RubyGarden wiki patch

FYI, I've just implemented this
http://onestepback.org/index.cgi/General/CautiouslyOptimistic.rdoc.
Let's see how long it might be effective. With this patch, pages with
previously valid links WILL NOT SAVE unless you uppercase the
protocol:// section of the link. That'll be annoying for a while but
hopefully not as much as the spam (and hopefully this will have an
effect for a while).

The real-time blacklists and any other blacklisting measure seem to be
almost 0% effective. Practically none of the spammers that have hit
us have been listed, and we can't keep up a manual list fast enough.

Next step is authentication. I'm ready to put this one to bed.

Chad Fowler <chadfowler@gmail.com> treated the lovely people of
comp.lang.ruby with the following stuff:

FYI, I've just implemented this
http://onestepback.org/index.cgi/General/CautiouslyOptimistic.rdo
c. Let's see how long it might be effective. With this patch,
pages with previously valid links WILL NOT SAVE unless you
uppercase the protocol:// section of the link. That'll be
annoying for a while but hopefully not as much as the spam (and
hopefully this will have an effect for a while).

The real-time blacklists and any other blacklisting measure seem
to be almost 0% effective. Practically none of the spammers
that have hit us have been listed, and we can't keep up a manual
list fast enough.

Next step is authentication. I'm ready to put this one to bed.

Hi Chad, should I be seeing these links?:

Administration: Lock page | Delete this page | Edit Banned List |
Run Maintenance | Edit/Rename pages | Lock site

Chad Fowler wrote:

The real-time blacklists and any other blacklisting measure seem to be
almost 0% effective. Practically none of the spammers that have hit
us have been listed, and we can't keep up a manual list fast enough.

Then you wouldn't mind giving out the server logs for us to confirm you are telling the truth. Taking that last time you spoke without studying on w RBL exactly means. Plus, the IP was listed in the RBLs , so wheres the loags? taking that most hits were probbly around 80% despite a few like from rr.com, most *are * blacklisted, and it *does* work fine.

David Ross

Oh, give it a rest, you. He's got nothing to gain from lying.

PLONK

Bill Atkins wrote:

Oh, give it a rest, you. He's got nothing to gain from lying.

Then you wouldn't mind giving out the server logs for us to confirm you
are telling the truth.
   

I'm not the one that is telling lies, and yes he does. He thinks he has some type of authority over security. He doesn't prolly even know what an ankon does. He has no experience and yet he makes remarks about implementations not working. I've experience to identify when people are lying, plenty of it. The truth is that RBLs are more than just mail servers, they are lists of abusive hosts for different reasons. If chad wants to be blnd because I came up with the idea and he didn't, fine. There are other smarter people out there with wikis that have an open mind.

There was the beginning email about Rubygarden spam which had the IP listed on RBL servers since last year. There was also another person who replied to the [SOLUTION] thread which even said some of the IPs were in the blacklists as well.
even from 221.15.71.32 which spammed Captcha
I never said RBLs were the ultimate solution, of course they are supposed to be used in other means as mail servers use them. Mail servers take use of RBLs, AV, grep engines, sender identification by mail/rcpt tag, and many other ways.

I've been searching through.. there are also IPs like 61.149.119.74, 61.50.242.197, 68.40.176.215,200.56.233.5, and many many others which have had a god contribution to spam.
I was checking most of the pages like.. Captcha for the ips.

Hosts like.. www.bhmassociates.com are open proxies (this one is a squid proxy on port 3128) that is on the page above.

I think there should also be prox scanner checks done on the common ports at start, have a database of hosts.

The RBLs will block about 80%
The Scanners will block another 10% of the spam that gets past the RBL
Implementing the RBL access is simple, and what would be nice is to have access in a wiki to submit abusive hosts with the IP and revision page to the blacklists for people to check, like dsbl, which has open relays, open proxies, or some other vulnerability.

There are other ways to bundle a better security method. My way is the easiest for blocking people who love spamming the wikis instead of applying ill-minded restrictions to the wiki pages.

If he wants to be so foolish as to not listen to my advice, fine. Its his loss, and everyone elses in the Ruby community since there will probably still be spam. Logins can be automated, captachas can be read by smart bots as autoaim bots for video games are created. The real solution is not obfuscation, its security.

David Ross

Brian Schröder wrote:

David Ross wrote:

Bill Atkins wrote:

Oh, give it a rest, you. He's got nothing to gain from lying.

Then you wouldn't mind giving out the server logs for us to confirm you
are telling the truth.
  

I'm not the one that is telling lies, and yes he does. He thinks he has some type of authority over security. He doesn't prolly even know what an ankon does. He has no experience and yet he makes remarks about implementations not working. I've experience to identify when people are lying, plenty of it. The truth is that RBLs are more than just mail servers, they are lists of abusive hosts for different reasons. If chad wants to be blnd because I came up with the idea and he didn't, fine. There are other smarter people out there with wikis that have an open mind.

There was the beginning email about Rubygarden spam which had the IP listed on RBL servers since last year. There was also another person who replied to the [SOLUTION] thread which even said some of the IPs were in the blacklists as well.
even from 221.15.71.32 which spammed http://rubygarden.org/ruby?action=history&id=MySQL
I never said RBLs were the ultimate solution, of course they are supposed to be used in other means as mail servers use them. Mail servers take use of RBLs, AV, grep engines, sender identification by mail/rcpt tag, and many other ways.

I've been searching through.. there are also IPs like 61.149.119.74, 61.50.242.197, 68.40.176.215,200.56.233.5, and many many others which have had a god contribution to spam.
I was checking most of the pages like.. http://rubygarden.org/ruby?action=history&id=PragDave for the ips.

Hosts like.. www.bhmassociates.com are open proxies (this one is a squid proxy on port 3128) that is on the page above.

I think there should also be prox scanner checks done on the common ports at start, have a database of hosts.
The RBLs will block about 80%
The Scanners will block another 10% of the spam that gets past the RBL
Implementing the RBL access is simple, and what would be nice is to have access in a wiki to submit abusive hosts with the IP and revision page to the blacklists for people to check, like dsbl, which has open relays, open proxies, or some other vulnerability.
There are other ways to bundle a better security method. My way is the easiest for blocking people who love spamming the wikis instead of applying ill-minded restrictions to the wiki pages.

If he wants to be so foolish as to not listen to my advice, fine. Its his loss, and everyone elses in the Ruby community since there will probably still be spam. Logins can be automated, captachas can be read by smart bots as autoaim bots for video games are created. The real solution is not obfuscation, its security.

David Ross

oh btw, besides the common ports, there are special ports that change each week in infections of windows computer viruses for proxy ports which could be scanned as well. You've no idea how insecure the internet really can be for everybody. Its really insecure, the best way is to have a real security plan, identify spammers, and block them as others do to crackers.

David Ross

David Ross <dross@code-exec.net> writes:

Brian Schröder wrote:

>
>
>> Then you wouldn't mind giving out the server logs for us to confirm
>> you are telling the truth.
>>
>
>PLONK
>
>
/me blinks

what does "PLONK" mean?

Well, metaphorically, it means dumping your hostile allegations against
the provider of a free service where it rightfully belongs: the trash.
Technically, it means you're killfiled.

If you have issues with Chad's decisions, then communicate with him
personally, and stop trolling about. Your arrogance and your
vendettas don't do much to resolve the spam issue.

Bill

Killfile?

Well, we all know D. Ross is about as rude as they come. I've sort of just
come to accept it as a personality "disability", if you will. Between all his
bravado their is some valuable info though.

But I'm wondering why Chad hasn't as least made a statement on the matter. I
can understand that he might not want get into it with Ross. I wouldn't
either. But the rest of us might like to know about his work on the RBL
matter. I for one do not really want authentication --if at all avoidable.

Hopefully the cap-letters trick will help for while.

T.
"Pride is terrible thing; learn to waste it."

Mikael Brockman wrote:

David Ross <dross@code-exec.net> writes:

Brian Schröder wrote:

Then you wouldn't mind giving out the server logs for us to confirm
you are telling the truth.

PLONK

/me blinks

what does "PLONK" mean?
   

<>
Well, metaphorically, it means dumping your hostile allegations against
the provider of a free service where it rightfully belongs: the trash.
Technically, it means you're killfiled.

<>Oh, Thanks Mikael, I'm not great with sound recognition. I asked others on irc and they had no idea what it meant. I've to disagree about them being in the trash though. Chad lied, thats worse than arguing. He lied about having a RBL, and he lied about the 0%. I don't care if I look like a bad guy on this one, becasue I just plainly don't care, but I am 100% right. I spent an hour checking spammer IPs on RubyGarden, it would certainly get over 80%, and the people who spammed from hosts not listed were mostly proxies(common and elite ports) or gone by the time I checked them from being Dynamic IP adrresses. Sorry you feel that way about the truth, not many people can have deep knowledge in security or have the experience. Laters,

David Ross

Bill Atkins wrote:

If you have issues with Chad's decisions, then communicate with him
personally, and stop trolling about. Your arrogance and your
vendettas don't do much to resolve the spam issue.

Bill

David Ross wrote:

Bill Atkins wrote:

Oh, give it a rest, you. He's got nothing to gain from lying.

Then you wouldn't mind giving out the server logs for us to confirm you
are telling the truth.

I'm not the one that is telling lies, and yes he does. He thinks he
has some type of authority over security. He doesn't prolly even know
what an ankon does. He has no experience and yet he makes remarks
about implementations not working. I've experience to identify when
people are lying, plenty of it. The truth is that RBLs are more than
just mail servers, they are lists of abusive hosts for different
reasons. If chad wants to be blnd because I came up with the idea and
he didn't, fine. There are other smarter people out there with wikis
that have an open mind.

There was the beginning email about Rubygarden spam which had the IP
listed on RBL servers since last year. There was also another person
who replied to the [SOLUTION] thread which even said some of the IPs
were in the blacklists as well.
even from 221.15.71.32 which spammed
http://rubygarden.org/ruby?action=history&id=MySQL
I never said RBLs were the ultimate solution, of course they are
supposed to be used in other means as mail servers use them. Mail
servers take use of RBLs, AV, grep engines, sender identification by
mail/rcpt tag, and many other ways.

I've been searching through.. there are also IPs like 61.149.119.74,
61.50.242.197, 68.40.176.215,200.56.233.5, and many many others which
have had a god contribution to spam.
I was checking most of the pages like..
http://rubygarden.org/ruby?action=history&id=PragDave for the ips.

Hosts like.. www.bhmassociates.com are open proxies (this one is a
squid proxy on port 3128) that is on the page above.

I think there should also be prox scanner checks done on the common
ports at start, have a database of hosts.
The RBLs will block about 80%
The Scanners will block another 10% of the spam that gets past the RBL
Implementing the RBL access is simple, and what would be nice is to
have access in a wiki to submit abusive hosts with the IP and revision
page to the blacklists for people to check, like dsbl, which has open
relays, open proxies, or some other vulnerability.
There are other ways to bundle a better security method. My way is the
easiest for blocking people who love spamming the wikis instead of
applying ill-minded restrictions to the wiki pages.

If he wants to be so foolish as to not listen to my advice, fine. Its
his loss, and everyone elses in the Ruby community since there will
probably still be spam. Logins can be automated, captachas can be read
by smart bots as autoaim bots for video games are created. The real
solution is not obfuscation, its security.

David Ross

oh btw, besides the common ports, there are special ports that change
each week in infections of windows computer viruses for proxy ports
which could be scanned as well. You've no idea how insecure the internet
really can be for everybody. Its really insecure, the best way is to
have a real security plan, identify spammers, and block them as others
do to crackers.

David Ross

Trolling? excuse me. Everytime anyone argues its called trolling. Grow up.

He made a bad decision.

David Ross

trans. (T. Onoma) wrote:

David Ross <dross@code-exec.net> writes:
> Brian Schröder wrote:
> >> Then you wouldn't mind giving out the server logs for us to confirm
> >> you are telling the truth.
> >
> >PLONK
>
> /me blinks
>
> what does "PLONK" mean?

Well, metaphorically, it means dumping your hostile allegations against
the provider of a free service where it rightfully belongs: the trash.
Technically, it means you're killfiled.

Killfile?

Well, we all know D. Ross is about as rude as they come. I've sort of just come to accept it as a personality "disability", if you will. Between all his bravado their is some valuable info though.

But I'm wondering why Chad hasn't as least made a statement on the matter. I can understand that he might not want get into it with Ross. I wouldn't either. But the rest of us might like to know about his work on the RBL matter. I for one do not really want authentication --if at all avoidable.

Hopefully the cap-letters trick will help for while.

T.
"Pride is terrible thing; learn to waste it."

I've actually bee thinking of writing some code for usemod to check RBL, and DSBL.. though it might be best to just write a checker daemon in Ruby and set up a unix pipe. Since there are the other percent which are running proxies on the computers(common and elite port) which I have to dread. Whcih means... scanning selected ports and then trying to see if they are open proxies(whether it be HTTP, SOCKS, etc) This is s big problem to those who dislike being scanned. To many (even me) its like knocking on someones door to see if anyone is home. This is the best way to identify spammers though. Authentication, HTTP limiting is obfuscation, its a horrible way to block. When I think obfuscation I think compiling. Just because you compile a C application with a exploit you know in the program doesnt mean anyone will find it, people look at it anyway. So therefore obfuscation can easily be overridden, even if there are captachas. Hiding the problem doesn't help., but fixing the problem will help.

David Ross

trans. (T. Onoma) wrote:

David Ross <dross@code-exec.net> writes:

Mikael Brockman wrote:

>David Ross <dross@code-exec.net> writes:
>
>
>>Brian Schröder wrote:
>>
>>
>>>
>>>
>>>
>>>>Then you wouldn't mind giving out the server logs for us to confirm
>>>>you are telling the truth.
>>>>
>>>>
>>>PLONK
>>>
>>>
>>>
>>/me blinks
>>
>>what does "PLONK" mean?
>>
> <>
> Well, metaphorically, it means dumping your hostile allegations against
> the provider of a free service where it rightfully belongs: the trash.
> Technically, it means you're killfiled.
>
>
<>Oh, Thanks Mikael, I'm not great with sound recognition. I asked
others on irc and they had no idea what it meant. I've to disagree
about them being in the trash though. Chad lied, thats worse than
arguing. He lied about having a RBL, and he lied about the 0%. I don't
care if I look like a bad guy on this one, becasue I just plainly
don't care, but I am 100% right. I spent an hour checking spammer IPs
on RubyGarden, it would certainly get over 80%, and the people who
spammed from hosts not listed were mostly proxies(common and elite
ports) or gone by the time I checked them from being Dynamic IP
adrresses. Sorry you feel that way about the truth, not many people
can have deep knowledge in security or have the experience. Laters,

You say you can't escape your habit of rudeness. Here's a simple
procedure. You can write it on a post-in note and stick it to your
monitor.

Before sending a message, read it over and answer these questions:

- Is the ostensible point of my message to help or to slander?

- Is it possible that I am assuming the worst?

- Is there a way to change my message so that the consequences will
   smell less of sulphur and more of actual improvement?

If I were to apply this procedure to your mail, I'd come up with
something like this:

Oh, thanks Mikael, I'm not great with sound recognition. I asked
others on IRC and they had no idea what it meant. I've to disagree
about them being in the trash though.

Chad was using an RBL, but I spent an hour checking spammer IPs on
RubyGarden, and it looks like something wasn't set up properly,
because most of the spam I saw would have been caught by a good RBL.
If you want to continue down the RBL road -- and I think that'd be a
good idea, because [reasons here] -- I'd be happy to help.

Laters,

That's better, because it still conveys all pertinent information, but
avoids looking like an attempt at slander, tries not to assume bad
things, and isn't likely to be followed up with a long thread of flames.

Please try it. You seem to know stuff about spam prevention. That
stuff would be a lot more helpful if provided in a friendly package.

<>Oh, Thanks Mikael, I'm not great with sound recognition. I asked
others on irc and they had no idea what it meant. I've to disagree about
them being in the trash though. Chad lied, thats worse than arguing. He
lied about having a RBL, and he lied about the 0%.

You're an ass, David, and you do more harm for the things that you suggest than
you could ever believe because you revel in being a first-class ass.

There is no evidence that Chad lied. You're pretending that RBLs are ideal
solutions. As I've told you before, they're not. There are various RBLs to
query -- and you don't know what list(s) that Chad is/was querying (nor does it
*matter*). New ones appear regularly, old ones disappear regularly. Various
RBLs have varying political policies (such as the list you mentioned that
blocks all dynamic IPs) that make them inappropriate. RBLs must be managed as
often as not. When Ruwiki supports RBL querying, the RBL will be disabled
unless you have three RBLs that you query and then it requires a majority vote
between the RBLs.

Frankly, I'm far more willing to believe Chad on this than I'd ever believe
you, because you're not necessarily querying the RBLs that Chad is querying --
and you're not necessarily querying it at the same time that RubyGarden's wiki
was doing so.

I don't care if I look like a bad guy on this one, becasue I just plainly
don't care, but I am 100% right.

No, you're not. Even if you had a 5% chance of being right, your attitude has
made you 1000% wrong. You want to do something with it? Start your own Ruby
wiki website and run it according to the policies that you prefer. And listen
to the crickets.

I spent an hour checking spammer IPs on RubyGarden, it would certainly get
over 80%, and the people who spammed from hosts not listed were mostly
proxies (common and elite ports) or gone by the time I checked them from
being Dynamic IP adrresses. Sorry you feel that way about the truth, not many
people can have deep knowledge in security or have the experience.

And you obviously have neither the knowledge nor the experience. RBLs aren't
even acknowledged as a 100% solution by the people who run them. What makes you
think that you know better?

-austin

Bill Atkins wrote:

>If you have issues with Chad's decisions, then communicate with him
>personally, and stop trolling about. Your arrogance and your
>vendettas don't do much to resolve the spam issue.
>

Well said.

[snip a *lot* of text - how about removing un-needed text before
replying?]

Trolling? excuse me. Everytime anyone argues its called trolling. Grow up.

He made a bad decision.

Come on - stop being so damn hostile and let it rest. You're not really
helping out promoting the "helpful and friendly" ruby community.

//Anders

Mikael Brockman wrote:

David Ross <dross@code-exec.net> writes:

Mikael Brockman wrote:

David Ross <dross@code-exec.net> writes:

Brian Schröder wrote:

Then you wouldn't mind giving out the server logs for us to confirm
you are telling the truth.

PLONK

/me blinks

what does "PLONK" mean?

<>
Well, metaphorically, it means dumping your hostile allegations against
the provider of a free service where it rightfully belongs: the trash.
Technically, it means you're killfiled.

<>Oh, Thanks Mikael, I'm not great with sound recognition. I asked
others on irc and they had no idea what it meant. I've to disagree
about them being in the trash though. Chad lied, thats worse than
arguing. He lied about having a RBL, and he lied about the 0%. I don't
care if I look like a bad guy on this one, becasue I just plainly
don't care, but I am 100% right. I spent an hour checking spammer IPs
on RubyGarden, it would certainly get over 80%, and the people who
spammed from hosts not listed were mostly proxies(common and elite
ports) or gone by the time I checked them from being Dynamic IP
adrresses. Sorry you feel that way about the truth, not many people
can have deep knowledge in security or have the experience. Laters,
   
You say you can't escape your habit of rudeness. Here's a simple
procedure. You can write it on a post-in note and stick it to your
monitor.

Before sending a message, read it over and answer these questions:

- Is the ostensible point of my message to help or to slander?

- Is it possible that I am assuming the worst?

- Is there a way to change my message so that the consequences will
  smell less of sulphur and more of actual improvement?

If I were to apply this procedure to your mail, I'd come up with
something like this:

Oh, thanks Mikael, I'm not great with sound recognition. I asked
others on IRC and they had no idea what it meant. I've to disagree
about them being in the trash though.

Chad was using an RBL, but I spent an hour checking spammer IPs on
RubyGarden, and it looks like something wasn't set up properly,
because most of the spam I saw would have been caught by a good RBL.
If you want to continue down the RBL road -- and I think that'd be a
good idea, because [reasons here] -- I'd be happy to help.

Laters,

That's better, because it still conveys all pertinent information, but
avoids looking like an attempt at slander, tries not to assume bad
things, and isn't likely to be followed up with a long thread of flames.

Please try it. You seem to know stuff about spam prevention. That
stuff would be a lot more helpful if provided in a friendly package.

You don't know how hard I've tried, even lilo(head of Freenode IRC) has talked to me(just about every staff on Freenode) except 3 which I've never heard of. I'm socially inept. He just accepts it though. Unfixable unfixable, as well as my dingy short replies.

David Ross

Mikael Brockman wrote:

David Ross <dross@code-exec.net> writes:

Please try it. You seem to know stuff about spam prevention. That
stuff would be a lot more helpful if provided in a friendly package.

I, for one, am surprised that people continue to reply to David's "messages". I killfiled him a long time ago, and he remains the one and only person I've ever killfiled, on any of the numerous mailing lists I'm on. It really is too bad he hangs out on ruby-talk, because it is otherwise one of the nicest communities I have the honor of participating in.

I killfiled David because he hides behind the excuse "yes, I'm rude, and I can't help it." You can ALWAYS help it. If he gives that excuse, it is because he doesn't WANT to change. He delights in being rude and obnoxious. Let's just acknoledge that, and cease to rise to David's trolls. If you, like me, don't like reading his bile, do like I did, and try the killfile.

- Jamis