From: Joey Hess <joey@kitenet.net>
Date: Sat, 18 May 2013 20:27:35 +0000 (-0400)
Subject: Merge branch 'master' of ssh://git.ikiwiki.info
X-Git-Url: https://sipb.mit.edu/gitweb.cgi/ikiwiki.git/commitdiff_plain/239c37989d4fb3e94c4c6db841a49a79b9ea040f?hp=9e4f0efe44a11ee5d30ce077a8f259d2ecc5b781

Merge branch 'master' of ssh://git.ikiwiki.info
---

diff --git a/doc/forum/How_can_I_prevent_spam__63__/comment_1_fd26fb7f1569e8c44ba8262794f938db._comment b/doc/forum/How_can_I_prevent_spam__63__/comment_1_fd26fb7f1569e8c44ba8262794f938db._comment
new file mode 100644
index 000000000..a7293288c
--- /dev/null
+++ b/doc/forum/How_can_I_prevent_spam__63__/comment_1_fd26fb7f1569e8c44ba8262794f938db._comment
@@ -0,0 +1,19 @@
+[[!comment format=mdwn
+ username="http://joeyh.name/"
+ nickname="joey"
+ subject="comment 1"
+ date="2013-05-17T17:55:46Z"
+ content="""
+Normally ikiwiki requires a valid session cookie of a logged in user to edit pages. It sounds like you may have the opendiscussion or anonok plugins enabled, which allows anyone to edit without logging in. Recommend disabling them.
+
+Since you know the spammer's IP, put it into ikiwiki.setup:
+
+<pre>
+banned_users:
+  - ip(85.25.146.11)
+</pre>
+
+If the user was logging in, you could also put their username in the ban list.
+
+You can also try enabling the blogspam plugin.
+"""]]
diff --git a/doc/forum/How_can_I_prevent_spam__63__/comment_2_d098124f005976ee815d25c883bc9106._comment b/doc/forum/How_can_I_prevent_spam__63__/comment_2_d098124f005976ee815d25c883bc9106._comment
new file mode 100644
index 000000000..53e743361
--- /dev/null
+++ b/doc/forum/How_can_I_prevent_spam__63__/comment_2_d098124f005976ee815d25c883bc9106._comment
@@ -0,0 +1,16 @@
+[[!comment format=mdwn
+ username="http://claimid.com/richard-lyons"
+ nickname="richard-lyons"
+ subject="comment 2"
+ date="2013-05-17T20:56:23Z"
+ content="""
+I did indeed have opendiscussion active.  I shall wait to see what happens after disabling it.
+
+The bots seem to make 5 consecutive edits at short intervals (around 2 minutes) using an IP 
+address as a username.  I do not know if the IP is the one from which they work.  There are 
+usually two or three sets of five edits using different IP addresses as username in each hour.
+
+I did try blocking specific IPs but they constantly change.
+
+It would be good if blocking could match a regexp, but as far as I can see this is not an option,
+"""]]
diff --git a/doc/forum/How_can_I_prevent_spam__63__/comment_3_deb434d01aaefa18d2791e48d6c824ae._comment b/doc/forum/How_can_I_prevent_spam__63__/comment_3_deb434d01aaefa18d2791e48d6c824ae._comment
new file mode 100644
index 000000000..64783befc
--- /dev/null
+++ b/doc/forum/How_can_I_prevent_spam__63__/comment_3_deb434d01aaefa18d2791e48d6c824ae._comment
@@ -0,0 +1,8 @@
+[[!comment format=mdwn
+ username="http://claimid.com/richard-lyons"
+ nickname="richard-lyons"
+ subject="SOLVED -- How can I prevent spam?"
+ date="2013-05-18T08:13:19Z"
+ content="""
+I can now confirm that this particular attack has stopped after removing the opendiscussion plugin.
+"""]]