[astro] Re: [TICKET #20733] Re: Spam links on milkyway.cs.rpi.edu
Dave Przybylo
przybd at cs.rpi.edu
Mon Dec 15 17:20:21 EST 2008
I have been going into the database and deleting them if they create a
string of accounts. Or deleting them individually if they are singular
accounts. They have created a string of up to 30 spam accounts within
an hour before. A validation method would go a long way in preventing
these types of attacks.
Regards,
-----------------------------------------------------------------------------------------------
Dave Przybylo <przybd at cs.rpi.edu>
Undergraduate Researcher
Worldwide Computing Laboratory ( http://wcl.cs.rpi.edu/ )
Department of Computer Science
Rensselaer Polytechnic Institute, 110 8th Street, Troy NY 12180, USA
-----------------------------------------------------------------------------------------------
On Dec 15, 2008, at 4:47 PM, NATS wrote:
> This is an automated email notification of an updated ticket:
>
>
> From: cvarela at cs.rpi.edu, 2008-12-15 16:47:29.985556
>
> MilkyWay at Home folks: some further suggestions to consider from N.
> Westlake. Thanks for your time. Greetings, - Carlos.
>
> On Dec 16, 2008, at 7:42 AM, N.Westlake wrote:
>
>> Thanks for the quick reply. The scrambled word may help. You might
>> also implement something like a reputation filter. Something like,
>> they must return calculations before being allowed to post html in
>> their profile or message boards.
>>
>> Making the boards only readable by those with accounts also cuts out
>> the incentive for the spamers.
>>
>> Thanks for taking this matter seriously.
>>
>> At 04:12 PM 12/15/2008, you wrote:
>>> Dear N. Westlake,
>>>
>>> I thought that we had already implemented (or we were planning to
>>> soon implement) a patch to require users to type a scrambled word
>>> (to avoid robots) to participate in message boards and modify user
>>> account profiles. From using other web sites, it seems as simple
>>> as adding something along the following lines to the HTML generated:
>>>
>>> ---
>>> <p>Please enter the words you see in the box, in order and
>>> separated by a space. Doing so helps prevent automated
>>> programs from abusing this service. If you are not sure
>>> what the words are, either enter your best guess or click
>>> the reload button next to the distorted words.</
>>> p><script src="<http://api.recaptcha.net/challenge?k=6LcKCQIAAAAAAHhBhOCf0BoxmQqpPEF%2dY87ouiUd
>>>> http://api.recaptcha.net/challenge?k=6LcKCQIAAAAAAHhBhOCf0BoxmQqpPEF%2dY87ouiUd
>>> " type="text/javascript"></script>
>>> <noscript><iframe frameborder="0" height="300" src="<http://api.recaptcha.net/noscript?k=6LcKCQIAAAAAAHhBhOCf0BoxmQqpPEF%2dY87ouiUd
>>>> http://api.recaptcha.net/noscript?k=6LcKCQIAAAAAAHhBhOCf0BoxmQqpPEF%2dY87ouiUd
>>> " width="500"></iframe><textarea cols="40"
>>> name="recaptcha_challenge_field" rows="3"></textarea><input
>>> name="recaptcha_response_field" type="hidden"
>>> value="manual_challenge" /></noscript>
>>> ---
>>>
>>> Can Dave Przybylo let us know what has been done from a
>>> MilkyWay at Home project perspective, if anything? Can Jon Chen let
>>> us know what has been done from a systems perspective, if anything?
>>>
>>> Another suggestion was to have a list of "banned" users (if spam
>>> is caused by humans), except they can always create new user ids,
>>> which entails that *some* level of policing would always be
>>> required...
>>>
>>> If the problem persists after the robot-avoiding suggestion is
>>> implemented, then a meeting should take place to look into further
>>> action.
>>>
>>> Greetings,
>>>
>>> - Carlos.
>>>
>>> ---
>>> Carlos A. Varela
>>> <<mailto:cvarela at cs.rpi.edu>cvarela at cs.rpi.edu>
>>> Associate Professor
>>> Worldwide Computing Laboratory
>>> Department of Computer Science
>>> Rensselaer Polytechnic Institute
>>> <http://wcl.cs.rpi.edu/>110 8th Street, Troy, NY 12180, USA
>>> <http://wcl.cs.rpi.edu/>http://wcl.cs.rpi.edu/
>>> Ph: +1 (518) 276-6912 Fax: +1 (518) 276-4033 Office: Lally 308
>>>
>>>
>>>
>>>
>>> On Dec 16, 2008, at 7:00 AM, N.Westlake wrote:
>>>
>>>> Hello Dr Varela,
>>>>
>>>> For the last year and especially this semester milkway.cs.rpi.edu
>>>> has had a recurring problem of spam links. They are being added to
>>>> the message boards and user account profiles. This impacts RPI in
>>>> three ways.
>>>>
>>>> Wasted resources on your sytem, campus bandwidth
>>>> Lost staff time detecting and cleaning it up repeatedly
>>>> Increases the risk that other email and links from
>>>> legitimate RPI sites will be flagged as spam
>>>>
>>>> This needs to be addressed at a system level on the machine.
>>>> Please speak with your sysadmins supporting the site to address
>>>> the problem. If they are having problems addressing this, I will
>>>> gladly meet with them to help come up with ideas they can then
>>>> implement.
>>>>
>>>> N. Westlake <mailto:westln2 at rpi.edu>westln2 at rpi.edu
>>>> Network Security Analyst, Information Technologies Infrastructure
>>>> 518-276-8280
>>>> Rensselaer Polytechnic Institute, 110 8th Street, Troy NY,
>>>> 12180-3590
>>>>
>>>> "The search for static security -- in the law and elsewhere -- is
>>>> misguided. The fact is security can only be achieved through
>>>> constant
>>>> change, adapting old ideas that have outlived their usefulness to
>>>> current facts..."
>>>> -William O. Douglas, US Supreme Court Justice
>>>
>>>
>>> ----------
>>>
>>> previous vote
>>
>>
>> N. Westlake westln2 at rpi.edu
>> Network Security Analyst, Information Technologies Infrastructure
>> 518-276-8280
>> Rensselaer Polytechnic Institute, 110 8th Street, Troy NY,
>> 12180-3590
>>
>> "The search for static security -- in the law and elsewhere -- is
>> misguided. The fact is security can only be achieved through constant
>> change, adapting old ideas that have outlived their usefulness to
>> current facts..."
>> -William O. Douglas, US Supreme Court Justice
>>
>
>
>
> - labstaff at cs.rpi.edu
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.cs.rpi.edu/mailman/archives/astro/attachments/20081215/08e5fd33/attachment.html>
More information about the astro
mailing list