more spam problems...
anarcat
admin
parent
8ffc2bdf99
commit
afa9a0b7f6
|
|
@ -0,0 +1,39 @@
|
|||
I have had the following in my `ikiwiki.setup` since 2016:
|
||||
|
||||
account_creation_password: XXXXXXXXXXXX
|
||||
|
||||
The XXX is made of lowercase, uppercase and digits, randomly generated. I would expect this to stop any account creation. Yet new accounts get created all the time:
|
||||
|
||||
w-anarcat@marcos:~/source/.ikiwiki$ perl -le 'use Storable; my $userinfo=Storable::retrieve("userdb"); print $userinfo->{$_}->{regdate} foreach keys %$userinfo' | sort -n | tail -10
|
||||
1587487021
|
||||
1587574304
|
||||
1587695540
|
||||
1587770285
|
||||
1588354442
|
||||
1588409505
|
||||
1589257010
|
||||
1589834234
|
||||
1590175162
|
||||
1590176201
|
||||
|
||||
The last two timestamps, for example, are today. I'm not absolutely certain, but I believe that account is an [[plugins/emailauth]] account:
|
||||
|
||||
'zemihaso_hfdsf.sadsdskfm.com' => {
|
||||
'regdate' => 1590175162,
|
||||
'passwordless' => 'd8de5ec25cfd68e64318fe6353c6428a',
|
||||
'subscriptions' => 'comment(blog/2020-04-27-drowning-camera)',
|
||||
'email' => 'zemihaso@hfdsf.sadsdskfm.com'
|
||||
},
|
||||
|
||||
It's obviously a spammer. It seems to be attacking my wiki by doing the following:
|
||||
|
||||
1. register an account with emailauth
|
||||
2. subscribe to the page
|
||||
3. spam the page with a comment
|
||||
4. which then sends email to the victim(s)
|
||||
|
||||
It's all kind of a mess. I'm at the point in my [[todo/anti-spam_protection]] where I am seriously considering disabling all user registration and all comments on all pages. Maybe delegate this to Mastodon or some other third-party commenting system, because I'm just tired of dealing with spam and bounces...
|
||||
|
||||
Anyone else seeing this? Shouldn't the `account_creation_password` setting apply to emailauth? What else am I missing?
|
||||
|
||||
Thanks! -- [[anarcat]]
|
||||
Loading…
Reference in New Issue