Spammers are back flooding trac, was the OSGeo Userid registration
form re-enabled ? Or these users must have been sitting there in wait
for a long time!
An updated list of offending accounts can be extracted from
the script I'm using to cleanup instances on trac.osgeo.org:
grep '^(' /var/www/trac/emergency_clean.sql
Could someone please block/ban those users ?
--strk;
It was re-enabled with Recaptcha implemented. Would be good to see the
logs to figure out if the registration is still being used or if these
are pre-existing spam accounts.
Is it all Trac instances or specific ones? I disabled authenticated
permissions on Ubuntugis a few days ago, and that seems to kill the
posting, while we query and find all the spam account names. Maybe that
needs to happen for all the Trac instances for a few hours.
The trac-admin command line turns out to be pretty good for this,
including killing sessions.
Examples:
See the sessions
trac-admin /osgeo/trac/ubuntugis/ session list
Make a list of users from the results and pipe it to the session delete
trac-admin /osgeo/trac/ubuntugis/ session delete baduser1 baduser2
Look up the permissions (Save a copy so you can tell what to put back later)
trac-admin /osgeo/trac/ubuntugis/ permission list
Lockout everyone but admins from making edits
trac-admin /osgeo/trac/ubuntugis/ permission delete authenticated '*'
Take the list of badusers and pass it to Martin to remove from LDAP (we
could come up with a better way to do this). It would be nice to
actually dump those records first so we can look for patterns in IP,
email etc.
Thanks,
Alex
On 05/02/2016 05:45 PM, Sandro Santilli wrote:
Spammers are back flooding trac, was the OSGeo Userid registration
form re-enabled ? Or these users must have been sitting there in wait
for a long time!An updated list of offending accounts can be extracted from
the script I'm using to cleanup instances on trac.osgeo.org:grep '^(' /var/www/trac/emergency_clean.sql
Could someone please block/ban those users ?
--strk;
On Mon, May 02, 2016 at 11:45:49PM +0200, Sandro Santilli wrote:
Could someone please block/ban those users ?
I made sure to remove these user accounts from OSGeo LDAP - but note
that there are thousands of accounts of this sort.
Cheers,
Martin.
--
Unix _IS_ user friendly - it's just selective about who its friends are !
--------------------------------------------------------------------------
On Mon, May 02, 2016 at 09:02:40PM -0400, Alex M wrote:
Is it all Trac instances or specific ones?
Authenticated session from the offending accounts occurred
in postgis and ubuntugis. Edits were only in PostGIS due to
your blocking UbuntuGIS before.
The trac-admin command line turns out to be pretty good for this,
including killing sessions.
I'm using a possibly dangerous but effective script that from
a list of known spammers removes anything authored by them.
I guess it could be improved to limit the deletion within a certain
amount of time. The script is in /var/www/trac/emergency_clean.sql
and put under a local git repo.
Examples:
See the sessions
trac-admin /osgeo/trac/ubuntugis/ session list
Make a list of users from the results and pipe it to the session delete
trac-admin /osgeo/trac/ubuntugis/ session delete baduser1 baduser2
Look up the permissions (Save a copy so you can tell what to put back later)
trac-admin /osgeo/trac/ubuntugis/ permission list
Lockout everyone but admins from making edits
trac-admin /osgeo/trac/ubuntugis/ permission delete authenticated '*'
Thanks, this is useful.
The script additionally (but with manual edit) lets you get a list of
the first 10 characters in wiki edits to verify they are all spam.
Take the list of badusers and pass it to Martin to remove from LDAP (we
could come up with a better way to do this). It would be nice to
actually dump those records first so we can look for patterns in IP,
email etc.
+1 for dumping them first.
Or having a way to put them "on hold" (ie: disallow logging in while
still keeping them in the db), but it may be harder due to the
different ways services might be querying the db for who has
permissions.
--strk;
On Tue, May 03, 2016 at 06:55:48AM +0200, Martin Spott wrote:
On Mon, May 02, 2016 at 11:45:49PM +0200, Sandro Santilli wrote:
> Could someone please block/ban those users ?
I made sure to remove these user accounts from OSGeo LDAP - but note
that there are thousands of accounts of this sort.
I've just added 3 more to my script:
andybot651
kevin24by7
sese
Maybe we could figure out these kind of accounts by looking for
"last access". Is there a way to determine when was an account
last used on any service ? We could block all those which were
unused for over 1 year (for example).
--strk;
On Tue, May 03, 2016 at 09:32:11AM +0200, Sandro Santilli wrote:
On Tue, May 03, 2016 at 06:55:48AM +0200, Martin Spott wrote:
> On Mon, May 02, 2016 at 11:45:49PM +0200, Sandro Santilli wrote:
>
> > Could someone please block/ban those users ?
>
> I made sure to remove these user accounts from OSGeo LDAP - but note
> that there are thousands of accounts of this sort.I've just added 3 more to my script:
andybot651
kevin24by7
sese
Another two:
googlerocks
juliet
Could we maybe make it easier for SAC members to put such users
on block via some ldap commandline ?
--strk;
On Tue, May 03, 2016 at 03:09:34PM +0200, Sandro Santilli wrote:
On Tue, May 03, 2016 at 09:32:11AM +0200, Sandro Santilli wrote:
> On Tue, May 03, 2016 at 06:55:48AM +0200, Martin Spott wrote:
> > On Mon, May 02, 2016 at 11:45:49PM +0200, Sandro Santilli wrote:
> >
> > > Could someone please block/ban those users ?
> >
> > I made sure to remove these user accounts from OSGeo LDAP - but note
> > that there are thousands of accounts of this sort.
>
> I've just added 3 more to my script:
>
> andybot651
> kevin24by7
> seseAnother two:
googlerocks
juliet
And these four:
andrusmith3
harsh123
mozillanine
ram013
They are still hitting, but I've no way to see if they
are new or old accounts (no sudo on www.osgeo.org).
--strk;
On Tue, May 03, 2016 at 06:03:10PM +0200, Sandro Santilli wrote:
On Tue, May 03, 2016 at 03:09:34PM +0200, Sandro Santilli wrote:
> On Tue, May 03, 2016 at 09:32:11AM +0200, Sandro Santilli wrote:
> > On Tue, May 03, 2016 at 06:55:48AM +0200, Martin Spott wrote:
> > > On Mon, May 02, 2016 at 11:45:49PM +0200, Sandro Santilli wrote:
> > >
> > > > Could someone please block/ban those users ?
> > >
> > > I made sure to remove these user accounts from OSGeo LDAP - but note
> > > that there are thousands of accounts of this sort.
> >
> > I've just added 3 more to my script:
> >
> > andybot651
> > kevin24by7
> > sese
>
> Another two:
>
> googlerocks
> julietAnd these four:
andrusmith3
harsh123
mozillanine
ram013
And these:
googlemails
madhav
neha
pritam8953
suraj00998
--strk;
Removed these from OSGeo LDAP:
andybot651
kevin24by7
sese
googlerocks
juliet
andrusmith3
harsh123
mozillanine
ram013
googlemails
madhav
neha
pritam8953
suraj00998
Martin.
--
Unix _IS_ user friendly - it's just selective about who its friends are !
--------------------------------------------------------------------------
Please also drop (or maybe better "block?") the following.
For simplicity I'm using the format returned by "git diff"
under /var/www/trac, where I'm keeping the script to spot
and clean up after the spammers. It's also useful to see
trailing spaces, as for the 'vipin122 ' case:
+('happy1433'),
+('sumitra1922'),
+('mikee4444'),
+('dinesh01'),
+('anisingh1'),
+('cathybrooks26'),
+('googlegmails'),
+('jamesparkar'),
+('larrypagee'),
+('pannira'),
+('sabko10'),
+('samarsingh'),
+('sommskeeee'),
+('stysingh28'),
+('user01'),
+('vipin122 '),
+('bkattyperry'),
+('jaddu'),
Thank you
--strk;
On Tue, May 03, 2016 at 06:34:26PM +0200, Martin Spott wrote:
Removed these from OSGeo LDAP:
andybot651
kevin24by7
sese
googlerocks
juliet
andrusmith3
harsh123
mozillanine
ram013
googlemails
madhav
neha
pritam8953
suraj00998Martin.
--
Unix _IS_ user friendly - it's just selective about who its friends are !
--------------------------------------------------------------------------
_______________________________________________
Sac mailing list
Sac@lists.osgeo.org
Sac Info Page
And these:
+('0932810086'),
+('8527487633'),
+('dabbu'),
+('ishagupta'),
+('mikee4444'),
+('shivam'),
+('supportss'),
--strk;
On Tue, May 03, 2016 at 06:38:07PM +0200, Sandro Santilli wrote:
Please also drop (or maybe better "block?") the following.
For simplicity I'm using the format returned by "git diff"
under /var/www/trac, where I'm keeping the script to spot
and clean up after the spammers. It's also useful to see
trailing spaces, as for the 'vipin122 ' case:+('happy1433'),
+('sumitra1922'),
+('mikee4444'),
+('dinesh01'),
+('anisingh1'),
+('cathybrooks26'),
+('googlegmails'),
+('jamesparkar'),
+('larrypagee'),
+('pannira'),
+('sabko10'),
+('samarsingh'),
+('sommskeeee'),
+('stysingh28'),
+('user01'),
+('vipin122 '),
+('bkattyperry'),
+('jaddu'),Thank you
--strk;
On Tue, May 03, 2016 at 06:34:26PM +0200, Martin Spott wrote:
> Removed these from OSGeo LDAP:
>
> andybot651
> kevin24by7
> sese
> googlerocks
> juliet
> andrusmith3
> harsh123
> mozillanine
> ram013
> googlemails
> madhav
> neha
> pritam8953
> suraj00998
>
>
> Martin.
> --
> Unix _IS_ user friendly - it's just selective about who its friends are !
> --------------------------------------------------------------------------
> _______________________________________________
> Sac mailing list
> Sac@lists.osgeo.org
> Sac Info Page
And:
+('peter123'),
+('18776992158'),
+('9450345788'),
+('gmail1'),
+('jiya013'),
+('mahi1111'),
+('mpbabu'),
+('sachin123'),
--strk;
On Tue, May 03, 2016 at 06:51:38PM +0200, Sandro Santilli wrote:
And these:
+('0932810086'),
+('8527487633'),
+('dabbu'),
+('ishagupta'),
+('mikee4444'),
+('shivam'),
+('supportss'),--strk;
On Tue, May 03, 2016 at 06:38:07PM +0200, Sandro Santilli wrote:
> Please also drop (or maybe better "block?") the following.
> For simplicity I'm using the format returned by "git diff"
> under /var/www/trac, where I'm keeping the script to spot
> and clean up after the spammers. It's also useful to see
> trailing spaces, as for the 'vipin122 ' case:
>
> +('happy1433'),
> +('sumitra1922'),
> +('mikee4444'),
> +('dinesh01'),
> +('anisingh1'),
> +('cathybrooks26'),
> +('googlegmails'),
> +('jamesparkar'),
> +('larrypagee'),
> +('pannira'),
> +('sabko10'),
> +('samarsingh'),
> +('sommskeeee'),
> +('stysingh28'),
> +('user01'),
> +('vipin122 '),
> +('bkattyperry'),
> +('jaddu'),
>
> Thank you
>
> --strk;
>
> On Tue, May 03, 2016 at 06:34:26PM +0200, Martin Spott wrote:
> > Removed these from OSGeo LDAP:
> >
> > andybot651
> > kevin24by7
> > sese
> > googlerocks
> > juliet
> > andrusmith3
> > harsh123
> > mozillanine
> > ram013
> > googlemails
> > madhav
> > neha
> > pritam8953
> > suraj00998
> >
> >
> > Martin.
> > --
> > Unix _IS_ user friendly - it's just selective about who its friends are !
> > --------------------------------------------------------------------------
> > _______________________________________________
> > Sac mailing list
> > Sac@lists.osgeo.org
> > Sac Info Page
And:
+('ravi'),
--strk(off-for-today);
On Tue, May 03, 2016 at 07:11:22PM +0200, Sandro Santilli wrote:
And:
+('peter123'),
+('18776992158'),
+('9450345788'),
+('gmail1'),
+('jiya013'),
+('mahi1111'),
+('mpbabu'),
+('sachin123'),--strk;
On Tue, May 03, 2016 at 06:51:38PM +0200, Sandro Santilli wrote:
> And these:
>
> +('0932810086'),
> +('8527487633'),
> +('dabbu'),
> +('ishagupta'),
> +('mikee4444'),
> +('shivam'),
> +('supportss'),
>
> --strk;
>
> On Tue, May 03, 2016 at 06:38:07PM +0200, Sandro Santilli wrote:
> > Please also drop (or maybe better "block?") the following.
> > For simplicity I'm using the format returned by "git diff"
> > under /var/www/trac, where I'm keeping the script to spot
> > and clean up after the spammers. It's also useful to see
> > trailing spaces, as for the 'vipin122 ' case:
> >
> > +('happy1433'),
> > +('sumitra1922'),
> > +('mikee4444'),
> > +('dinesh01'),
> > +('anisingh1'),
> > +('cathybrooks26'),
> > +('googlegmails'),
> > +('jamesparkar'),
> > +('larrypagee'),
> > +('pannira'),
> > +('sabko10'),
> > +('samarsingh'),
> > +('sommskeeee'),
> > +('stysingh28'),
> > +('user01'),
> > +('vipin122 '),
> > +('bkattyperry'),
> > +('jaddu'),
> >
> > Thank you
> >
> > --strk;
> >
> > On Tue, May 03, 2016 at 06:34:26PM +0200, Martin Spott wrote:
> > > Removed these from OSGeo LDAP:
> > >
> > > andybot651
> > > kevin24by7
> > > sese
> > > googlerocks
> > > juliet
> > > andrusmith3
> > > harsh123
> > > mozillanine
> > > ram013
> > > googlemails
> > > madhav
> > > neha
> > > pritam8953
> > > suraj00998
> > >
> > >
> > > Martin.
> > > --
> > > Unix _IS_ user friendly - it's just selective about who its friends are !
> > > --------------------------------------------------------------------------
> > > _______________________________________________
> > > Sac mailing list
> > > Sac@lists.osgeo.org
> > > Sac Info Page
On Tue, May 03, 2016 at 08:04:24PM +0200, Sandro Santilli wrote:
And:
These have been removed from OSGeo LDAP.
I'll try to come up with a more convenient command line solution this
weekend, until then I'll be at your service as time permits.
Cheers,
Martin.
--
Unix _IS_ user friendly - it's just selective about who its friends are !
--------------------------------------------------------------------------
Hi Martin -
you may be interested to see the work of Klaus U. Komp, President of the Advisory Board, EFTAS Remote Sensing, Muenster, Germany .. he wrote a paper called
HIGH RESOLUTION GLOBAL LAND COVER/LAND USE MAPPING ,
CURRENT STATUS AND UPCOMING TRENDS
for the ISPRS WG IV/2 Workshop “Global Geospatial Information and High Resolution Global Land Cover/Land Use Mapping”,
April 21, 2015, Novosibirsk, Russian Federation
best regards from Berkeley, California
-- Brian M Hamlin
Le mardi 03 mai 2016 23:02:45, Martin Spott a écrit :
On Tue, May 03, 2016 at 08:04:24PM +0200, Sandro Santilli wrote:
> And:
These have been removed from OSGeo LDAP.
I'll try to come up with a more convenient command line solution this
weekend, until then I'll be at your service as time permits.
GDAL wiki just got spammed by "shadabmallick" 4 times in 5 minutes. Sigh...
From my memories, it seems the spam contains the names "notron", "adnap",
"eefacm", "gva" (I wrote them in reverse order to avoid undue advertizing) +
"antivirus". Wondering if there's a way to have a blacklist of words
disallowed in wiki pages ? We don't care about antivirus, do we ?
Cheers,
Martin.
--
Spatialys - Geospatial professional services
http://www.spatialys.com
On Wed, May 04, 2016 at 10:04:06AM +0200, Even Rouault wrote:
Le mardi 03 mai 2016 23:02:45, Martin Spott a écrit :
> On Tue, May 03, 2016 at 08:04:24PM +0200, Sandro Santilli wrote:
> > And:
> These have been removed from OSGeo LDAP.
> I'll try to come up with a more convenient command line solution this
> weekend, until then I'll be at your service as time permits.GDAL wiki just got spammed by "shadabmallick" 4 times in 5 minutes. Sigh...
From my memories, it seems the spam contains the names "notron", "adnap",
"eefacm", "gva" (I wrote them in reverse order to avoid undue advertizing) +
"antivirus". Wondering if there's a way to have a blacklist of words
disallowed in wiki pages ? We don't care about antivirus, do we ?
I'm using SQL words matching to find spammers for blocking and
cleaning. Maybe I could try using table constraints to completely
forbid creating such pages. Not sure how trac code would react
to such constraint determined failures. If you want to test
ping me in #telascience and we can play with that idea.
Also, consider filing a trac ticket as there are so many things going
on that's easy to loose track of something.
--strk;
Le mercredi 04 mai 2016 10:20:49, Sandro Santilli a écrit :
On Wed, May 04, 2016 at 10:04:06AM +0200, Even Rouault wrote:
> Le mardi 03 mai 2016 23:02:45, Martin Spott a écrit :
> > On Tue, May 03, 2016 at 08:04:24PM +0200, Sandro Santilli wrote:
> > > And:
> > These have been removed from OSGeo LDAP.
> > I'll try to come up with a more convenient command line solution this
> > weekend, until then I'll be at your service as time permits.
>
> GDAL wiki just got spammed by "shadabmallick" 4 times in 5 minutes.
> Sigh... From my memories, it seems the spam contains the names "notron",
> "adnap", "eefacm", "gva" (I wrote them in reverse order to avoid undue
> advertizing) + "antivirus". Wondering if there's a way to have a
> blacklist of words disallowed in wiki pages ? We don't care about
> antivirus, do we ?I'm using SQL words matching to find spammers for blocking and
cleaning. Maybe I could try using table constraints to completely
forbid creating such pages. Not sure how trac code would react
to such constraint determined failures. If you want to test
ping me in #telascience and we can play with that idea.
Instead of custom solutions, what about installing
https://trac.edgewall.org/wiki/SpamFilter ? I think this has been mentionned
recently. This would seem to be the appropriate solution. Or at least
something to try.
Also, consider filing a trac ticket as there are so many things going
on that's easy to loose track of something.--strk;
_______________________________________________
Sac mailing list
Sac@lists.osgeo.org
http://lists.osgeo.org/mailman/listinfo/sac
--
Spatialys - Geospatial professional services
http://www.spatialys.com
On Wed, May 04, 2016 at 10:24:39AM +0200, Even Rouault wrote:
Le mercredi 04 mai 2016 10:20:49, Sandro Santilli a écrit :
> On Wed, May 04, 2016 at 10:04:06AM +0200, Even Rouault wrote:
> > Le mardi 03 mai 2016 23:02:45, Martin Spott a écrit :
> > > On Tue, May 03, 2016 at 08:04:24PM +0200, Sandro Santilli wrote:
> > > > And:
> > > These have been removed from OSGeo LDAP.
> > > I'll try to come up with a more convenient command line solution this
> > > weekend, until then I'll be at your service as time permits.
> >
> > GDAL wiki just got spammed by "shadabmallick" 4 times in 5 minutes.
> > Sigh... From my memories, it seems the spam contains the names "notron",
> > "adnap", "eefacm", "gva" (I wrote them in reverse order to avoid undue
> > advertizing) + "antivirus". Wondering if there's a way to have a
> > blacklist of words disallowed in wiki pages ? We don't care about
> > antivirus, do we ?
>
> I'm using SQL words matching to find spammers for blocking and
> cleaning. Maybe I could try using table constraints to completely
> forbid creating such pages. Not sure how trac code would react
> to such constraint determined failures. If you want to test
> ping me in #telascience and we can play with that idea.Instead of custom solutions, what about installing
SpamFilter – The Trac Project ? I think this has been mentionned
recently. This would seem to be the appropriate solution. Or at least
something to try.
Could you please see if a ticket for this already exist and, if not,
file one ?
--strk;
On Tue, May 03, 2016 at 11:02:45PM +0200, Martin Spott wrote:
On Tue, May 03, 2016 at 08:04:24PM +0200, Sandro Santilli wrote:
> And:These have been removed from OSGeo LDAP.
I'll try to come up with a more convenient command line solution this
weekend, until then I'll be at your service as time permits.
Today I found these other accounts:
+('dahiyankur'),
+('8009875476'),
+('anshu166'),
+('bolandoe'),
+('dahiyankur'),
+('kumar1212'),
+('mackhill88'),
+('nehajay'),
+('rajababa'),
+('shadabmallick'),
+('turbotax'),
+('wilson91'),
I've put your IRC-mentioned commandline on the wiki:
https://wiki.osgeo.org/wiki/SAC:LDAP#Editing_the_LDAP_database
but it isnt clear to me if a password is always needed or only
from some machines or with some privileges (see the initial paragraph
on the wiki).
--strk;