RSS reader... which gets a bit annoying at times to have to delete the dummy posts from the RSS reader...

Anyway, I forgot to mention this before, but by what I've seen, Bad Behaviour seems to be acting like it has Alzheimer's or something like that!
I say this because there have been days where only one or two dummy users appeared and it seemed to be because at least two real wiki users edited pages! For a single day, Bad Behaviour could tell apart between good guys and bad guys! As soon as a new day starts (or 24h goes by), there they come again...

Best regards,
Bruno
wyldckat is offline   Reply With Quote

Old   October 12, 2012, 18:37
Default
  #114
Assistant Moderator
 
Bernhard Gschaider
Join Date: Mar 2009
Posts: 3,915
Rep Power: 40
gschaider will become famous soon enoughgschaider will become famous soon enough
Quote:
Originally Posted by wyldckat View Post
Greetings to all!


Well... I keep track of changes using an RSS reader... which gets a bit annoying at times to have to delete the dummy posts from the RSS reader...

Anyway, I forgot to mention this before, but by what I've seen, Bad Behaviour seems to be acting like it has Alzheimer's or something like that!
I say this because there have been days where only one or two dummy users appeared and it seemed to be because at least two real wiki users edited pages! For a single day, Bad Behaviour could tell apart between good guys and bad guys! As soon as a new day starts (or 24h goes by), there they come again...

Best regards,
Bruno
That would of course assume that there is always the same number of attempts at the site each day. Which I'm not sure if there is.

Anyway. It is not only Bad Behaviour. There are also two blacklist extensions (Project Honeypot and another). The question you all love. SimpleAntiSpam-extension. And a couple of settings that should make the bots slower. (only thing I haven't tried is http://www.mediawiki.org/wiki/Extension:AntiBot)

I once had a look at the pseudo-users and their IPs they came from. Never saw an IP twice (not even similar). The only thing that would block most of them would not allowing any connections from China. But that would be a bit extreme I think

Only way to clean the "Recent Changes"-history would be to regularily use the "Merge and Delete Users"-extension to "merge away" the dummy-users. But that would have to be done 24/7 ...

As long as the users are created but they can not edit it is not that bad. And as I said above: if people have to wait for a manual confirmation to register I'd think "that the terrorists won"
__________________
Note: I don't use "Friend"-feature on this forum out of principle. Ah. And by the way: I'm not on Facebook either. So don't be offended if I don't accept your invitation/friend request
gschaider is offline   Reply With Quote

Old   October 13, 2012, 10:34
Default
  #115
Senior Member
 
akidess's Avatar
 
Anton Kidess
Join Date: May 2009
Location: Delft, Netherlands
Posts: 919
Rep Power: 17
akidess will become famous soon enough
Quote:
Originally Posted by gschaider View Post
Not sure how many people are really bothered by these bogus users populating the "Recent Changes"
I have the same issue as Bruno with the RSS reader. Is there a setting to hide user creations from Recent Changes?
__________________
*On twitter @akidTwit
*Spend as much time formulating your questions as you expect people to spend on their answer.
*Help define the OpenFOAM stackexchange Q&A site: http://area51.stackexchange.com/prop...oam-technology
akidess is offline   Reply With Quote

Old   October 14, 2012, 17:41
Default
  #116
Assistant Moderator
 
Bernhard Gschaider
Join Date: Mar 2009
Posts: 3,915
Rep Power: 40
gschaider will become famous soon enoughgschaider will become famous soon enough
Quote:
Originally Posted by akidess View Post
I have the same issue as Bruno with the RSS reader. Is there a setting to hide user creations from Recent Changes?
I'll look around whether there is an extension similar to http://www.mediawiki.org/wiki/Extens...tRecentChanges that produces a cruft-free RSS
akidess likes this.
__________________
Note: I don't use "Friend"-feature on this forum out of principle. Ah. And by the way: I'm not on Facebook either. So don't be offended if I don't accept your invitation/friend request
gschaider is offline   Reply With Quote

Old   October 18, 2012, 10:02
Default
  #117
Assistant Moderator
 
Bernhard Gschaider
Join Date: Mar 2009
Posts: 3,915
Rep Power: 40
gschaider will become famous soon enoughgschaider will become famous soon enough
Quote:
Originally Posted by gschaider View Post
I'll look around whether there is an extension similar to http://www.mediawiki.org/wiki/Extens...tRecentChanges that produces a cruft-free RSS
OK. This doesn't work (my MySQL is too new for this extension). But I installed another extension (http://www.mediawiki.org/wiki/Extension:News) that has the latest changes http://openfoamwiki.net/index.php/Changes and can be accessed via an RSS-feed http://openfoamwiki.net/index.php?ti...anges&feed=rss (no user additions)

Don't know if with some template-trickery this can be made to look similar to RecentChanges (With new/type/old_len/new_len/minor described in http://www.mediawiki.org/wiki/Extension:News#Parameters) or at least be a bit more informative about the type of change done. I'll see whether the community of RSS-users (I'm looking in no particular direction, Anton) improves the feed. Then I'll write lock it and put a reference to it on the front page
wyldckat and akidess like this.
__________________
Note: I don't use "Friend"-feature on this forum out of principle. Ah. And by the way: I'm not on Facebook either. So don't be offended if I don't accept your invitation/friend request
gschaider is offline   Reply With Quote

Old   October 19, 2012, 09:38
Default
  #118
Senior Member
 
akidess's Avatar
 
Anton Kidess
Join Date: May 2009
Location: Delft, Netherlands
Posts: 919
Rep Power: 17
akidess will become famous soon enough
I like it, thanks for your efforts Bernhard! I played around a bit with the parameters, but I think you already found the optimal setup.

- Anton
__________________
*On twitter @akidTwit
*Spend as much time formulating your questions as you expect people to spend on their answer.
*Help define the OpenFOAM stackexchange Q&A site: http://area51.stackexchange.com/prop...oam-technology
akidess is offline   Reply With Quote

Old   October 19, 2012, 15:24
Default
  #119
Super Moderator
 
Bruno Santos
Join Date: Mar 2009
Location: Lisbon, Portugal
Posts: 8,301
Blog Entries: 34
Rep Power: 84
wyldckat is just really nicewyldckat is just really nicewyldckat is just really nicewyldckat is just really nice
Bernhard, I know that Perfect is the enemy of good, but I wonder if the bots would stop registering dummy users if the "Special:RecentChanges" page was now disabled...
wyldckat is offline   Reply With Quote

Old   October 19, 2012, 18:43
Default
  #120
Assistant Moderator
 
Bernhard Gschaider
Join Date: Mar 2009
Posts: 3,915
Rep Power: 40
gschaider will become famous soon enoughgschaider will become famous soon enough
Quote:
Originally Posted by akidess View Post
I like it, thanks for your efforts Bernhard! I played around a bit with the parameters, but I think you already found the optimal setup.
Well I improved it a bit (using an extension that I installed some time ago) to distinguish between edits and other changes
__________________
Note: I don't use "Friend"-feature on this forum out of principle. Ah. And by the way: I'm not on Facebook either. So don't be offended if I don't accept your invitation/friend request
gschaider is offline   Reply With Quote

Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On


LinkBacks (?)
LinkBack to this Thread: http://www.cfd-online.com/Forums/openfoam/60855-wiki.html
Posted By For Type Date
OpenFOAMWiki This thread Refback July 16, 2012 04:06

Similar Threads
Thread Thread Starter Forum Replies Last Post
Wiki iyer_arvind OpenFOAM Running, Solving & CFD 1 July 26, 2007 02:12
Wiki Dan Main CFD Forum 1 February 4, 2007 19:14
CFD-Wiki - We Need Your Help! Jonas Larsson Main CFD Forum 5 May 12, 2006 08:25
CFD Wiki - We Need More Help! Jonas Larsson Main CFD Forum 0 September 26, 2005 08:11
CFD Wiki - We Need More Help Jonas Larsson Main CFD Forum 13 September 13, 2005 17:36


All times are GMT -4. The time now is 05:31.