Despamming a moinmoin wiki
November 26th, 2007
Over the weekend I needed to despam a MoinMoin wiki which had lax permission policies in place. So over time spammers from mostly China discovered and exploited the wiki for spamming.
What is described below should be only done for a reasonably small wiki, because it consists of only manual steps.
Login
At first, I could not login and always ended up at the /UserPreferences page which is just for user creation. I just could ont find the login button. The trick is an additional HTTP parameter at the end of the URL: ?action=login.
Users
Once I could login as the administrator I had a look at all user accounts. Less than 10 it should have been, more than 50 there were. I knew that the regular users were rather old and the spam users rather fresh so I had a look at the file backend of the wiki. Under data/users/ MoinMoin stores all known and unknown users with a trail of there actions. Then I identified the file which contained the last regular user and moved all following files to a different directory for a later forensic analysis.
Spam Pages
Next I had a look at the current set of pages. For one I found ?action=titleindex useful, because it lists all pages of a MoinMoin wiki. This showed me that there were definitely spam pages around. The regular users did not notice any of these because the spammer did not change any existing pages, only added new, unattached ones. Thats why I decided to have a look at all orphaned pages (/OrphanedPages), meaning pages which no link inside the wiki leads to. Most of the pages I found here were spam, some although were user profiles and such.
Similar to the user files the pages are located at data/pages/ and named like the page in the wiki. This made it pretty easy for me identify all spam pages and I moved them out of the data path as well.
Prevention
The easiest way to prevent spam in MoinMoin wikis are
but that’s another story.
By the way, the spammer used some real email addresses, maybe you happen to know some of them ..
luck674 AT hotmail DOT com jingkewang8 AT 163 DOT com jingkewang8 AT 1613 DOT com jingkewangrunpu AT 163 DOT com jingkewangwyq AT 163 DOT com jingkewangmba AT 163 DOT com favorgame AT favorgame DOT net jingkewangpensha AT 163 DOT com HuangJian AT 126 DOT com xunkongjian AT 163 DOT com wanbaolong AT 163 DOT com jingjiu AT 163 DOT com jiaoyu AT 163 DOT com chekumen AT 163 DOT com bjchekumen AT 163 DOT com leimengmo AT 163 DOT com mingshengxin AT 163 DOT com shutong AT 163 DOT com sdaswqa AT hotmail DOT com jiasheng AT 163 DOT com sangya AT 163 DOT com zhengtu AT 163 DOT com aodesha AT 163 DOT com zufang AT 163 DOT com jingkewanggs AT 163 DOT com taiyangsan AT 163 DOT com guancai1 AT 163 DOT com jixiang AT 163 DOT com juanlianmen AT 163 DOT com meirongmeifa AT 163 DOT com df56h AT 163 DOT com fdfduyio11 AT hotmail DOT com xinxing AT 163 DOT com sooo DOT ooo AT hotmail DOT com hongjiu AT 163 DOT com youhua AT 163 DOT com foukh97d AT 163 DOT com bgb888 AT gmail DOT com mengxiangbj AT 163 DOT com luyinyi AT 163 DOT com suhjff AT gmail DOT com xinghai AT 163 DOT com meirong AT 163 DOT com caicaimm34 AT hotmail DOT com tiegui AT 163 DOT com yitaiwang AT 163 DOT com famen1 AT 163 DOT com diaolan AT 163 DOT com rencaiwang AT 163 DOT com jiaozuo AT 163 DOT com rgddsrgdr AT 126 DOT com ssusr15756 AT hotmail DOT com tahg1fj AT hotmail DOT com kjhgfd54 AT 163 DOT com
Leave a Reply