{"id":294,"date":"2007-04-12T03:50:16","date_gmt":"2007-04-12T03:50:16","guid":{"rendered":"https:\/\/defragged.org\/ossec\/?p=294"},"modified":"2020-07-03T03:50:59","modified_gmt":"2020-07-03T03:50:59","slug":"wiki-editing-blocked-vandalism","status":"publish","type":"post","link":"https:\/\/defragged.org\/ossec\/2007\/04\/wiki-editing-blocked-vandalism\/","title":{"rendered":"Wiki editing blocked (vandalism)"},"content":{"rendered":"\n<p>I decided to block any form of editing to the&nbsp;<a href=\"http:\/\/www.ossec.net\/wiki\/\">ossec wiki<\/a>&nbsp;for reasons of&nbsp;<em>vandalism<\/em>. If you look at the wiki&nbsp;<a href=\"http:\/\/www.ossec.net\/wiki\/index.php\/Special:Recentchanges\">recent changes<\/a>&nbsp;page you will see the changes that were made. Most of them were very strange to me, like removing every&nbsp;<strong>+<\/strong>&nbsp;(plus) from the pages or removing all the content (without adding any spam link or anything). Anyone seeing similar patterns?<\/p>\n\n\n\n<p>After some&nbsp;<em>log analysis<\/em>&nbsp;I found that all the changes were made by the same IP address (<strong><a href=\"http:\/\/isc.sans.org\/ipinfo.html?ip=200.238.102.162\">200.238.102.170<\/a><\/strong>) across the last three days\u2026<\/p>\n\n\n\n<p>Sample log:<\/p>\n\n\n\n<p><em><br>200.238.102.162 \u2013 &#8211; [11\/Apr\/2007:18:00:35 -0300] \u201cGET \/wiki\/index.php?title=Log_Samples_Lotus_Domino&amp;action=edit HTTP\/1.1\u2033 200 6702 \u201chttp:\/\/www.ossec.net\/wiki\/index.php\/Log_Samples_Lotus_Domino\u201d \u201cMozilla\/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)\u201d<\/em><\/p>\n\n\n\n<p><em>200.238.102.170 \u2013 &#8211; [11\/Apr\/2007:17:08:36 -0300] \u201cGET \/wiki\/index.php?title=Log_Samples_Solaris&amp;action=edit HTTP\/1.1\u2033 200 6667 \u201chttp:\/\/www.ossec.net\/wiki\/index.php\/Log_Samples_Solaris\u201d \u201cMozilla\/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)\u201d<\/em><\/p>\n\n\n\n<p>How do you guys handle vandalism\/spam on your wikis? Any suggestion? Until I can find a solution to this, send me an e-mail if you need to edit the wiki.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>I decided to block any form of editing to the&nbsp;ossec wiki&nbsp;for reasons of&nbsp;vandalism. If you look at the wiki&nbsp;recent changes&nbsp;page you will see the changes that were made. Most of them were very strange to me, like removing every&nbsp;+&nbsp;(plus) from the pages or removing all the content (without adding any spam link or anything). Anyone [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[4],"tags":[],"_links":{"self":[{"href":"https:\/\/defragged.org\/ossec\/wp-json\/wp\/v2\/posts\/294"}],"collection":[{"href":"https:\/\/defragged.org\/ossec\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/defragged.org\/ossec\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/defragged.org\/ossec\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/defragged.org\/ossec\/wp-json\/wp\/v2\/comments?post=294"}],"version-history":[{"count":1,"href":"https:\/\/defragged.org\/ossec\/wp-json\/wp\/v2\/posts\/294\/revisions"}],"predecessor-version":[{"id":295,"href":"https:\/\/defragged.org\/ossec\/wp-json\/wp\/v2\/posts\/294\/revisions\/295"}],"wp:attachment":[{"href":"https:\/\/defragged.org\/ossec\/wp-json\/wp\/v2\/media?parent=294"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/defragged.org\/ossec\/wp-json\/wp\/v2\/categories?post=294"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/defragged.org\/ossec\/wp-json\/wp\/v2\/tags?post=294"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}