#1739: Ticket/Wiki vandalism on MapGuide trac
---------------------------+-------------------
Reporter: jng | Owner: sac@…
Type: defect | Status: new
Priority: normal | Milestone:
Component: Systems Admin | Keywords:
---------------------------+-------------------
Someone/something is spamming a whole bunch of junk tickets and wiki
content on the MapGuide trac instance.
https://trac.osgeo.org/mapguide/timeline (see activity of Jun 29, 2016)
I don't seem to have any ability to ban these users or lock down the trac
instance in any way.
Please advise proper procedure/solution ASAP.
--
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/1739>
OSGeo <http://www.osgeo.org/>
OSGeo committee and general foundation issue tracker.
#1739: Ticket/Wiki vandalism on MapGuide trac
---------------------------+--------------------
Reporter: jng | Owner: sac@…
Type: defect | Status: new
Priority: normal | Milestone:
Component: Systems Admin | Resolution:
Keywords: |
---------------------------+--------------------
Comment (by strk):
Please have a read at https://wiki.osgeo.org/wiki/Trac_Instances#Trac_Spam
Then visit the admin panel and mark spam entries as such:
https://trac.osgeo.org/mapguide/admin/spamfilter/monitor
Please do the marking _before_ deleting the entries, so the bayes databas
will have more data to use for next time.
Also keep a list of the spammer users so we can remove/block those
accounts.
Thanks.
--
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/1739#comment:1>
OSGeo <http://www.osgeo.org/>
OSGeo committee and general foundation issue tracker.
#1739: Ticket/Wiki vandalism on MapGuide trac
---------------------------+--------------------
Reporter: jng | Owner: sac@…
Type: defect | Status: new
Priority: normal | Milestone:
Component: Systems Admin | Resolution:
Keywords: |
---------------------------+--------------------
Comment (by jng):
I don't seem to have a spam filter panel on the admin
(https://trac.osgeo.org/mapguide/admin/spamfilter/monitor displays
"Unknown administration panel")
--
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/1739#comment:2>
OSGeo <http://www.osgeo.org/>
OSGeo committee and general foundation issue tracker.
#1739: Ticket/Wiki vandalism on MapGuide trac
---------------------------+--------------------
Reporter: jng | Owner: sac@…
Type: defect | Status: new
Priority: normal | Milestone:
Component: Systems Admin | Resolution:
Keywords: |
---------------------------+--------------------
Comment (by jng):
Here's a list of spam users I've grepped so far:
{{{
5589
Mittchel001
balluji1989
buddhazon
bunty123
dinesh121
emilymorris912
jensi2
johnplay1
millerjuliabel
nagar85
nehashaikh1214
pranay221
seanpenn0903
shamkaruma
singhraghuram19
smmsmie
spyindia12
watpad6
}}}
--
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/1739#comment:3>
OSGeo <http://www.osgeo.org/>
OSGeo committee and general foundation issue tracker.
#1739: Ticket/Wiki vandalism on MapGuide trac
---------------------------+--------------------
Reporter: jng | Owner: sac@…
Type: defect | Status: new
Priority: normal | Milestone:
Component: Systems Admin | Resolution:
Keywords: |
---------------------------+--------------------
Comment (by strk):
You should have the admin panel now. I have added you as SPAM_ADMIN.
Please use with care. Thanks for the list. I'm doing bayes training too.
Please check out the BadContent wiki page (see the wiki link) so we don't
step on each other though...
And consider getting on #telascience IRC channel on freenode for live
coordination
--
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/1739#comment:4>
OSGeo <http://www.osgeo.org/>
OSGeo committee and general foundation issue tracker.
#1739: Ticket/Wiki vandalism on MapGuide trac
---------------------------+--------------------
Reporter: jng | Owner: sac@…
Type: defect | Status: new
Priority: normal | Milestone:
Component: Systems Admin | Resolution:
Keywords: |
---------------------------+--------------------
Comment (by strk):
All the reported users have been removed. I've seen the BadContent page
has been improved, and the bayes database is also much stronger now 
--
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/1739#comment:5>
OSGeo <http://www.osgeo.org/>
OSGeo committee and general foundation issue tracker.
#1739: Ticket/Wiki vandalism on MapGuide trac
---------------------------+--------------------
Reporter: jng | Owner: sac@…
Type: defect | Status: new
Priority: normal | Milestone:
Component: Systems Admin | Resolution:
Keywords: |
---------------------------+--------------------
Comment (by jng):
It's been real interesting watching the timeline shrink and grow as the
spammers/filters battle it out
Thanks for the swift responses.
--
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/1739#comment:6>
OSGeo <http://www.osgeo.org/>
OSGeo committee and general foundation issue tracker.
#1739: Ticket/Wiki vandalism on MapGuide trac
---------------------------+--------------------
Reporter: jng | Owner: sac@…
Type: defect | Status: new
Priority: normal | Milestone:
Component: Systems Admin | Resolution:
Keywords: |
---------------------------+--------------------
Comment (by strk):
ubuntugis is also being hit by some of the same smappers, want to take a
look / help with BadContent ?
The timeline shrinked also due to SQL DELETE statements
--
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/1739#comment:7>
OSGeo <http://www.osgeo.org/>
OSGeo committee and general foundation issue tracker.
#1739: Ticket/Wiki vandalism on MapGuide trac
---------------------------+--------------------
Reporter: jng | Owner: sac@…
Type: defect | Status: new
Priority: normal | Milestone:
Component: Systems Admin | Resolution:
Keywords: |
---------------------------+--------------------
Comment (by jng):
I should actually be asleep now So before I sign off:
I don't think I'm admin on the Fusion trac instance. I think that instance
could also be potentially vulnerable (that instance has no BadContent wiki
page and I can't create wiki pages on that one)
Also some more spam users:
{{{
karan01
khalifa1
}}}
--
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/1739#comment:8>
OSGeo <http://www.osgeo.org/>
OSGeo committee and general foundation issue tracker.
#1739: Ticket/Wiki vandalism on MapGuide trac
---------------------------+---------------------
Reporter: jng | Owner: sac@…
Type: defect | Status: closed
Priority: normal | Milestone:
Component: Systems Admin | Resolution: fixed
Keywords: |
---------------------------+---------------------
Changes (by strk):
* status: new => closed
* resolution: => fixed
Comment:
Those two users are also gone now, and timeline is all clean.
Thanks for your time and for the help you might give to others in your
same situation.
I will make you SPAM_ADMIN on the Fusion trac instance too. File a ticket
if you still cannot create that page when you wake up.
--
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/1739#comment:9>
OSGeo <http://www.osgeo.org/>
OSGeo committee and general foundation issue tracker.
#1739: Ticket/Wiki vandalism on MapGuide trac
---------------------------+---------------------
Reporter: jng | Owner: sac@…
Type: defect | Status: closed
Priority: normal | Milestone:
Component: Systems Admin | Resolution: fixed
Keywords: |
---------------------------+---------------------
Comment (by neteler):
Replying to [comment:5 strk]:
> All the reported users have been removed. I've seen the BadContent page
has been improved,
Could this improved BadContent page be propagated to the other trac
instances?
--
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/1739#comment:10>
OSGeo <http://www.osgeo.org/>
OSGeo committee and general foundation issue tracker.
#1739: Ticket/Wiki vandalism on MapGuide trac
---------------------------+---------------------
Reporter: jng | Owner: sac@…
Type: defect | Status: closed
Priority: normal | Milestone:
Component: Systems Admin | Resolution: fixed
Keywords: |
---------------------------+---------------------
Comment (by strk):
I'd be afraid of overriding some good content found in others.
But I guess a script could be made to pick all distinct lines from all
BadContent pages. Want to file it as a ticket ?
--
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/1739#comment:11>
OSGeo <http://www.osgeo.org/>
OSGeo committee and general foundation issue tracker.
#1739: Ticket/Wiki vandalism on MapGuide trac
---------------------------+-----------------------
Reporter: jng | Owner: sac@…
Type: defect | Status: reopened
Priority: normal | Milestone:
Component: Systems Admin | Resolution:
Keywords: |
---------------------------+-----------------------
Changes (by jng):
* status: closed => reopened
* resolution: fixed =>
Comment:
More spam users to clean out
{{{
joyakn
john11
amskiemee
}}}
--
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/1739#comment:12>
OSGeo <http://www.osgeo.org/>
OSGeo committee and general foundation issue tracker.
#1739: Ticket/Wiki vandalism on MapGuide trac
---------------------------+---------------------
Reporter: jng | Owner: sac@…
Type: defect | Status: closed
Priority: normal | Milestone:
Component: Systems Admin | Resolution: fixed
Keywords: |
---------------------------+---------------------
Changes (by strk):
* status: reopened => closed
* resolution: => fixed
Comment:
Users removed, spam cleaned.
NOTE: only one of these 3 accounts were created yesterday, the other were
idle for longer:
{{{
amskiemee: 20160629143105Z
john11: 20160430220803Z
joyakn: 20160509180402Z
}}}
--
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/1739#comment:13>
OSGeo <http://www.osgeo.org/>
OSGeo committee and general foundation issue tracker.
#1739: Ticket/Wiki vandalism on MapGuide trac
---------------------------+---------------------
Reporter: jng | Owner: sac@…
Type: defect | Status: closed
Priority: normal | Milestone:
Component: Systems Admin | Resolution: fixed
Keywords: |
---------------------------+---------------------
Comment (by jng):
I see this junk ticket created by "Administrator":
https://trac.osgeo.org/mapguide/ticket/2667
Is this an actual OSGeo admin (you or someone else on the SAC?)
--
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/1739#comment:14>
OSGeo <http://www.osgeo.org/>
OSGeo committee and general foundation issue tracker.
#1739: Ticket/Wiki vandalism on MapGuide trac
---------------------------+---------------------
Reporter: jng | Owner: sac@…
Type: defect | Status: closed
Priority: normal | Milestone:
Component: Systems Admin | Resolution: fixed
Keywords: |
---------------------------+---------------------
Comment (by strk):
It's a spam user, idling since 2013 and with some mofifications from
October 2015:
{{{
createTimestamp: 20130314092005Z
modifyTimestamp: 20151008045745Z
mail: evil.evolution@yahoo.com
}}}
--
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/1739#comment:15>
OSGeo <http://www.osgeo.org/>
OSGeo committee and general foundation issue tracker.
#1739: Ticket/Wiki vandalism on MapGuide trac
---------------------------+---------------------
Reporter: jng | Owner: sac@…
Type: defect | Status: closed
Priority: normal | Milestone:
Component: Systems Admin | Resolution: fixed
Keywords: |
---------------------------+---------------------
Comment (by strk):
OSGeo user "administrator" deleted, and all its content on trac cleaned.
--
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/1739#comment:16>
OSGeo <http://www.osgeo.org/>
OSGeo committee and general foundation issue tracker.
#1739: Ticket/Wiki vandalism on MapGuide trac
---------------------------+---------------------
Reporter: jng | Owner: sac@…
Type: defect | Status: closed
Priority: normal | Milestone:
Component: Systems Admin | Resolution: fixed
Keywords: |
---------------------------+---------------------
Comment (by jng):
More spam accounts
{{{
amksjimmee
joyak
}}}
--
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/1739#comment:17>
OSGeo <http://www.osgeo.org/>
OSGeo committee and general foundation issue tracker.
#1739: Ticket/Wiki vandalism on MapGuide trac
---------------------------+---------------------
Reporter: jng | Owner: sac@…
Type: defect | Status: closed
Priority: normal | Milestone:
Component: Systems Admin | Resolution: fixed
Keywords: |
---------------------------+---------------------
Comment (by strk):
Deleted, togheter with 'officalravi4', also spamming mapguide.
Spam content from them all cleaned.
I've also done some bayes training on mapguide - we now have lots of spam
entries known, but no ham.
--
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/1739#comment:18>
OSGeo <http://www.osgeo.org/>
OSGeo committee and general foundation issue tracker.
#1739: Ticket/Wiki vandalism on MapGuide trac
---------------------------+---------------------
Reporter: jng | Owner: sac@…
Type: defect | Status: closed
Priority: normal | Milestone:
Component: Systems Admin | Resolution: fixed
Keywords: |
---------------------------+---------------------
Comment (by jng):
Nearly 2 weeks later, no spam activity since (yay!), but I did find some
residual damage in some submitted tickets.
* https://trac.osgeo.org/mapguide/ticket/2188
* https://trac.osgeo.org/mapguide/ticket/727
* https://trac.osgeo.org/mapguide/ticket/1225
* https://trac.osgeo.org/mapguide/ticket/2505
The spam accounts modified the summary fields of these tickets, is it
possible to rollback these summary field changes?
--
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/1739#comment:19>
OSGeo <http://www.osgeo.org/>
OSGeo committee and general foundation issue tracker.