[Owasp-board] Spam followup

Laurence Casey larry.casey at owasp.org
Wed May 27 20:40:21 UTC 2009


All,

As per our conversation on the conference call, I have been working on
resolving this spam attack for a couple days now. I am done at this point
and will be monitoring things to see how they are and to see if any feedback
comes from the community.

Here are the things I did.

1. Searched the DB for all instances of one of the url¹s that was the same
for all spammed pages and reverted those pages. (approx. 250+ pages)
2. Searched the DB again for another attack that happened before the second
attack and reverted those pages. (approx. 300+ pages)
3. Blocked all users accounts who made the changes above (approx. 300+)
4. Removed all accounts that were added, but have not made any changes. I
understand the concern for removing those accounts, but this was necessary
since accounts that were created using the same naming convention also
defaced pages. I had no way to know which accounts were sitting dormant
waiting to deface. (approx. 5500+ users). People can simply recreate an
account if they really need to make a change.

I have implemented an extension that requires sysop authorization and email
verification from the account creator before posts can be made to the site.
Currently all requests are sent to kate, jeff and I. If you are a sysop, you
can also see who has those requests by the text under the login button in
the upper right hand corner. Example: 2 open e-mail-confirmed account
requests pending. You can go directly to the request page here:
http://www.owasp.org/index.php/Special:ConfirmAccounts

--Larry
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20090527/0f7278c4/attachment-0002.html>


More information about the Owasp-board mailing list