[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Savannah-help-public] [sr #106304] Bug spam from logged in spammers?
|
From: |
Sylvain Beucler |
|
Subject: |
[Savannah-help-public] [sr #106304] Bug spam from logged in spammers? |
|
Date: |
Fri, 25 Apr 2008 18:49:54 +0000 |
|
User-agent: |
Mozilla/5.0 (X11; U; Linux i686; fr; rv:1.8.1.14) Gecko/20080404 Firefox/2.0.0.14 |
Follow-up Comment #9, sr #106304 (project administration):
I added a few tracers in the code and build some stats for the past day. I
trace all new items and items comments.
Total comments received: 1869
Posts that failed the 421 captcha and contain "http://": 1808
Validated posts (login or captcha): 36
Captcha-validated (anonymous) posts: 6 => 17%
Validated posts that contain "http://": 6
Validated posts that contain spam: 2 (1 login + 1 captcha)
Number of differents IPs: 468
Number of differents IPs for posts that failed the captcha and contain
"http://": 436
Max # of posts by IP: 89
Average posts by suspicious IP: 4.18
Median of the above: 1
So we're in front of a distributed comment spamming, coming from numerous
origins, each generally posting only a few comments. The wide majority of the
posts are sent by very primitive bots and are several orders of magnitude more
numerous than legitimate posts. The rest of the spam comes from more
intelligent bot, but also from bots who just registered an account (and avoid
any captcha). IDS won't be much effective because of the diversity of the
attack sources.
I portscanned a few spamming IPs. AFAICT they were not open proxies (either
completely closed, or classic GNU/Linux setup with no apparent proxy). I only
checked a few IPs, so this is not a definite conclusion.
The use of a graphical captcha will not stop the clever spammer, not spammers
who create accounts. So this solution may not work so well.
About reCaptcha in particular: while this is an interesting initiative, we
don't have the source code for the server-side of this solution (only for the
client plugins). One of Savannah's goal is to showcase a forge running
exclusively on free software. Relying on external 3rd-party services which
lack source code defeats the point. (same goes for akisnet or something)
Possible solutions: I'd suggest testing URL blocklists, escalating based on
the presence of external URLs, and also improving post-moderation (fix rather
than reject - we'll probably never get rid of 100% spam).
The trace is still running so we may get more data later on.
Note that this applies to Savannah in general. Savane (and more generally
forges) is not widespread. Mediawiki or DotClear installations probably get a
different kind of spam, both in quality and quantity ;)
Suggestions?
_______________________________________________________
Reply to this item at:
<http://savannah.gnu.org/support/?106304>
_______________________________________________
Message sent via/by Savannah
http://savannah.gnu.org/
- [Savannah-help-public] [sr #106304] Bug spam from logged in spammers?, Tony Abou-Assaleh, 2008/04/10
- [Savannah-help-public] [sr #106304] Bug spam from logged in spammers?, Sylvain Beucler, 2008/04/11
- [Savannah-help-public] [sr #106304] Bug spam from logged in spammers?, Dennis Berko, 2008/04/11
- [Savannah-help-public] [sr #106304] Bug spam from logged in spammers?, Bob Proulx, 2008/04/11
- [Savannah-help-public] [sr #106304] Bug spam from logged in spammers?, Tony Abou-Assaleh, 2008/04/11
- [Savannah-help-public] [sr #106304] Bug spam from logged in spammers?, Paul D. Smith, 2008/04/14
- [Savannah-help-public] [sr #106304] Bug spam from logged in spammers?, Dennis Berko, 2008/04/14
- [Savannah-help-public] [sr #106304] Bug spam from logged in spammers?,
Sylvain Beucler <=
- [Savannah-help-public] [sr #106304] Bug spam from logged in spammers?, Sylvain Beucler, 2008/04/30