Asp Forum - RubyGarden wiki patch

Chad Fowler

10/29/2004 12:59:00 PM

FYI, I've just implemented this
http://onestepback.org/index.cgi/General/CautiouslyOptim....
Let's see how long it might be effective. With this patch, pages with
previously valid links WILL NOT SAVE unless you uppercase the
protocol:// section of the link. That'll be annoying for a while but
hopefully not as much as the spam (and hopefully this will have an
effect for a while).

The real-time blacklists and any other blacklisting measure seem to be
almost 0% effective. Practically none of the spammers that have hit
us have been listed, and we can't keep up a manual list fast enough.

Next step is authentication. I'm ready to put this one to bed.

--

Chad Fowler
http://chad...
http://rubyc...
http://ruby...
http://rubygems.rub... (over 20,000 gems served!)

32 Answers

Phil Roberts

10/29/2004 1:03:00 PM

Chad Fowler <chadfowler@gmail.com> treated the lovely people of
comp.lang.ruby with the following stuff:

> FYI, I've just implemented this
> http://onestepback.org/index.cgi/General/CautiouslyOpti...
> c. Let's see how long it might be effective. With this patch,
> pages with previously valid links WILL NOT SAVE unless you
> uppercase the protocol:// section of the link. That'll be
> annoying for a while but hopefully not as much as the spam (and
> hopefully this will have an effect for a while).
>
> The real-time blacklists and any other blacklisting measure seem
> to be almost 0% effective. Practically none of the spammers
> that have hit us have been listed, and we can't keep up a manual
> list fast enough.
>
> Next step is authentication. I'm ready to put this one to bed.
>

Hi Chad, should I be seeing these links?:

Administration: Lock page | Delete this page | Edit Banned List |
Run Maintenance | Edit/Rename pages | Lock site

--
Phil Roberts | Deedle Doot Doo Dee Dee | http://www.fl...

David Ross

10/29/2004 1:14:00 PM

Chad Fowler wrote:

>
>The real-time blacklists and any other blacklisting measure seem to be
>almost 0% effective. Practically none of the spammers that have hit
>us have been listed, and we can't keep up a manual list fast enough.
>
>
>

Then you wouldn't mind giving out the server logs for us to confirm you
are telling the truth. Taking that last time you spoke without studying
on w RBL exactly means. Plus, the IP was listed in the RBLs , so wheres
the loags? taking that most hits were probbly around 80% despite a few
like from rr.com, most *are * blacklisted, and it *does* work fine.

David Ross
--
Hazzle free packages for Ruby?
RPA is available from http://www.rubyar...

Bill Atkins

10/29/2004 2:09:00 PM

Oh, give it a rest, you. He's got nothing to gain from lying.

On Fri, 29 Oct 2004 22:13:51 +0900, David Ross <dross@code-exec.net> wrote:
> Then you wouldn't mind giving out the server logs for us to confirm you
> are telling the truth.

David Ross

10/29/2004 2:32:00 PM

Bill Atkins wrote:

>Oh, give it a rest, you. He's got nothing to gain from lying.
>
>On Fri, 29 Oct 2004 22:13:51 +0900, David Ross <dross@code-exec.net> wrote:
>
>
>>Then you wouldn't mind giving out the server logs for us to confirm you
>>are telling the truth.
>>
>>
>
>
>
>
I'm not the one that is telling lies, and yes he does. He thinks he has
some type of authority over security. He doesn't prolly even know what
an ankon does. He has no experience and yet he makes remarks about
implementations not working. I've experience to identify when people are
lying, plenty of it. The truth is that RBLs are more than just mail
servers, they are lists of abusive hosts for different reasons. If chad
wants to be blnd because I came up with the idea and he didn't, fine.
There are other smarter people out there with wikis that have an open mind.

There was the beginning email about Rubygarden spam which had the IP
listed on RBL servers since last year. There was also another person who
replied to the [SOLUTION] thread which even said some of the IPs were in
the blacklists as well.
even from 221.15.71.32 which spammed
http://rubygarden.org/ruby?action=history&am...
I never said RBLs were the ultimate solution, of course they are
supposed to be used in other means as mail servers use them. Mail
servers take use of RBLs, AV, grep engines, sender identification by
mail/rcpt tag, and many other ways.

I've been searching through.. there are also IPs like 61.149.119.74, 61.50.242.197, 68.40.176.215,200.56.233.5, and many many others which have had a god contribution to spam.
I was checking most of the pages like.. http://rubygarden.org/ruby?action=history&i... for the ips.

Hosts like.. www.bhmassociates.com are open proxies (this one is a squid proxy on port 3128) that is on the page above.

I think there should also be prox scanner checks done on the common ports at start, have a database of hosts.

The RBLs will block about 80%
The Scanners will block another 10% of the spam that gets past the RBL
Implementing the RBL access is simple, and what would be nice is to have access in a wiki to submit abusive hosts with the IP and revision page to the blacklists for people to check, like dsbl, which has open relays, open proxies, or some other vulnerability.

There are other ways to bundle a better security method. My way is the easiest for blocking people who love spamming the wikis instead of applying ill-minded restrictions to the wiki pages.

If he wants to be so foolish as to not listen to my advice, fine. Its his loss, and everyone elses in the Ruby community since there will probably still be spam. Logins can be automated, captachas can be read by smart bots as autoaim bots for video games are created. The real solution is not obfuscation, its security.

David Ross

David Ross

10/29/2004 2:35:00 PM

David Ross wrote:

> Bill Atkins wrote:
>
>> Oh, give it a rest, you. He's got nothing to gain from lying.
>>
>> On Fri, 29 Oct 2004 22:13:51 +0900, David Ross <dross@code-exec.net>
>> wrote:
>>
>>
>>> Then you wouldn't mind giving out the server logs for us to confirm you
>>> are telling the truth.
>>>
>>
>>
>>
>>
>>
> I'm not the one that is telling lies, and yes he does. He thinks he
> has some type of authority over security. He doesn't prolly even know
> what an ankon does. He has no experience and yet he makes remarks
> about implementations not working. I've experience to identify when
> people are lying, plenty of it. The truth is that RBLs are more than
> just mail servers, they are lists of abusive hosts for different
> reasons. If chad wants to be blnd because I came up with the idea and
> he didn't, fine. There are other smarter people out there with wikis
> that have an open mind.
>
> There was the beginning email about Rubygarden spam which had the IP
> listed on RBL servers since last year. There was also another person
> who replied to the [SOLUTION] thread which even said some of the IPs
> were in the blacklists as well.
> even from 221.15.71.32 which spammed
> http://rubygarden.org/ruby?action=history&am...
> I never said RBLs were the ultimate solution, of course they are
> supposed to be used in other means as mail servers use them. Mail
> servers take use of RBLs, AV, grep engines, sender identification by
> mail/rcpt tag, and many other ways.
>
> I've been searching through.. there are also IPs like 61.149.119.74,
> 61.50.242.197, 68.40.176.215,200.56.233.5, and many many others which
> have had a god contribution to spam.
> I was checking most of the pages like..
> http://rubygarden.org/ruby?action=history&i... for the ips.
>
> Hosts like.. www.bhmassociates.com are open proxies (this one is a
> squid proxy on port 3128) that is on the page above.
>
> I think there should also be prox scanner checks done on the common
> ports at start, have a database of hosts.
> The RBLs will block about 80%
> The Scanners will block another 10% of the spam that gets past the RBL
> Implementing the RBL access is simple, and what would be nice is to
> have access in a wiki to submit abusive hosts with the IP and revision
> page to the blacklists for people to check, like dsbl, which has open
> relays, open proxies, or some other vulnerability.
> There are other ways to bundle a better security method. My way is the
> easiest for blocking people who love spamming the wikis instead of
> applying ill-minded restrictions to the wiki pages.
>
> If he wants to be so foolish as to not listen to my advice, fine. Its
> his loss, and everyone elses in the Ruby community since there will
> probably still be spam. Logins can be automated, captachas can be read
> by smart bots as autoaim bots for video games are created. The real
> solution is not obfuscation, its security.
>
> David Ross
>
>
>
>
oh btw, besides the common ports, there are special ports that change
each week in infections of windows computer viruses for proxy ports
which could be scanned as well. You've no idea how insecure the internet
really can be for everybody. Its really insecure, the best way is to
have a real security plan, identify spammers, and block them as others
do to crackers.

David Ross

Bill Atkins

10/29/2004 3:09:00 PM

If you have issues with Chad's decisions, then communicate with him
personally, and stop trolling about. Your arrogance and your
vendettas don't do much to resolve the spam issue.

Bill

On Fri, 29 Oct 2004 23:34:56 +0900, David Ross <dross@code-exec.net> wrote:
> David Ross wrote:
>
>
>
> > Bill Atkins wrote:
> >
> >> Oh, give it a rest, you. He's got nothing to gain from lying.
> >>
> >> On Fri, 29 Oct 2004 22:13:51 +0900, David Ross <dross@code-exec.net>
> >> wrote:
> >>
> >>
> >>> Then you wouldn't mind giving out the server logs for us to confirm you
> >>> are telling the truth.
> >>>
> >>
> >>
> >>
> >>
> >>
> > I'm not the one that is telling lies, and yes he does. He thinks he
> > has some type of authority over security. He doesn't prolly even know
> > what an ankon does. He has no experience and yet he makes remarks
> > about implementations not working. I've experience to identify when
> > people are lying, plenty of it. The truth is that RBLs are more than
> > just mail servers, they are lists of abusive hosts for different
> > reasons. If chad wants to be blnd because I came up with the idea and
> > he didn't, fine. There are other smarter people out there with wikis
> > that have an open mind.
> >
> > There was the beginning email about Rubygarden spam which had the IP
> > listed on RBL servers since last year. There was also another person
> > who replied to the [SOLUTION] thread which even said some of the IPs
> > were in the blacklists as well.
> > even from 221.15.71.32 which spammed
> > http://rubygarden.org/ruby?action=history&am...
> > I never said RBLs were the ultimate solution, of course they are
> > supposed to be used in other means as mail servers use them. Mail
> > servers take use of RBLs, AV, grep engines, sender identification by
> > mail/rcpt tag, and many other ways.
> >
> > I've been searching through.. there are also IPs like 61.149.119.74,
> > 61.50.242.197, 68.40.176.215,200.56.233.5, and many many others which
> > have had a god contribution to spam.
> > I was checking most of the pages like..
> > http://rubygarden.org/ruby?action=history&i... for the ips.
> >
> > Hosts like.. www.bhmassociates.com are open proxies (this one is a
> > squid proxy on port 3128) that is on the page above.
> >
> > I think there should also be prox scanner checks done on the common
> > ports at start, have a database of hosts.
> > The RBLs will block about 80%
> > The Scanners will block another 10% of the spam that gets past the RBL
> > Implementing the RBL access is simple, and what would be nice is to
> > have access in a wiki to submit abusive hosts with the IP and revision
> > page to the blacklists for people to check, like dsbl, which has open
> > relays, open proxies, or some other vulnerability.
> > There are other ways to bundle a better security method. My way is the
> > easiest for blocking people who love spamming the wikis instead of
> > applying ill-minded restrictions to the wiki pages.
> >
> > If he wants to be so foolish as to not listen to my advice, fine. Its
> > his loss, and everyone elses in the Ruby community since there will
> > probably still be spam. Logins can be automated, captachas can be read
> > by smart bots as autoaim bots for video games are created. The real
> > solution is not obfuscation, its security.
> >
> > David Ross
> >
> >
> >
> >
> oh btw, besides the common ports, there are special ports that change
> each week in infections of windows computer viruses for proxy ports
> which could be scanned as well. You've no idea how insecure the internet
> really can be for everybody. Its really insecure, the best way is to
> have a real security plan, identify spammers, and block them as others
> do to crackers.
>
> David Ross
>
>

David Ross

10/29/2004 3:26:00 PM

Bill Atkins wrote:

>If you have issues with Chad's decisions, then communicate with him
>personally, and stop trolling about. Your arrogance and your
>vendettas don't do much to resolve the spam issue.
>
>Bill
>
>On Fri, 29 Oct 2004 23:34:56 +0900, David Ross <dross@code-exec.net> wrote:
>
>
>>David Ross wrote:
>>
>>
>>
>>
>>
>>>Bill Atkins wrote:
>>>
>>>
>>>
>>>>Oh, give it a rest, you. He's got nothing to gain from lying.
>>>>
>>>>On Fri, 29 Oct 2004 22:13:51 +0900, David Ross <dross@code-exec.net>
>>>>wrote:
>>>>
>>>>
>>>>
>>>>
>>>>>Then you wouldn't mind giving out the server logs for us to confirm you
>>>>>are telling the truth.
>>>>>
>>>>>
>>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>I'm not the one that is telling lies, and yes he does. He thinks he
>>>has some type of authority over security. He doesn't prolly even know
>>>what an ankon does. He has no experience and yet he makes remarks
>>>about implementations not working. I've experience to identify when
>>>people are lying, plenty of it. The truth is that RBLs are more than
>>>just mail servers, they are lists of abusive hosts for different
>>>reasons. If chad wants to be blnd because I came up with the idea and
>>>he didn't, fine. There are other smarter people out there with wikis
>>>that have an open mind.
>>>
>>>There was the beginning email about Rubygarden spam which had the IP
>>>listed on RBL servers since last year. There was also another person
>>>who replied to the [SOLUTION] thread which even said some of the IPs
>>>were in the blacklists as well.
>>>even from 221.15.71.32 which spammed
>>>http://rubygarden.org/ruby?action=history&am...
>>>I never said RBLs were the ultimate solution, of course they are
>>>supposed to be used in other means as mail servers use them. Mail
>>>servers take use of RBLs, AV, grep engines, sender identification by
>>>mail/rcpt tag, and many other ways.
>>>
>>>I've been searching through.. there are also IPs like 61.149.119.74,
>>>61.50.242.197, 68.40.176.215,200.56.233.5, and many many others which
>>>have had a god contribution to spam.
>>>I was checking most of the pages like..
>>>http://rubygarden.org/ruby?action=history&i... for the ips.
>>>
>>>Hosts like.. www.bhmassociates.com are open proxies (this one is a
>>>squid proxy on port 3128) that is on the page above.
>>>
>>>I think there should also be prox scanner checks done on the common
>>>ports at start, have a database of hosts.
>>>The RBLs will block about 80%
>>>The Scanners will block another 10% of the spam that gets past the RBL
>>>Implementing the RBL access is simple, and what would be nice is to
>>>have access in a wiki to submit abusive hosts with the IP and revision
>>>page to the blacklists for people to check, like dsbl, which has open
>>>relays, open proxies, or some other vulnerability.
>>>There are other ways to bundle a better security method. My way is the
>>>easiest for blocking people who love spamming the wikis instead of
>>>applying ill-minded restrictions to the wiki pages.
>>>
>>>If he wants to be so foolish as to not listen to my advice, fine. Its
>>>his loss, and everyone elses in the Ruby community since there will
>>>probably still be spam. Logins can be automated, captachas can be read
>>>by smart bots as autoaim bots for video games are created. The real
>>>solution is not obfuscation, its security.
>>>
>>>David Ross
>>>
>>>
>>>
>>>
>>>
>>>
>>oh btw, besides the common ports, there are special ports that change
>>each week in infections of windows computer viruses for proxy ports
>>which could be scanned as well. You've no idea how insecure the internet
>>really can be for everybody. Its really insecure, the best way is to
>>have a real security plan, identify spammers, and block them as others
>>do to crackers.
>>
>>David Ross
>>
>>
>>
>>
>
>
>
>
Trolling? excuse me. Everytime anyone argues its called trolling. Grow up.

He made a bad decision.

David Ross
--
Hazzle free packages for Ruby?
RPA is available from http://www.rubyar...

Anders Engström

10/29/2004 9:33:00 PM

On Sat, Oct 30, 2004 at 12:26:07AM +0900, David Ross wrote:
> Bill Atkins wrote:
>
> >If you have issues with Chad's decisions, then communicate with him
> >personally, and stop trolling about. Your arrogance and your
> >vendettas don't do much to resolve the spam issue.
> >

Well said.

[snip a *lot* of text - how about removing un-needed text before
replying?]

> Trolling? excuse me. Everytime anyone argues its called trolling. Grow up.
>
> He made a bad decision.

Come on - stop being so damn hostile and let it rest. You're not really
helping out promoting the "helpful and friendly" ruby community.

//Anders

--
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Anders Engström aengstrom@gnejs.net
http://www... PGP-Key: ED010E7F
[Your mind is like an umbrella. It doesn't work unless you open it.]

David Ross

10/29/2004 9:39:00 PM

>
>
>
>>Trolling? excuse me. Everytime anyone argues its called trolling. Grow up.
>>
>>He made a bad decision.
>>
>>
>
>Come on - stop being so damn hostile and let it rest. You're not really
>helping out promoting the "helpful and friendly" ruby community.
>
>//Anders
>
>
>
I agree. Often people jump in and back someone up without studying the
facts. I'll try to not respond these type of people from now on.

David Ross
--
Hazzle free packages for Ruby?
RPA is available from http://www.rubyar...

Hal E. Fulton

10/29/2004 11:25:00 PM

David Ross wrote:
>
> I agree. Often people jump in and back someone up without studying the
> facts. I'll try to not respond these type of people from now on.
>

No, David, YOU are the problem here, you and no one else.

I have never killfiled anyone on ruby-talk. You are a centimeter
from being the first.

Hal

comp.lang.ruby

RubyGarden wiki patch

Chad Fowler

Phil Roberts

David Ross

Bill Atkins

David Ross

David Ross

Bill Atkins

David Ross

Anders Engström

David Ross

Hal E. Fulton

x Login to ForumsZone