wiki@glassfish.java.net

Re: [gfwiki] wiki abuse

From: Mark S White <Mark.White_at_Sun.COM>
Date: Wed, 26 Sep 2007 11:53:51 -0700
Thanks Russ & Jamey. Most of the entries I looked at had randomly-generated user names
and the text they added to our pages seemed to be randomly-generated as well. Not sure
how we would filter something like that, but we'll see if things improve. The biggest problem
this poses to us is that now our own edits to a page are not guaranteed not to be wiped out
if this "spam-bot" happens to go modify that page while one of us is modifying it. In fact, we
know of one page where this happened - Yunpeng lost some edits to one of his pages because
the "spam-bot" got in at exactly the right (or wrong) time. They have even attacked the
JSPWiki.org site (Ron Ten-Hove found this):

http://jspwiki.org/wiki/AuthorizationAndAuthenticationHOWTO

You can see the garbage in the first line of the page.

mark

Russ Tremain wrote: 
Jamey - thanks!

Mark, hopefully this will help.

/r


At 12:15 PM -0600 9/26/07, Jamey Wood wrote:
  
Hi Russ,

I've enabled JSPWiki's "SpamFilter" (http://jspwiki.org/wiki/SpamFilter), and populated its blacklist with some entries based on this recent spam.  Hopefully it'll help reduce spam.  (Unfortunately, eliminating spam entirely is probably unrealistic unless we severely restrict how people gain access to edit our wikis.)

Since we haven't used this before, we'll need to keep an eye on things to see how well it works.  Let me know if you see any issues.

--Jamey

Russ Tremain wrote:
    
Is there any way we can block access to wiki abusers?
thx,
-Russ


At 7:56 AM -0700 9/26/07, Mark S White wrote:
      
Do you know what our Wiki supports in the security area?

-------- Original Message --------
Subject: Re: This is really disturbing Date: Wed, 26 Sep 2007 10:21:18 -0400 From: Ron Ten-Hove <mailto:Ronald.Ten-Hove@Sun.COM><Ronald.Ten-Hove@Sun.COM> Organization: Sun Microsystems, Inc To: <mailto:Mark.White@Sun.COM>Mark.White@Sun.COM CC: Suresh Potiny <mailto:Suresh.Potiny@Sun.COM><Suresh.Potiny@Sun.COM> References: <mailto:46FA649F.9080909@sun.com><46FA6
49F.9080909@sun.com>


This is serious. We need to improve our security on the Wiki ASAP. We
can either use those eye-test GIFs with scrambled letters (I forget the
proper name of those), or add a math puzzle. What does our JSP Wiki support?

--Ron

Mark S White wrote:
        
<http://wiki.open-esb.java.net/Wiki.jsp?page=RecentChanges>http://wiki.open-esb.java.net/Wiki.jsp?page=RecentChanges

Seems this person started on Sept 23, and has screwed up at least 50
pages so far. We can't
keep up with this.

          
--
Sun's Open ESB Community (<http://open-esb.org>http://open-esb.org)


--
Open ESB Community (<http://open-esb.org>http://open-esb.org)
Check out my blog (<http://blogs.sun.com/mwhite>http://blogs.sun.com/mwhite)
        

  

-- 
Open ESB Community (http://open-esb.org)
Check out my blog (http://blogs.sun.com/mwhite)
© Oracle | By contributing to this project, you are agreeing to the terms of use described here.