[SAC] Other users to be removed

strk · May 9, 2016, 8:21pm

To be removed from LDAP, for now just one:

+('ct7316944'),

--strk;

strk · May 9, 2016, 8:24pm

On Mon, May 09, 2016 at 10:21:41PM +0200, Sandro Santilli wrote:

To be removed from LDAP, for now just one:

+('ct7316944'),

And these are still hitting (but already reported)

andrusmith4
forprabhat4

--strk;

Martin_Spott · May 9, 2016, 8:55pm

On Mon, May 09, 2016 at 10:24:10PM +0200, Sandro Santilli wrote:

On Mon, May 09, 2016 at 10:21:41PM +0200, Sandro Santilli wrote:
> To be removed from LDAP, for now just one:
>
> +('ct7316944'),

And these are still hitting (but already reported)

andrusmith4
forprabhat4

Done,

Martin.
--
Unix _IS_ user friendly - it's just selective about who its friends are !
--------------------------------------------------------------------------

neteler · May 10, 2016, 1:19pm

To be removed from LDAP, for now just one:

dheeru55

thanks
Markus

strk · May 11, 2016, 7:04am

On Tue, May 10, 2016 at 03:19:20PM +0200, Markus Neteler wrote:

To be removed from LDAP, for now just one:

dheeru55

Confirmed, it's spamming, and the account was created when
we re-enabled the registration form, with the captcha protection:

  # dheeru55, People, osgeo.org
  dn: uid=dheeru55,ou=People,dc=osgeo,dc=org
  createTimestamp: 20160509155414Z

Also 'harsh145', created the same day, was found spamming:

  # harsh145, People, osgeo.org
  dn: uid=harsh145,ou=People,dc=osgeo,dc=org
  createTimestamp: 20160509151731Z

So, to recap, still hitting are:

+('harsh145'),
+('dheeru55'),

--strk;

strk · May 11, 2016, 7:15am

And these, who were thitting osgeo4w and ubuntugis (train bayes more!)

+('kumartinkusingh08'),
+('dhiman'),
+('amit932810085'),
+('shivom143'),
+('chromesix'),

Creation timestamps:

  createTimestamp: 20160509144107Z
  createTimestamp: 20160509152734Z
  createTimestamp: 20160509182421Z
  createTimestamp: 20160509173036Z
  createTimestamp: 20160501152359Z

--strk;

On Wed, May 11, 2016 at 09:04:01AM +0200, Sandro Santilli wrote:

On Tue, May 10, 2016 at 03:19:20PM +0200, Markus Neteler wrote:
> To be removed from LDAP, for now just one:
>
> dheeru55

Confirmed, it's spamming, and the account was created when
we re-enabled the registration form, with the captcha protection:

  # dheeru55, People, osgeo.org
  dn: uid=dheeru55,ou=People,dc=osgeo,dc=org
  createTimestamp: 20160509155414Z

Also 'harsh145', created the same day, was found spamming:

  # harsh145, People, osgeo.org
  dn: uid=harsh145,ou=People,dc=osgeo,dc=org
  createTimestamp: 20160509151731Z

So, to recap, still hitting are:

  +('harsh145'),
  +('dheeru55'),

--strk;

strk · May 11, 2016, 7:31am

And these (hitting ubuntugis), with creation timestamps:

keshav: 20160509165357Z
kunjnk: 20160509175930Z
somsnjkeeese: 20160430200917Z
kkkrkr52: 20160509180303Z

I made myself SPAM_ADMIN on ubuntugis and osgeo4w and tweaked some
configs.

--strk;

On Wed, May 11, 2016 at 09:15:58AM +0200, Sandro Santilli wrote:

And these, who were thitting osgeo4w and ubuntugis (train bayes more!)

+('kumartinkusingh08'),
+('dhiman'),
+('amit932810085'),
+('shivom143'),
+('chromesix'),

Creation timestamps:

  createTimestamp: 20160509144107Z
  createTimestamp: 20160509152734Z
  createTimestamp: 20160509182421Z
  createTimestamp: 20160509173036Z
  createTimestamp: 20160501152359Z

--strk;

On Wed, May 11, 2016 at 09:04:01AM +0200, Sandro Santilli wrote:
> On Tue, May 10, 2016 at 03:19:20PM +0200, Markus Neteler wrote:
> > To be removed from LDAP, for now just one:
> >
> > dheeru55
>
> Confirmed, it's spamming, and the account was created when
> we re-enabled the registration form, with the captcha protection:
>
> # dheeru55, People, osgeo.org
> dn: uid=dheeru55,ou=People,dc=osgeo,dc=org
> createTimestamp: 20160509155414Z
>
> Also 'harsh145', created the same day, was found spamming:
>
> # harsh145, People, osgeo.org
> dn: uid=harsh145,ou=People,dc=osgeo,dc=org
> createTimestamp: 20160509151731Z
>
> So, to recap, still hitting are:
>
> +('harsh145'),
> +('dheeru55'),
>
> --strk;
_______________________________________________
Sac mailing list
Sac@lists.osgeo.org
Sac Info Page

jsanz · May 11, 2016, 7:36am

Thanks for your time to fix this major issue Sandro, you are the best

On 11 May 2016 at 09:31, Sandro Santilli <strk@keybit.net> wrote:

And these (hitting ubuntugis), with creation timestamps:

keshav: 20160509165357Z
kunjnk: 20160509175930Z
somsnjkeeese: 20160430200917Z
kkkrkr52: 20160509180303Z

I made myself SPAM_ADMIN on ubuntugis and osgeo4w and tweaked some
configs.

--strk;

On Wed, May 11, 2016 at 09:15:58AM +0200, Sandro Santilli wrote:

And these, who were thitting osgeo4w and ubuntugis (train bayes more!)

+('kumartinkusingh08'),
+('dhiman'),
+('amit932810085'),
+('shivom143'),
+('chromesix'),

Creation timestamps:

  createTimestamp: 20160509144107Z
  createTimestamp: 20160509152734Z
  createTimestamp: 20160509182421Z
  createTimestamp: 20160509173036Z
  createTimestamp: 20160501152359Z

--strk;

On Wed, May 11, 2016 at 09:04:01AM +0200, Sandro Santilli wrote:
> On Tue, May 10, 2016 at 03:19:20PM +0200, Markus Neteler wrote:
> > To be removed from LDAP, for now just one:
> >
> > dheeru55
>
> Confirmed, it's spamming, and the account was created when
> we re-enabled the registration form, with the captcha protection:
>
> # dheeru55, People, osgeo.org
> dn: uid=dheeru55,ou=People,dc=osgeo,dc=org
> createTimestamp: 20160509155414Z
>
> Also 'harsh145', created the same day, was found spamming:
>
> # harsh145, People, osgeo.org
> dn: uid=harsh145,ou=People,dc=osgeo,dc=org
> createTimestamp: 20160509151731Z
>
> So, to recap, still hitting are:
>
> +('harsh145'),
> +('dheeru55'),
>
> --strk;
_______________________________________________
Sac mailing list
Sac@lists.osgeo.org
http://lists.osgeo.org/mailman/listinfo/sac

_______________________________________________
Sac mailing list
Sac@lists.osgeo.org
http://lists.osgeo.org/mailman/listinfo/sac

--
Jorge Sanz
http://www.osgeo.org
http://wiki.osgeo.org/wiki/Jorge_Sanz

strk · May 11, 2016, 7:37am

And (from proj4j):

cherrylycra: 20160509172246Z

I've also made myself SPAM_ADMIN for proj4j

--strk;

On Wed, May 11, 2016 at 09:31:03AM +0200, Sandro Santilli wrote:

And these (hitting ubuntugis), with creation timestamps:

keshav: 20160509165357Z
kunjnk: 20160509175930Z
somsnjkeeese: 20160430200917Z
kkkrkr52: 20160509180303Z

I made myself SPAM_ADMIN on ubuntugis and osgeo4w and tweaked some
configs.

--strk;

On Wed, May 11, 2016 at 09:15:58AM +0200, Sandro Santilli wrote:
> And these, who were thitting osgeo4w and ubuntugis (train bayes more!)
>
> +('kumartinkusingh08'),
> +('dhiman'),
> +('amit932810085'),
> +('shivom143'),
> +('chromesix'),
>
> Creation timestamps:
>
> createTimestamp: 20160509144107Z
> createTimestamp: 20160509152734Z
> createTimestamp: 20160509182421Z
> createTimestamp: 20160509173036Z
> createTimestamp: 20160501152359Z
>
> --strk;
>
> On Wed, May 11, 2016 at 09:04:01AM +0200, Sandro Santilli wrote:
> > On Tue, May 10, 2016 at 03:19:20PM +0200, Markus Neteler wrote:
> > > To be removed from LDAP, for now just one:
> > >
> > > dheeru55
> >
> > Confirmed, it's spamming, and the account was created when
> > we re-enabled the registration form, with the captcha protection:
> >
> > # dheeru55, People, osgeo.org
> > dn: uid=dheeru55,ou=People,dc=osgeo,dc=org
> > createTimestamp: 20160509155414Z
> >
> > Also 'harsh145', created the same day, was found spamming:
> >
> > # harsh145, People, osgeo.org
> > dn: uid=harsh145,ou=People,dc=osgeo,dc=org
> > createTimestamp: 20160509151731Z
> >
> > So, to recap, still hitting are:
> >
> > +('harsh145'),
> > +('dheeru55'),
> >
> > --strk;

strk · May 11, 2016, 7:42am

On Wed, May 11, 2016 at 09:36:55AM +0200, Jorge Sanz wrote:

Thanks for your time to fix this major issue Sandro, you are the best

I won't be able to keep up at this rate, your help is needed!
Can someone write a wiki page with recommended SpamFilterPlugin setup ?

I think at the bare minimum we want (other than the defaults):

  1: SessionFilterStrategy: 0
  2: Karma of authenticated users: 0
  3. Edit of a BadContent page, made read-only, for example:
     BadContent – Proj4J
     (but that one is not made read-only as it takes a TRAC_ADMIN to
     do that, I think)

--strk;

neteler · May 11, 2016, 8:34am

On Wed, May 11, 2016 at 9:42 AM, Sandro Santilli <strk@keybit.net> wrote:

On Wed, May 11, 2016 at 09:36:55AM +0200, Jorge Sanz wrote:

Thanks for your time to fix this major issue Sandro, you are the best

I won't be able to keep up at this rate, your help is needed!
Can someone write a wiki page with recommended SpamFilterPlugin setup ?

https://wiki.osgeo.org/wiki/Trac_Instances#Trac_Spam

I think at the bare minimum we want (other than the defaults):

  1: SessionFilterStrategy: 0
  2: Karma of authenticated users: 0
  3. Edit of a BadContent page, made read-only, for example:
     https://trac.osgeo.org/proj4j/wiki/BadContent
     (but that one is not made read-only as it takes a TRAC_ADMIN to
     do that, I think)

--strk;

Markus

strk · May 11, 2016, 10:01am

On Wed, May 11, 2016 at 10:34:04AM +0200, Markus Neteler wrote:

On Wed, May 11, 2016 at 9:42 AM, Sandro Santilli <strk@keybit.net> wrote:
> On Wed, May 11, 2016 at 09:36:55AM +0200, Jorge Sanz wrote:
>> Thanks for your time to fix this major issue Sandro, you are the best
>
> I won't be able to keep up at this rate, your help is needed!
> Can someone write a wiki page with recommended SpamFilterPlugin setup ?

Trac - OSGeo

Thanks Markus

Now we need to focus on a better (longer?) user registration
procedure: #1665 (Add Confirmation Flow to LDAP Account Creation) – OSGeo

--strk;