[wplug-internet] Wiki under persistent attack from China
Vance Kochenderfer
vkochend at nyx.net
Fri May 3 23:51:57 EDT 2013
Over the past few days, I've blocked a few dozen more /16s on the
wiki. It seems all of Fujian Province wants to create accounts
(but oddly, they don't want to actually post anything).
Although MediaWiki records the IP address someone used to
register, it does not display this information in its logs. You
can view it by connecting to the database (see details in
/home/board/mediawiki-info) and running the following query:
SELECT rc_timestamp,rc_user_text,rc_ip FROM recentchanges
ORDER BY rc_timestamp DESC LIMIT 20;
You can of course alter the LIMIT clause to show as many entries
as you like.
If you're seeing multiple robot accounts coming from the same
netblock (use whois to verify it's from the same network), you can
go to the Block User page and enter in an IP range in the CIDR
form 27.159.0.0/16 (note that a /16 is the largest netblock you
can specify; smaller ones are OK).
Only do this for non-U.S. netblocks; there are unlikely to be any
legitimate users of the wiki coming from overseas. For domestic
addresses, try to be more discriminating to avoid collateral
damage. Often it will just be a single IP address or a small set
of addresses - block these one by one.
Normally these should be temporary blocks. If the problem returns
from a particular source once its block expires, we can consider
making it permanent.
Vance Kochenderfer | "Get me out of these ropes and into a
vkochend at nyx.net | good belt of Scotch" -Nick Danger
More information about the wplug-internet
mailing list