Posted on Mon Aug 07 20:06:00 UTC 2006
Well, the upgrade to Typo 4.0 didn’t go so well. No data loss though, so everything’s cool.
At least most pages seem to be functional, so this is not so bad. Combined with having custom sidebar plugins that no longer work, the fact that the merge between the new code and my old one did not quite go as planned, it was not a too pleasant (most of it my own fault I guess).
Anyway, it is getting really late and I’ll finish the rest of the migration tomorrow.
If you tried to access the site while this was going on and you were inconvenienced, pleas accept my most sincere apologies!
If you notice anything weird, please send me a mail at psq _at_ nanorails _dot_ com.
Update, about 20h later, some sleep…: It seems that everything is back up, I migrated my custom plugins to typo 4.0 (about removing 1 file, removing half of the code linked to configuration and adding a few lines) and it seems that everything has been working smoothly :)
And the best of all of that: no more trackback spam! Well, not that it went away, it caught about 25 since last night, but they don’t get published anymore. Just for that, it was all worth it. Thank you everyone in the typo team!
Update 2: Well rails 1.1.5 came out, and it was not enough, so rails 1.1.6 came out and seems to be strong enough to fill in the security issues
And in the process, I also upgraded to Typo 4.0.2
That last upgrade went very smoothly!
However, I’ve had a few annoying cases of nanoRAILS hanging and not responding for hours on hand till I killed the processes. I don’t know yet at this point whether it is due to the new version of rails, the new version of typo, or pehaps some settings that changes on dreamhost. In any case, I’ve installed my own version of ruby and the full set of gems, so we’ll see if that helps!
Posted in Quid Pro Quo, Rails
|
Tags spam
|
11 comments
Posted on Thu Apr 06 06:11:00 UTC 2006
Taking a look at lib/spam_protection.rb, and scan_uri called when adding a trackback, scan_uri only checks against the RBL database.
So I’ve added the following to scan_uri:
# Pattern scanning
BlacklistPattern.find_all.each do |pattern|
logger.info(“[SP] Scanning domain for #{pattern.class} #{pattern.pattern}”)
if pattern.kind_of?(RegexPattern)
throw :hit, “Regex #{pattern.pattern} matched on host” if domain.join(‘.’).match(/#{pattern.pattern}/)
else
throw :hit, “String #{pattern.pattern} matched on host” if domain.join(‘.’).match(/\b#{Regexp.quote(pattern.pattern)}\b/)
end
end
Ultimately, this code should be factored out and called from scan_text and scan_uri.
So here’s the full version:
def scan_uri(host)
return scan_ip(host) if host =~ Format::IP_ADDRESS
host_parts = host.split(‘.’).reverse
domain = Array.new
# Check for two level TLD
(SECOND_LEVEL.include?(host_parts[1]) ? 3:2).times do
domain.unshift(host_parts.shift)
end
# Pattern scanning
BlacklistPattern.find_all.each do |pattern|
logger.info(“[SP] Scanning domain for #{pattern.class} #{pattern.pattern}”)
if pattern.kind_of?(RegexPattern)
throw :hit, “Regex #{pattern.pattern} matched on host” if domain.join(‘.’).match(/#{pattern.pattern}/)
else
throw :hit, “String #{pattern.pattern} matched on host” if domain.join(‘.’).match(/\b#{Regexp.quote(pattern.pattern)}\b/)
end
end
logger.info(“[SP] Scanning domain #{domain.join(‘.’)}”)
query_rbls(HOST_RBLS, host, domain.join(‘.’))
end
I’ll run this for a few days, and if it works, I will add a patch to the typo trac database.
So far, with the right pattern in the blacklist, it has been able to fend off one attack. So far, so good :)
[SP] Scanning for StringPattern HIDDEN
[SP] Scanning for StringPattern HIDDEN
[SP] Scanning IP 193.219.28.245
[SP] Scanning domain for StringPattern HIDDEN
[SP] Hit: String HIDDENmatched on host
I’ve replaced the pattern with HIDDEN just not to give this guy more publicity than he deserves.
Posted in Rails
|
Tags spam
|
0 comments
