Who's Where swiki page polluted

I've been tidying up a few VM related pages and noticed that the  
Who's Where page (amongst others) is messed up. There are many  
entries where you see '8 #4' or similar. Not to mention a long list  
of dubious URLs at the bottom.

I tried a look at the history but couldn't really come to any  
conclusion about which was the best recent version.

tim
--
tim Rowledge; [hidden email]; http://www.rowledge.org/tim
999, the number of the Aussie Beast.

On 14-Jan-06, at 11:25 AM, tim Rowledge wrote:

> I've been tidying up a few VM related pages and noticed that the  
> Who's Where page (amongst others) is messed up. There are many  
> entries where you see '8 #4' or similar. Not to mention a long list  
> of dubious URLs at the bottom.

It gets worse. A page relating to VM stuff that I edited at 1:15pm  
was messed up at 1:20pm by 205.252.23.4 Anyone that knows how to  
track down the machine and contact the probably innocently afflicted  
owner might like to spend a moment looking at random pages on the  
swiki to see if there is a pattern that might be interesting


tim
--
tim Rowledge; [hidden email]; http://www.rowledge.org/tim
The downside of being better than everyone else is that people tend  
to assume you're pretentious

tim Rowledge wrote:

> I've been tidying up a few VM related pages and noticed that the  
> Who's Where page (amongst others) is messed up. There are many  
> entries where you see '8 #4' or similar. Not to mention a long list  
> of dubious URLs at the bottom.
>
> I tried a look at the history but couldn't really come to any  
> conclusion about which was the best recent version.

The problem with wiki spam is that you would need to restore the pages
in reverse order, so that the changed titles get restored correctly (I
think...)

Can somebody with full access to the wiki restore everything to the
state before that spamming? Reverting every single page would be a bit
tedious.
In addition, the method which accepts edits should probably have some
spam detection...

Cheers,
Hans-Martin

tim Rowledge wrote:

>
> It gets worse. A page relating to VM stuff that I edited at 1:15pm  
> was messed up at 1:20pm by 205.252.23.4 Anyone that knows how to  
> track down the machine and contact the probably innocently afflicted  
> owner might like to spend a moment looking at random pages on the  
> swiki to see if there is a pattern that might be interesting

The pattern is pretty simple. Those machines are zombies, and their real
owners most likely don't know and don't understand what their machines
are doing (after all, they're windows users :-)
Spam content is always a big list of hrefs to porn sites.
I'm currently working on getting an automatic restoration mechanism going.

Cheers,
Hans-Martin

For Smallwiki damien developed using john code a simple letter warper.
May be the Swiki maintainer can use that? May be we should lock all the
pages and use a trivial passwords such as doIt.

Stef

Hans-Martin Mosner wrote:

> I'm currently working on getting an automatic restoration mechanism
> going.

It's slowly crunching through the pages 100-200 now.
I think I'll set a password for the next batches (viewpoints).
The spammer is obviously using an automated script, and the only method
of preventing him from doing it again is to make all pages protected
(either individual password protection or a login mechanism before you
can edit - I'd prefer the latter option.)

Cheers,
Hans-Martin