Rubygarden homepage hacks

On daily basis the homepage at rubygarden is being edited.
some random piece of text are being replaced with a link to an
asian homepage which looks non-ruby related.

Is it possible to blacklist that automated bot ?

http://www.rubygarden.org/ruby?HomePage

···


Simon Strandgaard

I’ll look into it. I think “hack” is a bit of a strong word here.
This is more of an “edit”. :slight_smile:

Chad

···

On Mon, 10 May 2004 07:24:03 +0900, Simon Strandgaard neoneye@adslhome.dk wrote:

On daily basis the homepage at rubygarden is being edited.
some random piece of text are being replaced with a link to an
asian homepage which looks non-ruby related.

Is it possible to blacklist that automated bot ?

Not only HomePage but some other pages, too. This is a well known
problem with wikis and usually requires an active wiki community. I am
not sure that a blacklist will do in all cases.

See http://c2.com/cgi/wiki?WhyWikiWorks
and http://c2.com/cgi/wiki?DeleteInsults

Cheers
Sascha

···

Simon Strandgaard neoneye@adslhome.dk wrote:

On daily basis the homepage at rubygarden is being edited.

Chad Fowler wrote:

···

On Mon, 10 May 2004 07:24:03 +0900, Simon Strandgaard >neoneye@adslhome.dk wrote:

On daily basis the homepage at rubygarden is being edited.
some random piece of text are being replaced with a link to an
asian homepage which looks non-ruby related.

Is it possible to blacklist that automated bot ?

I’ll look into it. I think “hack” is a bit of a strong word here.
This is more of an “edit”. :slight_smile:

Funny! :slight_smile:

I dont see it on the page. If it could be hacked, that would be an
interesting new spamming technique/scrourge to contend with.

:paul

Sascha Doerdelmann wrote:

On daily basis the homepage at rubygarden is being edited.

Not only HomePage but some other pages, too. This is a well known
problem with wikis and usually requires an active wiki community. I am
not sure that a blacklist will do in all cases.

See http://c2.com/cgi/wiki?WhyWikiWorks
and http://c2.com/cgi/wiki?DeleteInsults

I remember the Docbook wiki got erased completely by an evil bot, this
was a big loss.

http://wiki.docbook.org/topic/

Shouldn’t we do something to prevent situations like that?

BTW: It would be really nice if one could create one central Ruby account,
which then would work with: rubyforge, rubygarden, rcrchive, raa, rubynews.
Is such unification realistic ?

···

Simon Strandgaard neoneye@adslhome.dk wrote:


Simon Strandgaard

Paul Vudmaska wrote:

Chad Fowler wrote:

On daily basis the homepage at rubygarden is being edited.
some random piece of text are being replaced with a link to an
asian homepage which looks non-ruby related.

Is it possible to blacklist that automated bot ?

I’ll look into it. I think “hack” is a bit of a strong word here.
This is more of an “edit”. :slight_smile:

Funny! :slight_smile:

I dont see it on the page. If it could be hacked, that would be an
interesting new spamming technique/scrourge to contend with.

Take a look at the earlier revisions, and you will see the link.
I don’t want to mention the name of the page, because then I would
help promote their silly page, which I don’t want to.

url spelled backwards.

www ssmme dot com

···

On Mon, 10 May 2004 07:24:03 +0900, Simon Strandgaard > >neoneye@adslhome.dk wrote:


Simon Strandgaard

Sascha Doerdelmann wrote:

On daily basis the homepage at rubygarden is being edited.

Not only HomePage but some other pages, too. This is a well known
problem with wikis and usually requires an active wiki community. I am
not sure that a blacklist will do in all cases.

See http://c2.com/cgi/wiki?WhyWikiWorks
and http://c2.com/cgi/wiki?DeleteInsults

I remember the Docbook wiki got erased completely by an evil bot, this
was a big loss.

http://wiki.docbook.org/topic/

Shouldn’t we do something to prevent situations like that?

BTW: It would be really nice if one could create one central Ruby account,
which then would work with: rubyforge, rubygarden, rcrchive, raa, rubynews.
Is such unification realistic ?

I agree. Registering that often is painful. Unfortunately centralization
does not scale. There must be other ways to fight bots. I think that they
are not so good at OCR so far (that way I don’t have to “invent” a new
password all the time, that I keep forgetting anyway).


Simon Strandgaard

Yours,

Jean-Hugues

···

At 17:17 10/05/2004 +0900, you wrote:

Simon Strandgaard neoneye@adslhome.dk wrote:


Web: http://hdl.handle.net/1030.37/1.1
Phone: +33 (0) 4 92 27 74 17

Simon Strandgaard wrote:

Sascha Doerdelmann wrote:

On daily basis the homepage at rubygarden is being edited.

Not only HomePage but some other pages, too. This is a well known
problem with wikis and usually requires an active wiki community. I am
not sure that a blacklist will do in all cases.

See http://c2.com/cgi/wiki?WhyWikiWorks
and http://c2.com/cgi/wiki?DeleteInsults

I remember the Docbook wiki got erased completely by an evil bot, this
was a big loss.

http://wiki.docbook.org/topic/

Shouldn’t we do something to prevent situations like that?

BTW: It would be really nice if one could create one central Ruby account,
which then would work with: rubyforge, rubygarden, rcrchive, raa, rubynews.
Is such unification realistic ?


Simon Strandgaard

I’d highly recommend Microsoft Passport for this.
:slight_smile:
Actually, that would be a neat project for ruby - a remote
authenticaction service. Encrypted Xml, Rpc/Soap. Neat. Useful.

···

Simon Strandgaard neoneye@adslhome.dk wrote:

Paul Vudmaska wrote:

Chad Fowler wrote:

On daily basis the homepage at rubygarden is being edited.
some random piece of text are being replaced with a link to an
asian homepage which looks non-ruby related.

Is it possible to blacklist that automated bot ?

I dont see it on the page. If it could be hacked, that would be an
interesting new spamming technique/scrourge to contend with.

Take a look at the earlier revisions, and you will see the link.
I don’t want to mention the name of the page, because then I would
help promote their silly page, which I don’t want to.

url spelled backwards.

www ssmme dot com

It appeared on the rubygems wiki a couple of weeks ago, I remember taking
it out of the homepage there.

Ah, and it’s back there again - the link is at the bottom of the first
list (About RubyGems), it’s called ‘chonnging wiki’ and points to that url.

Taken it out for now, but it’ll be back soon, I bet.

···

On Mon, 10 May 2004 07:24:03 +0900, Simon Strandgaard > > >neoneye@adslhome.dk wrote:


Whatever the missing mass of the universe is, I hope it’s not cockroaches!
– Mom
Rasputin :: Jack of All Trades - Master of Nuns

Simon Strandgaard wrote:

url spelled backwards.
www ssmme dot com

I’ve seen this one just today in a number of unrelated Wikis that were
spammed with this URL. I checked whois, and unfortunately it appears
that they are in China. However, the administrative and technical
contacts list a valid looking msn.com email address.

M.

BTW: It would be really nice if one could create one central Ruby
account,
which then would work with: rubyforge, rubygarden, rcrchive, raa,
rubynews.
Is such unification realistic ?

.Ruby passport?

Guillaume.

That is a nice idea, to have an autogenerated image, containing
a password to be used for making changes (and some random noise
to confuse the bot).
And maybe it would help prevent disaster to limit the amount of
text that can be deleted at a time.

A revision history (a la CVS) to quickly revert changes may help
to. Don’t they have this already?

Kristof

···

On Mon, 10 May 2004 17:55:44 +0900, Jean-Hugues ROBERT wrote:

Sascha Doerdelmann wrote:
I remember the Docbook wiki got erased completely by an evil bot, this
was a big loss.

http://wiki.docbook.org/topic/

Shouldn’t we do something to prevent situations like that?

BTW: It would be really nice if one could create one central Ruby account,
which then would work with: rubyforge, rubygarden, rcrchive, raa, rubynews.
Is such unification realistic ?

I agree. Registering that often is painful. Unfortunately centralization
does not scale. There must be other ways to fight bots. I think that they
are not so good at OCR so far (that way I don’t have to “invent” a new
password all the time, that I keep forgetting anyway).

Yours,

Jean-Hugues

Guillaume Marcais wrote:

BTW: It would be really nice if one could create one central Ruby
account,
which then would work with: rubyforge, rubygarden, rcrchive, raa,
rubynews.
Is such unification realistic ?

Ruby passport?

You might want to duck after you suggest that. :wink:

Sascha Doerdelmann wrote:
I remember the Docbook wiki got erased completely by an evil bot, this
was a big loss.

http://wiki.docbook.org/topic/

Shouldn’t we do something to prevent situations like that?

    [...]

That is a nice idea, to have an autogenerated image, containing
a password to be used for making changes (and some random noise
to confuse the bot).

I don’t like this solution for the reasons outlined in

but:

And maybe it would help prevent disaster to limit the amount of
text that can be deleted at a time.

this agrees with their “limited use” solution

which seems to me the best solution of those offered.

A revision history (a la CVS) to quickly revert changes may help
to. Don’t they have this already?

Many Wikis do.

Kristof

    Hugh
···

On Mon, 10 May 2004, Kristof Bastiaensen wrote:

On Mon, 10 May 2004 17:55:44 +0900, Jean-Hugues ROBERT wrote:

Kristof Bastiaensen wrote:

···

On Mon, 10 May 2004 17:55:44 +0900, Jean-Hugues ROBERT wrote:

Sascha Doerdelmann wrote:

BTW: It would be really nice if one could create one central Ruby account,
which then would work with: rubyforge, rubygarden, rcrchive, raa, rubynews.
Is such unification realistic ?

I agree. Registering that often is painful. Unfortunately centralization
does not scale. There must be other ways to fight bots. I think that they
are not so good at OCR so far (that way I don’t have to “invent” a new
password all the time, that I keep forgetting anyway).

That is a nice idea, to have an autogenerated image, containing
a password to be used for making changes (and some random noise
to confuse the bot).
And maybe it would help prevent disaster to limit the amount of
text that can be deleted at a time.

Search on RAA for ‘CAPTCHA’ - someone mentioned a library a couple
of months ago.

Ah, here it is:

http://raa.ruby-lang.org/project/captcha/

Actually, I consider it such an elemental feature of a wiki that I
think that one without is crippled. IMHO, of course.

···

On Tue, May 11, 2004 at 01:13:16AM +0900, Hugh Sasse Staff Elec Eng wrote:

On Mon, 10 May 2004, Kristof Bastiaensen wrote:

A revision history (a la CVS) to quickly revert changes may help
to. Don’t they have this already?

Many Wikis do.


Thomas
beast@system-tnt.dk

I am testing some various line endings and conversions. I am confused
because when I create a file using DOS (CR/LF) format and I do a simple:

fh = File.open( “myfile.txt” );
fh.each_byte{ |ch|
puts ch; end

I get the following output:

72
101
108
108
111
44
10
87
111
114
108
100
33
10

myfile.txt contains:

Hello,
World!

By reading this output you would think it is in Unix format (LF), but it is
actually in DOS (CR/LF) file format.
When I open the file up in a hexeditor (NitroHex) it shows that the file
format is actually in DOS (CR/LF). I am using Ruby 1.8.1preview3 on Windows
2000. Is the Ruby Interpretor screwing up my line endings?

This actually came up from because I was trying what was suggest by a March
post by “Josef ‘Jupp’ Schugt” about any to any conversions for line endings.
But it doesn’t work on my Windows box.

Any input is appreciated,

Zach Dennis

Zach Dennis wrote:

By reading this output you would think it is in Unix format (LF), but it is
actually in DOS (CR/LF) file format.

Ruby automatically converts platform-specific (\r\n in your case)
newlines to platform-independent newlines (\n). This is a feature.

If you don’t want any line ending conversations to happen just specify
the binary mode like this: File.open(“filename”, “rb”) { … }

Regards,
Florian Gross

Thank you very much!

Zach Dennis

···

-----Original Message-----
From: Florian Gross [mailto:flgr@ccan.de]
Sent: Monday, May 10, 2004 5:29 PM
To: ruby-talk ML
Subject: Re: Line Ending Confusion on Windows

Zach Dennis wrote:

By reading this output you would think it is in Unix format (LF), but it
is
actually in DOS (CR/LF) file format.

Ruby automatically converts platform-specific (\r\n in your case)
newlines to platform-independent newlines (\n). This is a feature.

If you don’t want any line ending conversations to happen just specify
the binary mode like this: File.open(“filename”, “rb”) { … }

Regards,
Florian Gross