[SATLUG] SPAM on wiki

Fri Jan 5 21:17:57 CST 2007

On 1/3/07, Bruce Dubbs <bruce.dubbs at gmail.com> wrote:
> I received a note from Frank Huddleston (thanks Frank) that the wiki was
> not working.  Upon investigation, I found that the main wiki page was
> hacked so bad that php was running out of memory.  The hacker had an ip
> address of 81.177.14.26 or
>
> dig -x 81.177.14.26
>
> ; <<>> DiG 9.2.4 <<>> -x 81.177.14.26
> ;; global options:  printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 22482
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
>
> ;; QUESTION SECTION:
> ;26.14.177.81.in-addr.arpa.     IN      PTR
>
> ;; AUTHORITY SECTION:
> 177.81.in-addr.arpa.    10800   IN      SOA     ns.rt-comm.ru.
> hostmaster.rtcomm.ru. 2006112100 28800 7200 1209600 86400
>
> I have blocked the entire 81.177.0.0/16 address space which is assigned
> by RIPE (http://www.ripe.net/perl/whois/) to a Moscow ISP.
>
> According to the log, all the hacks (over 100 separate entries) are
> coming from the same IP dating back to November 29.
>
> I don't monitor the wiki every day, so *please* let me know if you see
> any hacks (or fix them yourself).
>
> Do we have any volunteers to research MediaWiki to see how protect pages
> from unauthorized updates?
>
>   -- Bruce

Thanks, Bruce.
You stopped that bad boy.

But now we have another one.
206.161.124.210 writes to the Main page right after the phrase "Consult the"
and before "[http://meta.wikipedia.org/wiki/MediaWiki_User%27s_Guide
MediaWiki User's Guide] for information on customising and using the
wiki software."

dig -x 206.161.124.210

; <<>> DiG 9.3.2 <<>> -x 206.161.124.210
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 466
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 2

;; QUESTION SECTION:
;210.124.161.206.in-addr.arpa.  IN      PTR

;; ANSWER SECTION:
210.124.161.206.in-addr.arpa. 86400 IN  PTR     206-161-124-210.pccwbtn.net.

;; AUTHORITY SECTION:
124.161.206.in-addr.arpa. 86400 IN      NS      ns.cais.com.
124.161.206.in-addr.arpa. 86400 IN      NS      ns2.cais.com.
124.161.206.in-addr.arpa. 86400 IN      NS      ns3.cais.com.

;; ADDITIONAL SECTION:
ns.cais.com.            60755   IN      A       205.177.10.10
ns2.cais.com.           70145   IN      A       205.252.14.129

;; Query time: 66 msec
;; SERVER: 24.93.41.125#53(24.93.41.125)
;; WHEN: Fri Jan  5 20:57:58 2007
;; MSG SIZE  rcvd: 180

I am Security challenged so this doesn't mean much to me.

Today's contribution removed was:

<div align="right" style="overflow:auto; height:
1px;">*[http://pxy1.net/ pxy1] *[http://namibianhistory.com/ history
of Namibia] *[http://guatemalahist.com/ history of Guatemala]
*[http://croatiahis.com/ history of Croatia] *[http://xz5.org/ history
of Belarus] *[http://zimbab.net/ history of Zimbabwe]
*[http://z4o.net/ z4o] *[http://georgia.blogabc.org/ georgia]
*[http://sciencenewssite.com/ science news site]
*[http://missouri.blogabc.org/ missouri]
*[http://www.psychologyblog.org/ Psychology]
*[http://www.lawdiary.org/ Law] *[http://africanewssite.com/ africa
news site] *[http://www.ecommercejournal.org/ E-commerce]
*[http://celebritynewssite.net/ celebrity news site]
*[http://www.realestatediary.org/ Real Estate]
*[http://tradingstudyblog.com/ trading study blog]
*[http://www.healthonlineblog.org/ Health]
*[http://www.topvideoblog.org/ Video] *[http://wyoming.blogabc.org/
wyoming] *[http://www.southamericablog.org/ South America]
*[http://www.greatfashionblog.org/ Fashion]
*[http://www.moviesjournal.org/ Movies]
*[http://www.gamblingdiary.org/ Gambling]
*[http://www.outsourcingdiary.org/ Outsourcing]
*[http://www.footballjournal.org/ Football]
*[http://southcarolina.blogabc.org/ southcarolina]
*[http://belarusnewsblog.com/ belarus news blog]
*[http://fashionworldblog.com/ fashion world blog]
*[http://www.chemistrydiary.org/ Chemistry]
*[http://forexnewssite.net/ forex news site]
*[http://autonewssite.net/ auto news site]
*[http://www.portableaudioblog.org/ Portable Audio]
*[http://www.racingblog.org/ Auto Racing] *[http://iowa.blogabc.org/
iowa] *[http://kansas.blogabc.org/ kansas]
*[http://www.culturejournal.org/ Culture] *[http://utah.blogabc.org/
utah] *[http://www.basketballjournal.org/ Basketball]
*[http://www.scienceonlineblog.org/ Science]
*[http://texas.blogabc.org/ texas] *[http://www.australiajournal.org/
Australia] *[http://www.gamesdiary.org/ Games]
*[http://www.rallyblog.org/ Rally] *[http://www.technologydiary.org/
Technology] *[http://travellingnews.net/ travelling news]
*[http://www.rugbydiary.org/ Rugby] *[http://www.economicsblog.org/
Economics] *[http://maryland.blogabc.org/ maryland]
*[http://www.worldinfoblog.org/ World] *[http://www.gardeningblog.org/
Gardening] *[http://www.cyclingblogger.org/ Cycling]
*[http://www.hardwarejournal.org/ Hardware]
*[http://www.musiconlineblog.org/ Music] *[http://hawaii.blogabc.org/
hawaii] *[http://www.wirelessdiary.org/ Wireless]
*[http://wisconsin.blogabc.org/ wisconsin] *[http://www.golfdiary.org/
Golf] *[http://russianewssite.com/ russia news site]
*[http://www.recreationblog.org/ Recreation]
*[http://www.bestfitnessblog.org/ Fitness]
*[http://www.olympicsjournal.org/ Olympics]
*[http://www.northamericablog.org/ North America]
*[http://oklahoma.blogabc.org/ oklahoma]
*[http://pennsylvania.blogabc.org/ pennsylvania]
*[http://www.sportsinfoblog.org/ Sports]
*[http://connecticut.blogabc.org/ connecticut]
*[http://discountnewsblog.com/ discount news blog]
*[http://massachusetts.blogabc.org/ massachusetts]
*[http://www.hockeyjournal.org/ Hockey] *[http://familyincestbiz.com/
family incest] *[http://michigan.blogabc.org/ michigan]
*[http://www.motosportsblog.org/ Motosports]
*[http://healthnewssite.com/ health news site]
*[http://www.audiosystemsblog.org/ Audio Systems]
*[http://ohio.blogabc.org/ ohio] *[http://www.physicsblog.org/
Physics] *[http://southdakota.blogabc.org/ southdakota]
*[http://asianewssite.net/ asia news site]
*[http://www.financediary.org/ Finance]
*[http://technologynewsworld.com/ technology news world]
*[http://nebraska.blogabc.org/ nebraska]
*[http://louisiana.blogabc.org/ louisiana]
*[http://internetinfosite.net/ internet info site]
*[http://easterneuropeblog.com/ eastern europe blog]
*[http://europeinfosite.com/ europe info site]
*[http://nevada.blogabc.org/ nevada] *[http://www.middleeastdiary.org/
Middle East] *[http://www.wrestlingjournal.org/ Wrestling]
*[http://www.travelingblog.org/ Travel] *[http://energynewssite.org/
energy news site] *[http://florida.blogabc.org/ florida]
*[http://realestatenewssite.com/ real estate news site]
*[http://colorado.blogabc.org/ colorado] *[http://newyork.blogabc.org/
newyork] *[http://tennessee.blogabc.org/ tennessee]
*[http://sportsnewsblog.org/ sports news blog]
*[http://moviesblogonline.com/ movies blog online]
*[http://www.wintersportsblog.org/ Winter Sports]
*[http://www.historyjournal.org/ History]
*[http://financeblogworld.com/ finance blog world]
*[http://www.educationdiary.org/ Education]
*[http://montana.blogabc.org/ montana] *[http://politicsnewsblog.com/
politics news blog] *[http://asianmarketnews.net/ asian market news]
*[http://www.companiesblog.org/ Companies]
*[http://www.fishingblogger.org/ Fishing] *[http://bankingdiary.com/
banking diary] *[http://tradersblogonline.com/ traders blog online]
*[http://www.computersblog.org/ Computers]
*[http://www.manufacturingblog.org/ Manufacturing]
*[http://www.businessdiary.org/ Business]
*[http://newmexico.blogabc.org/ newmexico] *[http://middleastnews.net/
middleast news] *[http://oregon.blogabc.org/ oregon]
*[http://www.internetblogger.org/ Internet] *[http://www.entblog.org/
Entertainment] *[http://www.environmentjournal.org/ Environment]
*[http://latinamericanewssite.com/ latinamerica news site]
*[http://california.blogabc.org/ california]
*[http://www.societyjournal.org/ Society]
*[http://westvirginia.blogabc.org/ westvirginia]
*[http://www.stockmarketjournal.org/ Stock Market]
*[http://musicentertainmentblog.com/ music entertainment blog]
*[http://alaska.blogabc.org/ alaska] *[http://virginia.blogabc.org/
virginia] *[http://mississippi.blogabc.org/ mississippi]
*[http://www.boxingblog.org/ Boxing] *[http://www.beautyjournal.org/
Beauty] *[http://idaho.blogabc.org/ idaho]
*[http://www.baseballjournal.org/ Baseball]
*[http://euromarketdata.com/ euro market data]
*[http://rhodeisland.blogabc.org/ rhodeisland]
*[http://indiana.blogabc.org/ indiana] *[http://arkansas.blogabc.org/
arkansas] *[http://www.celebritiesblog.org/ Celebrities]
*[http://www.geneticsblog.org/ Genetics]
*[http://www.governmentblog.org/ Government]
*[http://commoditymarketssite.com/ commodity markets site]
*[http://www.carsdiary.org/ Cars] *[http://www.religionblogs.org/
Religion] *[http://www.softwarejournal.org/ Software]
*[http://www.managementdiary.org/ Management]
*[http://allnewsoftware.org/ all new software]
*[http://www.semiconductorblog.org/ Semiconductor]
*[http://www.jobsjournal.org/ Job] *[http://economicalnews.net/
economical news] *[http://vermont.blogabc.org/ vermont]
*[http://arizona.blogabc.org/ arizona] *[http://www.bowlingblog.org/
Bowling] *[http://www.networkingjournal.org/ Networking]
*[http://www.politicsdiary.org/ Politics]
*[http://www.archaeologydiary.org/ Archaeology]
*[http://www.humorblog.org/ Humor] *[http://minnesota.blogabc.org/
minnesota] *[http://www.humanitiesblog.org/ Humanities]
*[http://www.europediary.org/ Europe] *[http://www.literatureblog.org/
Literature] *[http://www.theatreblog.org/ Theatre]
*[http://www.consumerelectronicsblog.org/ Consumer Electronics]
*[http://www.foodinfoblog.org/ Food] *[http://www.militarydiary.org/
Military] *[http://www.asiajournal.org/ Asia]
*[http://northcarolina.blogabc.org/ northcarolina]
*[http://usnewssite.net/ us news site] *[http://www.designjournal.org/
Design] *[http://www.programmingdiary.org/ Programming]
*[http://www.marketingdiary.org/ Marketing]
*[http://www.transportationblog.org/ Transportation]
*[http://www.spacediary.org/ Space] *[http://www.digitalvideoblog.org/
Digital Video] *[http://www.cellularphonesblog.org/ Cellular Phones]
*[http://kentucky.blogabc.org/ kentucky] *[http://drugsnews.org/ drugs
news] *[http://www.artsblogger.org/ Arts] *[http://gamesnewsblog.com/
games news blog] *[http://delaware.blogabc.org/ delaware]
*[http://www.automobilesblog.org/ Automobiles]
*[http://www.televisionblog.org/ Television]
*[http://www.booksjournal.org/ Books]
*[http://www.mediablogonline.org/ Media]
*[http://www.medicineblogsite.org/ Medicine]
*[http://illinois.blogabc.org/ illinois]
*[http://www.cricketjournal.org/ Cricket]
*[http://eurotraveldiary.com/ euro travel diary]
*[http://www.biotechnologyblog.org/ Biotechnology]
*[http://northdakota.blogabc.org/ northdakota]
*[http://www.bikesblog.org/ Bike] *[http://maine.blogabc.org/ maine]
*[http://myanimalworld.net/ my animal world]
*[http://washington.blogabc.org/ washington]
*[http://www.employmentblog.org/ Employment]
*[http://www.tennisjournal.org/ Tennis] *[http://topbookssite.com/ top
books site] *[http://alabama.blogabc.org/ alabama]
*[http://communicationsnews.org/ communications news]
*[http://newhampshire.blogabc.org/ newhampshire]
*[http://newjersey.blogabc.org/ newjersey]
*[http://sexualhealthnews.net/ sexual health news]</div>