spam

There are 2 posts tagged spam (this is page 1 of 1).

Upgraded to Typo 4.0

Well, the upgrade to Typo 4.0 didn’t go so well. No data loss though, so everything’s cool.

At least most pages seem to be functional, so this is not so bad. Combined with having custom sidebar plugins that no longer work, the fact that the merge between the new code and my old one did not quite go as planned, it was not a too pleasant (most of it my own fault I guess).

Anyway, it is getting really late and I’ll finish the rest of the migration tomorrow.

If you tried to access the site while this was going on and you were inconvenienced, pleas accept my most sincere apologies!

If you notice anything weird, please send me a mail at psq _at_ nanorails _dot_ com.

Update, about 20h later, some sleep…: It seems that everything is back up, I migrated my custom plugins to typo 4.0 (about removing 1 file, removing half of the code linked to configuration and adding a few lines) and it seems that everything has been working smoothly :)

And the best of all of that: no more trackback spam! Well, not that it went away, it caught about 25 since last night, but they don’t get published anymore. Just for that, it was all worth it. Thank you everyone in the typo team!

Update 2: Well rails 1.1.5 came out, and it was not enough, so rails 1.1.6 came out and seems to be strong enough to fill in the security issues

And in the process, I also upgraded to Typo 4.0.2

That last upgrade went very smoothly!

However, I’ve had a few annoying cases of nanoRAILS hanging and not responding for hours on hand till I killed the processes. I don’t know yet at this point whether it is due to the new version of rails, the new version of typo, or pehaps some settings that changes on dreamhost. In any case, I’ve installed my own version of ruby and the full set of gems, so we’ll see if that helps!

Typo trackback Spam

Taking a look at lib/spam_protection.rb, and scan_uri called when adding a trackback, scan_uri only checks against the RBL database.

So I’ve added the following to scan_uri:

# Pattern scanning
BlacklistPattern.find_all.each do |pattern|
  logger.info(“[SP] Scanning domain for #{pattern.class} #{pattern.pattern}”)

  if pattern.kind_of?(RegexPattern)
    throw :hit, “Regex #{pattern.pattern} matched on host” if domain.join(‘.’).match(/#{pattern.pattern}/)
  else
    throw :hit, “String #{pattern.pattern} matched on host” if domain.join(‘.’).match(/\b#{Regexp.quote(pattern.pattern)}\b/)
  end
end

Ultimately, this code should be factored out and called from scan_text and scan_uri.
So here’s the full version:

def scan_uri(host)
return scan_ip(host) if host =~ Format::IP_ADDRESS

host_parts = host.split(‘.’).reverse
domain = Array.new

# Check for two level TLD
(SECOND_LEVEL.include?(host_parts[1]) ? 3:2).times do
  domain.unshift(host_parts.shift)
end

# Pattern scanning
BlacklistPattern.find_all.each do |pattern|
  logger.info(“[SP] Scanning domain for #{pattern.class} #{pattern.pattern}”)

  if pattern.kind_of?(RegexPattern)
    throw :hit, “Regex #{pattern.pattern} matched on host” if domain.join(‘.’).match(/#{pattern.pattern}/)
  else
    throw :hit, “String #{pattern.pattern} matched on host” if domain.join(‘.’).match(/\b#{Regexp.quote(pattern.pattern)}\b/)
  end
end
logger.info(“[SP] Scanning domain #{domain.join(‘.’)}”)
query_rbls(HOST_RBLS, host, domain.join(‘.’))
end

I’ll run this for a few days, and if it works, I will add a patch to the typo trac database.

So far, with the right pattern in the blacklist, it has been able to fend off one attack. So far, so good :)

[SP] Scanning for StringPattern HIDDEN
[SP] Scanning for StringPattern HIDDEN
[SP] Scanning IP 193.219.28.245
[SP] Scanning domain for StringPattern HIDDEN
[SP] Hit: String HIDDENmatched on host

I’ve replaced the pattern with HIDDEN just not to give this guy more publicity than he deserves.