[Systems] Wiki spam attack.

Frederick Grose fgrose at sugarlabs.org
Wed May 11 14:36:26 EDT 2016


On Wed, May 11, 2016 at 1:57 PM, Chris Leonard <cjlhomeaddress at gmail.com>
wrote:

> On Wed, May 11, 2016 at 1:05 PM, Samuel Cantero <scanterog at gmail.com>
> wrote:
> > Chris do you have the usernames? That could be of help.
> >
> > If I recall correctly, lately the only way to get a wiki user is
> requesting
> > one.
>
> My concern is that somehow these users seem to be getting around that.
> It starts with a few probes then turns into a flood.


​Looking at the logs, this latest, 10 May 2016, spam attack started at
11:43 and ended at 13:15 after 5 new accounts were created and 6 files were
uploaded.  These were cleared on 11 May.

The last similar attack was on 23 March 2016 and lasted 15 minutes with 1
new account and 12 files uploaded and associated pages created.  These were
cleared on 25 March.

I suspect that new OpenID accounts are responsible as new normal wiki
accounts have required administrator creation for many months or a couple
of years now.

Forcing automated account creation to OpenID had stopped massive spam
account creation attacks over the last few years, but this authentication
method has stalled in development, been compromised, and has been
deprecated elsewhere.   We should now probably close new Sugar Labs wiki
account creation by OpenID (looking to Bernie) and, if necessary, ask
existing OpenID users to request standard accounts from administrators.

      --Fred
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sugarlabs.org/archive/systems/attachments/20160511/dd2028e6/attachment.html>


More information about the Systems mailing list