Spamer 再次袭来! ::-- ZoomQuiet [2006-11-16 02:07:06]
1. Spamer第4次!
1.1. 还是那位吸JB的!
grep suckmyd1ck * 1092202528.98.61540.trail:suckmyd1ck 1162367389.46.63988:name=suckmyd1ck
1.1.1. 日志分析
{{{/var/log/apache> tail -n 22500 httpd-access.log | grep CPUGres | grep 16/Nov/2006 61.149.132.186 - - [16/Nov/2006:05:29:12 +0800] "GET /moin/CPUGres HTTP/1.1" 200 41697 "http://wiki.woodpecker.org.cn/moin/%E9%A6%96%E9%A1%B5" "Mozilla/5.0 (Windows; U; Windows NT 5.1; zh-CN; rv:1.8.1) Gecko/20061010 Firefox/2.0" ... 61.149.132.186 - - [16/Nov/2006:05:29:18 +0800] "GET /moin/CPUGres?action=edit&editor=gui HTTP/1.1" 200 32929 "http://wiki.woodpecker.org.cn/moin/CPUGres" "Mozilla/5.0 (Windows; U; Windows NT 5.1; zh-CN; rv:1.8.1) Gecko/20061010 Firefox/2.0" 61.149.132.186 - - [16/Nov/2006:05:29:40 +0800] "POST /moin/CPUGres HTTP/1.1" 200 11208 "http://wiki.woodpecker.org.cn/moin/CPUGres?action=edit&editor=gui" "Mozilla/5.0 (Windows; U; Windows NT 5.1; zh-CN; rv:1.8.1) Gecko/20061010 Firefox/2.0" ... }}}
- 吻合 61 开头的IP记录,虽然丫使用了 Fire Fox 2.0 ,但是可怜的家伙只会使用 GUI 编辑器。。。
1.1.2. IP 追查
- 查询结果1:北京市 网通(通州区)
- 查询结果2:北京市大兴区 /通州区网通ADSL
果然还是上次地区的
> traceroute 61.149.132.186 traceroute to 61.149.132.186 (61.149.132.186), 64 hops max, 44 byte packets 1 202.108.44.1 (202.108.44.1) 0.733 ms 0.747 ms 0.570 ms 2 61.135.148.177 (61.135.148.177) 0.654 ms 0.593 ms 0.445 ms 3 61.135.143.1 (61.135.143.1) 0.528 ms 0.477 ms 0.933 ms 4 202.108.46.29 (202.108.46.29) 2.525 ms 1.104 ms 1.067 ms 5 61.148.3.98 (61.148.3.98) 0.780 ms 0.952 ms 1.067 ms 6 202.106.36.6 (202.106.36.6) 1.404 ms 1.321 ms 1.193 ms 7 bt-204-010.bta.net.cn (202.106.204.10) 3.153 ms bt-204-014.bta.net.cn (202.106.204.14) 3.232 ms bt-204-010.bta.net.cn (202.106.204.10) 3.253 ms 8 * * *
1.2. 下午再次
ohyha and spamantiwhat
1.2.1. 海淀 IP
{{{/var/log/apache> tail -n 22500 httpd-access.log | grep PyCon2006 | grep 16/Nov/2006 221.223.182.136 - - [16/Nov/2006:20:09:43 +0800] "GET /moin/PyCon2006 HTTP/1.1" 200 17432 "http://wiki.woodpecker.org.cn/moin/FrontPage" "Mozilla/5.0 (Windows; U; Windows NT 5.1; zh-CN; rv:1.8.1) Gecko/20061010 Firefox/2.0" 221.223.182.136 - - [16/Nov/2006:20:09:46 +0800] "GET /moin/PyCon2006?action=edit&editor=text HTTP/1.1" 200 10459 "http://wiki.woodpecker.org.cn/moin/PyCon2006" "Mozilla/5.0 (Windows; U; Windows NT 5.1; zh-CN; rv:1.8.1) Gecko/20061010 Firefox/2.0" 221.223.182.136 - - [16/Nov/2006:20:09:46 +0800] "GET /moin/PyCon2006?action=edit&editor=text HTTP/1.1" 200 10459 "http://wiki.woodpecker.org.cn/moin/PyCon2006" "Mozilla/5.0 (Windows; U; Windows NT 5.1; zh-CN; rv:1.8.1) Gecko/20061010 Firefox/2.0" 221.223.182.136 - - [16/Nov/2006:20:09:50 +0800] "POST /moin/PyCon2006 HTTP/1.1" 200 13825 "http://wiki.woodpecker.org.cn/moin/PyCon2006?action=edit&editor=text" "Mozilla/5.0 (Windows; U; Windows NT 5.1; zh-CN; rv:1.8.1) Gecko/20061010 Firefox/2.0" }}}
- 查询结果1:北京市 网通
- 查询结果2:北京市海淀区 网通ADSL
1.3. 增强设置
1.3.1. SurgeProtection
增强汹涌编辑 :
surge_action_limits = { # allow max. <count> <action> requests per <dt> secs # action: (count, dt) 'show': (250, 120), 'raw': (30, 60), # some people use this for css 'AttachFile': (30, 60), 'diff': (60, 60), 'fullsearch': (3, 60), 'edit': (20, 60), 'rss_rc': (1, 60), 'default': (50, 60), }
1.3.2. 取消删除
acl_rights_default = u"Trusted:read,write,delete,revert Known:read,write,revert All:read SpamAntiGroup:" acl_rights_after = u"Known:read"
1.3.3. 追加组管理
wikiconfig.py
acl_enabled = 1
acl_rights_valid = ["read", "write", "delete", "revert", "admin"]
# IMPORTANT: grant yourself admin rights! replace YourName with
acl_rights_before = u"ZoomQuiet:read,write,delete,revert,admin +WoodpeckerAdminGroup:read,write,delete,revert"
acl_rights_default = u"Trusted:read,write,revert,delete TrustedGroup:read,write,revert Known:read SpamerGroup:"
acl_rights_after = u"All:read"