1. Spamer第4次！

1.1. 还是那位吸JB的！

grep suckmyd1ck *
1092202528.98.61540.trail:suckmyd1ck
1162367389.46.63988:name=suckmyd1ck

1.1.1. 日志分析

{{{/var/log/apache> tail -n 22500 httpd-access.log | grep CPUGres | grep 16/Nov/2006 61.149.132.186 - - [16/Nov/2006:05:29:12 +0800] "GET /moin/CPUGres HTTP/1.1" 200 41697 "http://wiki.woodpecker.org.cn/moin/%E9%A6%96%E9%A1%B5" "Mozilla/5.0 (Windows; U; Windows NT 5.1; zh-CN; rv:1.8.1) Gecko/20061010 Firefox/2.0" ... 61.149.132.186 - - [16/Nov/2006:05:29:18 +0800] "GET /moin/CPUGres?action=edit&editor=gui HTTP/1.1" 200 32929 "http://wiki.woodpecker.org.cn/moin/CPUGres" "Mozilla/5.0 (Windows; U; Windows NT 5.1; zh-CN; rv:1.8.1) Gecko/20061010 Firefox/2.0" 61.149.132.186 - - [16/Nov/2006:05:29:40 +0800] "POST /moin/CPUGres HTTP/1.1" 200 11208 "http://wiki.woodpecker.org.cn/moin/CPUGres?action=edit&editor=gui" "Mozilla/5.0 (Windows; U; Windows NT 5.1; zh-CN; rv:1.8.1) Gecko/20061010 Firefox/2.0" ... }}}

吻合 61 开头的IP记录，虽然丫使用了 Fire Fox 2.0 ，但是可怜的家伙只会使用 GUI 编辑器。。。

1.2. 增强设置

1.2.1. SurgeProtection

增强汹涌编辑：

    surge_action_limits = {
        # allow max. <count> <action> requests per <dt> secs
        # action: (count, dt)
        'show': (250, 120),
        'raw': (30, 60),  # some people use this for css
        'AttachFile': (30, 60),
        'diff': (60, 60),
        'fullsearch': (3, 60),
        'edit': (20, 60),
        'rss_rc': (1, 60),
        'default': (50, 60),
    }

1.2.2. 取消删除

acl_rights_default = u"Trusted:read,write,delete,revert Known:read,write,revert All:read SpamAntiGroup:"
acl_rights_after = u"Known:read"

-  ⇤ ← Revision 1 as of 2006-11-16 02:07:06 → 
  Size: 377
  Editor: ZoomQuiet
  Comment:
+   ← Revision 4 as of 2006-11-16 02:43:12 → ⇥
  Size: 1996
  Editor: ZoomQuiet
  Comment:
-Deletions are marked like this.
+Additions are marked like this.
 Line 12:
-= 还是那位吸JB的！ =
+= Spamer第4次！ =
== 还是那位吸JB的！ ==
-Line 19:
+Line 20:
+=== 日志分析 ===
{{{/var/log/apache> tail -n 22500 httpd-access.log | grep CPUGres | grep 16/Nov/2006
61.149.132.186 - - [16/Nov/2006:05:29:12 +0800] "GET /moin/CPUGres HTTP/1.1" 200 41697 "http://wiki.woodpecker.org.cn/moin/%E9%A6%96%E9%A1%B5" "Mozilla/5.0 (Windows; U; Windows NT 5.1; zh-CN; rv:1.8.1) Gecko/20061010 Firefox/2.0"
...
61.149.132.186 - - [16/Nov/2006:05:29:18 +0800] "GET /moin/CPUGres?action=edit&editor=gui HTTP/1.1" 200 32929 "http://wiki.woodpecker.org.cn/moin/CPUGres" "Mozilla/5.0 (Windows; U; Windows NT 5.1; zh-CN; rv:1.8.1) Gecko/20061010 Firefox/2.0"
61.149.132.186 - - [16/Nov/2006:05:29:40 +0800] "POST /moin/CPUGres HTTP/1.1" 200 11208 "http://wiki.woodpecker.org.cn/moin/CPUGres?action=edit&editor=gui" "Mozilla/5.0 (Windows; U; Windows NT 5.1; zh-CN; rv:1.8.1) Gecko/20061010 Firefox/2.0"
...
}}}
 * 吻合 61 开头的IP记录，虽然丫使用了 Fire Fox 2.0 ，但是可怜的家伙只会使用 GUI 编辑器。。。
-Line 21:
+Line 32:
+=== SurgeProtection ===
 * 增强汹涌编辑 ： {{{
    surge_action_limits = {
        # allow max. <count> <action> requests per <dt> secs
        # action: (count, dt)
        'show': (250, 120),
        'raw': (30, 60),  # some people use this for css
        'AttachFile': (30, 60),
        'diff': (60, 60),
        'fullsearch': (3, 60),
        'edit': (20, 60),
        'rss_rc': (1, 60),
        'default': (50, 60),
    }
}}}
-Line 22:
+Line 48:
+=== 取消删除 ===
{{{
acl_rights_default = u"Trusted:read,write,delete,revert Known:read,write,revert All:read SpamAntiGroup:"
acl_rights_after = u"Known:read"
}}}

Diff for "woodpecker-log/2006-11-16"