Here’s a new trick used by the web spammers — attachments on a Moin Moin wiki. The taint.org/wk RecentChanges list illustrates it well:
2007-05-07 set bookmark [UPDATED] UserPreferences 04:17 Info ?StepStep [1-21] #01 Upload of attachment 'big-cocks.html'. #02 Upload of attachment 'big-cock.html'. #03 Upload of attachment 'big-boobs.html'. #04 Upload of attachment 'big-ass.html'. #05 Upload of attachment 'bdsm.html'. #06 Upload of attachment 'bbw.html'. #07 Upload of attachment 'bang-bros.html'. #08 Upload of attachment 'bangbros.html'. #09 Upload of attachment 'baby.html'. #10 Upload of attachment 'asian-porn.html'. #11 Upload of attachment 'asian-girls.html'. #12 Upload of attachment 'anime-porn.html'. #13 Upload of attachment 'anime-girls.html'. #14 Upload of attachment 'angelina-jolie.html '. #15 Upload of attachment 'amature.html'. #16 Upload of attachment 'amatuer.html'. #17 Upload of attachment 'adult-videos.html'. #18 Upload of attachment 'adult-stories.html' . #19 Upload of attachment 'adult-games.html'. #20 Upload of attachment '69.html'. #21 Upload of attachment '3d.html'.
Great. Lots of spam. This first started appearing on Feb 27 2007, in a multi-upload attack on a single page (“FindPage”), from IP address 212.26.129.162; then reoccurred on Apr 27 and May 7 from the (insecure open proxy) proxy.drevlanka.ru.
Annoyingly my “subscribe to wiki changes” patch doesn’t catch this — these aren’t gatewayed through as “changes” via mail for review. I need to fix that in my copious free time. :(
Also, the RecentChanges RSS feed doesn’t list them, although the HTML form does.
So unfortunately, the only way I can see to block this is either to review by visiting the RecentChanges page in a web browser regularly (how retro!), and delete them retrospectively, or simply to turn off attachments entirely — which is what I’ve done, by editing “wikiconfig.py” and adding:
actions_excluded = ['AttachFile']
It looks like quite a few other wikis around the web are running into the issue too :(
2 Comments