[Owasp-leaders] Wiki For Function Injection and Memcached Injection
fady.othman at owasp.org
Thu Sep 1 17:55:18 UTC 2016
Cheers! and have a great day.
On Thu, Sep 1, 2016 at 7:53 PM, Matt Tesauro <matt.tesauro at owasp.org> wrote:
> FYI: Fady - your account just got approved.
> Happy wiki editing.
> -- Matt Tesauro
> OWASP AppSec Pipeline Lead
> OWASP WTE Project Lead
> http://AppSecLive.org <http://appseclive.org/> - Community and Download
> On Thu, Sep 1, 2016 at 11:51 AM, Matt Tesauro <matt.tesauro at owasp.org>
>> While I generally agree with Dave's advice, there's one thing he may not
>> know since he's had a wiki account, well, almost forever. ; )
>> The wiki has been, off and on, flooded with bogus account requests
>> starting in early 2016. At the peak, we were seeing ~700 account requests
>> per month with a peak at 966. Kate has been doing heroic efforts to allow
>> only legitimate requests through. The ones that slip through have been
>> SPAM'ing the wiki, in some cases 250+ new or edited pages. When multiple
>> SPAM'ers got through, we had SPAMers editing other SPAMers' pages which
>> breaks the built-in wiki cleanup tools. So much so, that I wrote a custom
>> program to clean up really bad SPAM attacks .
>> So, let me know here that you put in a request for a wiki account after
>> you confirm your email address per the email sent from the wiki so I can
>> get you the access you deserve.
>> FOR THE REST OF YOU: At least in the near term, please submit the form
>> and confirm your address THEN submit a ticket in the Contact Us form at
>> https://www.tfaforms.com/308703 with "IT Support" as your type of help
>> and tell us what bit you want to edit/add. That will help us distinguish
>> the real from the bogus.
>> I have generally not talked much about this primarily to keep the SPAMer
>> in the dark in the case they are closely looking at our wiki and mail
>> lists. However, I'd like to community to know why getting a wiki account
>> isn't as easy as it once was AND, that we're working on fixing this issue.
>> I'll be spending a good chuck of the upcoming US holiday weekend doing
>> updates on the wiki for this and other reasons.
>> To try to answer potential questions:
>> (1) Use anti-automation [something] or a CAPTCHA to remove these requests
>> These are not normal script kiddie blunt automation attacks. For the
>> SPAMer accounts that got through, they submitted a request, verified an
>> email address, and submitted a "Contact Us' request asking for their
>> account to be approved. These include getting past a CAPTCHA. They also
>> directly emailed Kate, myself, webmaster at owasp.org, admin at owasp.org at
>> various times and for various accounts.
>> Also, we're asking for a short bio now when you request a wiki account.
>> These request aren't just "asdf" or random text for the bios but decently
>> written and legit sounding bios that are unique per request like this
>> SPAMer example:
>> Hi my name is Trilok Sharma. I am a software professional with more than
>> 10 years of desktop , web and mobile application development experience. i
>> have completed many of the projects. I have expertise in c , c++ , Java ,
>> microsoft .net , java script , HTMl , CSS and object reporting technologies
>> . i want to create a comutiny for active and well skilled software
>> professionals. I have purchased a membership account also. kindly create my
>> account. Thanking you.
>> I suspect that the submissions are done by 'wet-ware' aka humans where
>> labor costs are low enough to make this effective. BTW, Trilok Sharma is
>> not a paid OWASP member - big surprise. ;)
>> (2) Why?
>> I'm not 100% sure on this one. They have been adding SPAM about
>> Quickbooks support services. Since we average between 7.5 and 8 million
>> hits per week on the wiki, so I suspect SPAM on our wiki gives them lots of
>> Google Foo as far as the search engine is concerned.
>> (3) Don't they just move to the next target once we stop approving their
>> accounts and or start monitoring for SPAM more closely?
>> It kinda looks like we might be at that point. The velocity of requests
>> is starting to slow down but is still much higher then 'normal'. There
>> have been fewer SPAM cleanups - last one was in early August. I don't have
>> a handle on the value of SPAM'ing our wiki which is a good proxy on how
>> much pain we need make their interactions with before they move on.
>> However, I can say two things about this SPAM'ing effort:
>> They are patient. I've seen accounts that got approved stay dormant for
>> weeks before 'waking up' and SPAM'ing the wiki.
>> They are persistent. I've see an account sit dormant for a week, wake up
>> and start SPAM'ing, then have the SPAM content removed. After removing the
>> SPAM, I notices HEAD requests for the URL of the SPAM page which 404 after
>> removal. About 2 hours after they start 404'ing, a new SPAM'er account
>> wakes up and starts SPAM'ing.
>> So, we're working on this and trying to find the right amount of scrutiny
>> to place on requests before they get approved. This may slow you down a
>> bit. We're sorry about that and we're actively working on getting things
>> shored up to remove that slow-down.
>>  https://github.com/mtesauro/random-docs/tree/master/scri
>> -- Matt Tesauro
>> OWASP AppSec Pipeline Lead
>> OWASP WTE Project Lead
>> http://AppSecLive.org <http://appseclive.org/> - Community and Download
>> On Thu, Sep 1, 2016 at 9:34 AM, Dave Wichers <dave.wichers at owasp.org>
>>> That's it. Just request an account on the wiki and it should be approved
>>> in short order and then you can create whatever pages your want and edit
>>> existing pages as well. 99% of what's on the OWASP wiki is publicly
>>> editable by anyone with a wiki account. And once you have the new pages
>>> ready for release, let us all know about them and ask for a quick
>>> review/sanity check.
>>> Thanks for offering to contribute.
>>> On Thu, Sep 1, 2016 at 9:58 AM, Fady Othman <fady.othman at owasp.org>
>>>> I was discussing "function injection" with a friend of mine who brought
>>>> to my attention that a "function injection" page doesn't exist in OWASP
>>>> I also found that there's no "memcached injection" page.
>>>> I can work on both pages if you want but I don't know the steps, should
>>>> I simply send a request to sign up for the wiki or is it more complicated
>>>> than that?
>>>> Fady Othman
>>>> OWASP-Leaders mailing list
>>>> OWASP-Leaders at lists.owasp.org
>>> OWASP-Leaders mailing list
>>> OWASP-Leaders at lists.owasp.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the OWASP-Leaders