[SAC] [OSGeo] #1659: https://geos.osgeo.org shows GRASS homepage

#1659: https://geos.osgeo.org shows GRASS homepage
---------------------------+-----------------------
Reporter: strk | Owner: sac@…
     Type: task | Status: new
Priority: normal | Milestone:
Component: Systems Admin | Keywords: geos, web
---------------------------+-----------------------
For some reason https://geos.osgeo.org shows the GRASS homepage.
http (no SSL) is fine.

--
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/1659&gt;
OSGeo <http://www.osgeo.org/&gt;
OSGeo committee and general foundation issue tracker.

#1659: https://geos.osgeo.org shows GRASS homepage
---------------------------+--------------------
Reporter: strk | Owner: sac@…
     Type: task | Status: new
Priority: normal | Milestone:
Component: Systems Admin | Resolution:
Keywords: geos, web |
---------------------------+--------------------

Comment (by strk):

still happening

--
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/1659#comment:1&gt;
OSGeo <http://www.osgeo.org/&gt;
OSGeo committee and general foundation issue tracker.

#1659: https://geos.osgeo.org shows GRASS homepage
---------------------------+--------------------
Reporter: strk | Owner: sac@…
     Type: task | Status: new
Priority: normal | Milestone:
Component: Systems Admin | Resolution:
Keywords: geos, web |
---------------------------+--------------------

Comment (by wildintellect):

Added an ssl section to the config since it's an *.osgeo can use our cert.
Please test, verify it does what you expect and then close the ticket.

--
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/1659#comment:2&gt;
OSGeo <http://www.osgeo.org/&gt;
OSGeo committee and general foundation issue tracker.

#1659: https://geos.osgeo.org shows GRASS homepage
---------------------------+---------------------
Reporter: strk | Owner: sac@…
     Type: task | Status: closed
Priority: normal | Milestone:
Component: Systems Admin | Resolution: fixed
Keywords: geos, web |
---------------------------+---------------------
Changes (by strk):

* status: new => closed
* resolution: => fixed

Comment:

Thanks, works now.

--
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/1659#comment:3&gt;
OSGeo <http://www.osgeo.org/&gt;
OSGeo committee and general foundation issue tracker.

At time trac is rather unresponsive!

So, posted here since I cann edit the ticket:

I tried to change the embedded images on that GEOS page to https for
full SSL certificate support but got "wiped out":

"Submission rejected as potential spam
    BlogSpam says content is spam (Too many links, found 14 max is 10
[50-lotsaurls.js])
    Maximum number of external links per post exceeded"

GEOS trac admins, please...

Markus

On 05/08/2016 01:33 PM, Markus Neteler wrote:

At time trac is rather unresponsive!

So, posted here since I cann edit the ticket:

I tried to change the embedded images on that GEOS page to https for
full SSL certificate support but got "wiped out":

"Submission rejected as potential spam
    BlogSpam says content is spam (Too many links, found 14 max is 10
[50-lotsaurls.js])
    Maximum number of external links per post exceeded"

GEOS trac admins, please...

Markus

Sandro says that those debbie images aren't available over https yet
anyways. debbie.postgis.net needs an SSL cert 1st.

But thanks for the report, there's going to be some learning time
getting these spam filters adjusted to not get in the way too much but
still keep us clean.

PS: Should we just add most core SAC members as a TRAC_ADMIN group on
all the tracs?

Thanks,
Alex

On Sun, May 08, 2016 at 10:33:51PM +0200, Markus Neteler wrote:

At time trac is rather unresponsive!

Today we are having another kind of attack (frequent requests for
big files). I added fail2ban rules to reduce that problem.

So, posted here since I cann edit the ticket:

I tried to change the embedded images on that GEOS page to https for
full SSL certificate support but got "wiped out":

"Submission rejected as potential spam
    BlogSpam says content is spam (Too many links, found 14 max is 10
[50-lotsaurls.js])
    Maximum number of external links per post exceeded"

Interesting, and how many links did you change ?
With current configuration you got 1 karma point for being
authenticated, -5 for the too-many-links BlogSpam (14/10)
and -7 for maximum number of external links per post,
totalling -11.

The default karma point for authenticated was 20, but no spam
was ever cought. How did you change the GRASS one ?

GEOS trac admins, please...

We'll have to find a balance. Rember that last week authenticated
users were simply not given the possibility to edit pages.

The monitor shows me you were blocked twice, with the score -11
but does not give me a way to look at the changes (could have been
interesting).

I don't know if reporting your changes as "ham" would be a good
training or a bad one as I don't know if the bayes filter would
be fed with the whole content or just the diff. Surely WikiStart
isn't a good example of a normal page, with all those links...

--strk;

On Sun, May 08, 2016 at 01:49:09PM -0700, Alex Mandel wrote:

On 05/08/2016 01:33 PM, Markus Neteler wrote:

> I tried to change the embedded images on that GEOS page to https for

Sandro says that those debbie images aren't available over https yet
anyways. debbie.postgis.net needs an SSL cert 1st.

For the record: #3540 (Enable https for winnie/debbie) – PostGIS

--strk;

On Sun, May 8, 2016 at 10:55 PM, Sandro Santilli <strk@keybit.net> wrote:

On Sun, May 08, 2016 at 10:33:51PM +0200, Markus Neteler wrote:

At time trac is rather unresponsive!

Today we are having another kind of attack (frequent requests for
big files). I added fail2ban rules to reduce that problem.

So, posted here since I cann edit the ticket:

I tried to change the embedded images on that GEOS page to https for
full SSL certificate support but got "wiped out":

"Submission rejected as potential spam
    BlogSpam says content is spam (Too many links, found 14 max is 10
[50-lotsaurls.js])
    Maximum number of external links per post exceeded"

Interesting, and how many links did you change ?

maybe 3...

With current configuration you got 1 karma point for being
authenticated, -5 for the too-many-links BlogSpam (14/10)
and -7 for maximum number of external links per post,
totalling -11.

w00t

The default karma point for authenticated was 20, but no spam
was ever cought. How did you change the GRASS one ?

During the last 24hs I was managing the spam stuff on the respective
"monitoring" page, also approving a few "hams".

GEOS trac admins, please...

We'll have to find a balance. Rember that last week authenticated
users were simply not given the possibility to edit pages.

I just tried to help. Not having the admin rights in the geos trac I
could not turn my edit to ham.
So I have to pass the ball along.

The monitor shows me you were blocked twice, with the score -11
but does not give me a way to look at the changes (could have been
interesting).

I have no clue because my session got eaten.

I don't know if reporting your changes as "ham" would be a good
training or a bad one as I don't know if the bayes filter would
be fed with the whole content or just the diff. Surely WikiStart
isn't a good example of a normal page, with all those links...

No idea...

Markus

On Sun, May 08, 2016 at 10:59:44PM +0200, Markus Neteler wrote:

On Sun, May 8, 2016 at 10:55 PM, Sandro Santilli <strk@keybit.net> wrote:
> On Sun, May 08, 2016 at 10:33:51PM +0200, Markus Neteler wrote:
>> At time trac is rather unresponsive!
>
> Today we are having another kind of attack (frequent requests for
> big files). I added fail2ban rules to reduce that problem.
>
>> So, posted here since I cann edit the ticket:
>>
>> I tried to change the embedded images on that GEOS page to https for
>> full SSL certificate support but got "wiped out":
>>
>> "Submission rejected as potential spam
>> BlogSpam says content is spam (Too many links, found 14 max is 10
>> [50-lotsaurls.js])
>> Maximum number of external links per post exceeded"
>
> Interesting, and how many links did you change ?

maybe 3...

Uhm, so BlogSpam doesn't check the diff but the whole page

> The default karma point for authenticated was 20, but no spam
> was ever cought. How did you change the GRASS one ?

During the last 24hs I was managing the spam stuff on the respective
"monitoring" page, also approving a few "hams".

Did it catch more spam pages ?

I just tried to help. Not having the admin rights in the geos trac I
could not turn my edit to ham.
So I have to pass the ball along.

Thanks ! I made you SPAM_ADMIN now, it would also be interesting
to see if with the new status you'll pass as ham or not (if you want
to try).

--strk;

On Sun, May 8, 2016 at 11:03 PM, Sandro Santilli <strk@keybit.net> wrote:

On Sun, May 08, 2016 at 10:59:44PM +0200, Markus Neteler wrote:

maybe 3...

Uhm, so BlogSpam doesn't check the diff but the whole page

Indeed, that's what I thought.

> The default karma point for authenticated was 20, but no spam
> was ever cought. How did you change the GRASS one ?

During the last 24hs I was managing the spam stuff on the respective
"monitoring" page, also approving a few "hams".

Did it catch more spam pages ?

Yes, yesterday.

I just tried to help. Not having the admin rights in the geos trac I
could not turn my edit to ham.
So I have to pass the ball along.

Thanks ! I made you SPAM_ADMIN now,

thx

it would also be interesting
to see if with the new status you'll pass as ham or not (if you want
to try).

I can try but you said that the needed img https does not exist...

Markus

On Sun, May 8, 2016 at 11:14 PM, Markus Neteler <neteler@osgeo.org> wrote:

I can try but you said that the needed img https does not exist...

Now I changed one PNG only to https and saved:

"Your changes have been saved in version 122. "

Then, on the monitoring page I approved that one as ham and deleted
(without spam/ham classification) my previous attempts.

Looks ok at time.

Markus