#1739 closed defect (fixed)
Ticket/Wiki vandalism on MapGuide trac
| Reported by: | jng | Owned by: | |
|---|---|---|---|
| Priority: | normal | Milestone: | |
| Component: | SysAdmin | Keywords: | |
| Cc: |
Description
Someone/something is spamming a whole bunch of junk tickets and wiki content on the MapGuide trac instance.
https://trac.osgeo.org/mapguide/timeline (see activity of Jun 29, 2016)
I don't seem to have any ability to ban these users or lock down the trac instance in any way.
Please advise proper procedure/solution ASAP.
Change History (27)
comment:1 by , 8 years ago
comment:2 by , 8 years ago
I don't seem to have a spam filter panel on the admin (https://trac.osgeo.org/mapguide/admin/spamfilter/monitor displays "Unknown administration panel")
comment:3 by , 8 years ago
Here's a list of spam users I've grepped so far:
5589 Mittchel001 balluji1989 buddhazon bunty123 dinesh121 emilymorris912 jensi2 johnplay1 millerjuliabel nagar85 nehashaikh1214 pranay221 seanpenn0903 shamkaruma singhraghuram19 smmsmie spyindia12 watpad6
comment:4 by , 8 years ago
You should have the admin panel now. I have added you as SPAM_ADMIN. Please use with care. Thanks for the list. I'm doing bayes training too. Please check out the BadContent wiki page (see the wiki link) so we don't step on each other though...
And consider getting on #telascience IRC channel on freenode for live coordination
follow-up: 10 comment:5 by , 8 years ago
All the reported users have been removed. I've seen the BadContent page has been improved, and the bayes database is also much stronger now :)
comment:6 by , 8 years ago
It's been real interesting watching the timeline shrink and grow as the spammers/filters battle it out :)
Thanks for the swift responses.
comment:7 by , 8 years ago
ubuntugis is also being hit by some of the same smappers, want to take a look / help with BadContent ?
The timeline shrinked also due to SQL DELETE statements :)
comment:8 by , 8 years ago
I should actually be asleep now :) So before I sign off:
I don't think I'm admin on the Fusion trac instance. I think that instance could also be potentially vulnerable (that instance has no BadContent wiki page and I can't create wiki pages on that one)
Also some more spam users:
karan01 khalifa1
comment:9 by , 8 years ago
| Resolution: | → fixed |
|---|---|
| Status: | new → closed |
Those two users are also gone now, and timeline is all clean. Thanks for your time and for the help you might give to others in your same situation.
I will make you SPAM_ADMIN on the Fusion trac instance too. File a ticket if you still cannot create that page when you wake up.
comment:10 by , 8 years ago
Replying to strk:
All the reported users have been removed. I've seen the BadContent page has been improved,
Could this improved BadContent page be propagated to the other trac instances?
comment:11 by , 8 years ago
I'd be afraid of overriding some good content found in others. But I guess a script could be made to pick all distinct lines from all BadContent pages. Want to file it as a ticket ?
comment:12 by , 8 years ago
| Resolution: | fixed |
|---|---|
| Status: | closed → reopened |
More spam users to clean out
joyakn john11 amskiemee
comment:13 by , 8 years ago
| Resolution: | → fixed |
|---|---|
| Status: | reopened → closed |
Users removed, spam cleaned. NOTE: only one of these 3 accounts were created yesterday, the other were idle for longer:
amskiemee: 20160629143105Z john11: 20160430220803Z joyakn: 20160509180402Z
comment:14 by , 8 years ago
I see this junk ticket created by "Administrator": https://trac.osgeo.org/mapguide/ticket/2667
Is this an actual OSGeo admin (you or someone else on the SAC?)
comment:15 by , 8 years ago
It's a spam user, idling since 2013 and with some mofifications from October 2015:
createTimestamp: 20130314092005Z modifyTimestamp: 20151008045745Z mail: evil.evolution@yahoo.com
comment:16 by , 8 years ago
OSGeo user "administrator" deleted, and all its content on trac cleaned.
comment:18 by , 8 years ago
Deleted, togheter with 'officalravi4', also spamming mapguide. Spam content from them all cleaned. I've also done some bayes training on mapguide - we now have lots of spam entries known, but no ham.
comment:19 by , 8 years ago
Nearly 2 weeks later, no spam activity since (yay!), but I did find some residual damage in some submitted tickets.
- https://trac.osgeo.org/mapguide/ticket/2188
- https://trac.osgeo.org/mapguide/ticket/727
- https://trac.osgeo.org/mapguide/ticket/1225
- https://trac.osgeo.org/mapguide/ticket/2505
The spam accounts modified the summary fields of these tickets, is it possible to rollback these summary field changes?
comment:20 by , 8 years ago
It looks like my cleanup script was more destructive than intended. Records in "ticket_change" table include both old and new values on summary change, but the old value is replaced by the new value in teh "ticket" table.
So now the only way to find the original summary would be to find those values in some backup and bring it back. I'll look at improving the script to perform a better rollback.
comment:21 by , 8 years ago
I've manually reset the summary to the value those 4 tickets had as of June 4th, 2016. Let me know if you find more ruined tickets.
The script was updated to properly rollback these kind of changes.
comment:23 by , 8 years ago
Actually, I missed these 2 tickets that still had spam summaries.
That's definitely the last of them (manually searched "tech" and "support" just to check)
comment:25 by , 8 years ago
More spammers:
karan12 jeshmin013
These spam users also made spam wiki content on this particular instance (osgeo) as well in addition to the MapGuide one. Check Aug 24 activity on the osgeo instance timeline
comment:26 by , 8 years ago
Both users were created on August 24, 2016:
jeshmin013: 20160824204613Z madhurana013@gmail.com -- registered from 103.38.68.99 karan12: xcvcfngnhfg@gmail.com 20160824202750Z -- registered from 103.38.68.99
Another user created from that same IP is:
kolakola: mightywarner@gmail.com 20160826013806Z
User 'kolakola' hasn't been found spamming yet.
I've removed users karan12 and jeshmin013, cleaned up trac spam submitted by them and trained the spam filter for the "osgeo" trac instance (not for others, please do!).
The "mantra" is obviously in the hands of spammers by now, so I changed it.
Please file a *new* ticket for future spam users reports.
comment:27 by , 8 years ago
For the record: I've found spam attempts by 'kolakola' against the osgeo trac instance (successfully blocked by the spam filter) and thus disabled the account.
Please have a read at https://wiki.osgeo.org/wiki/Trac_Instances#Trac_Spam
Then visit the admin panel and mark spam entries as such: https://trac.osgeo.org/mapguide/admin/spamfilter/monitor
Please do the marking _before_ deleting the entries, so the bayes databas will have more data to use for next time.
Also keep a list of the spammer users so we can remove/block those accounts. Thanks.