There have been some developments on the wiki front.
As to be expected, I would like to get rid of the burden of spam contents; just a few mimutes a day but why do that if it can be avoided.
First of all, I deleted all user entries in cache – well, except the ones I want to keep, of course. Removing the spam alltogether was quite a different story so in the end, I decided to remove everything dated after Jan-01, 2011. That got rid of the spam messages, indeed. Plus a bit more, which rendered the wiki unusable: Starting page gone, frontpage gone. But the wiki is backed up on a weekly basis so I could restore it all, though it does take quite some time to re-appear.
Next, diiging through the documentation, I found a way to allow users to sign up, but the really create a page, it’s possible to require SSL – maning: a login on the system. This has been tried bu it caised a number of problems. First, I needed to define a SSL-enabled entry that requires you to log in. Next, I had to find a way to make the wiki normally accessabe over port 80 (where you could create an account) but you would need to login on port 443 (using https) to create of alter a page. Things has been set up that way – both WASD and wikli – but not only was the wiki inaccesable (unauthorized) when accessed of http, ALL pages were immutable when accessing the wiki over https: – I even didn;t need to login.
Put a question on the WASD list for the first issue (being typically a WASD issue) and reversed teh configuration. I got my answer from Mark, but I still need to implement it.
But it seems that the abusers found out the wiki cannot be abbused any more. In the last week, a few bogus users have been created but no new pages have been created, looking at the “Recent Changes” page. And slowly, the number of new users decreased.
Similarly, the SYSMGR blog seems to be plagued with bogus users, it seems most reside in the .ru domain. But as far as I can find out, there is no problem with them except using a single row in the database. They can only be subscribers, meaning they cannot contribute. I don’t know why they subscribed – problably opting for abuse, exploiting a possible flaw in WordPress? I know I need to upgrade to the latest version, and of PHP as well, and so for Python and MoinMoin, and possible VMS….
But plans are to redesign it all – abandoning MySQL and PHP, and Python and MoinMoin competely, and switch to the native VWCMS allgtogether. though it’ll mean a lot of work…
Next week, I’ll need to refresh the licences – expiration date approaches….
and so some maintenance must be exercised. Last month’s logs have been archived, and mail statistics processed:
PMAS statistics for February
Total messages : 3386 = 100.0 o/o
DNS Blacklisted : 2228 = 65.8 o/o (Files: 28)
Relay attempts : 111 = 3.2 o/o (Files: 28)
Processed by PMAS : 1047 = 30.9 o/o (Files: 28)
Discarded : 323 = 30.8 o/o (processed), 9.5 o/o (all)
Quarantained : 254 = 24.2 o/o (processed), 7.5 o/o (all)
Delivered : 470 = 44.8 o/o (processed), 13.8 o/o (all)
two-third just dropped; which is rather normal; the number of relay attempts rather high, these are mostly attampts to relay to yahoo.tw addresses – more or less the same address each time, a few each day. And once in a while from my ISP – which bounces nicely.
The Wiki trouble
Apart from crawlers looking for the AirTicket stuff there are some attempts to retrieve this deleted data. Upload hasn’t been attempted any more. (That would fail as well). No reaction of this bloke. He’s just trying again once in a while – but the setting has been changed and he seems to be quite stubborn: twice was tried to create a new user – with bogus name, and therefore I removed both accounts. Now without warning.
New VMS licences
are not required in short time: I rechecked them and found the current ones last for another month. But I’ll keep an eye on it.
Ubuntu on the workstation has some issues with the (ATI) video card. Rendering flat-faced surfaces (like this blog background) show unrendered pixels first, these will be filled later on. Fast chaning windows case the system to hang – completely. Even CTRL+Alt+F1 doesn’t work. The only alternative is to reset the machine…
The primary Windows environment blows the screen as well – where the chips looses synch, it seems. The screen doesn’t blank, the system doesn’t hang but the screen cannot be used at all. The alternate system however blanks, and regains the graphical processor, resets and continues.
Not always, always all of a sudden and, of course, at a most inconvenient time. Perhaps I’ll get myself an NVidea card instead (with a heat sink in stead of an on-board fan, it won’t do that much anyway).
I think I’ll start programming, starting with the most troublesome part: file access. I now have a fairly good idea what I’ll do. See how much time I can spend on it, aside learning Linux, as long as I’m off assignement (which won’t be too long, I hope)
Mid last week, I took a look to the web logs and I noticed an external source had abused the wiki sto store some data. This person, using an anonymiser to obsure his (her?) IP address, has created an account “Airtickets”, entered an E-mail address (required to get a password) and uploaded a number of files. Retrieved them as well, it seems.
The files didn’t do any harm – these were plain HTML as far as I could determine. Nor would it be able to run uploaded files directlry by the webserver – it’s not set up that way.
Of course, this is not the intention of the VMS wiki, so I tracked down as many information I could get, deleted the files and disabled the account.
Another thing I changed is that I’ll be noticed when a new account is being created.
I kept track of it a few days, and I saw attempts to retrieve the information the day after I removed the files. But all resulted in “404” status. Which is, of course, correct.
Now I deleted the account data, so accessing the account will now fail basically, after I deleted the cached files, as the documentation specifies.
And I notified the address on the issue.
The basic idea of this program has developed and put to disk, so it’s more or less time start developing the program itself. There are a few things I have to look into. I intend to use this as an excercise to get into C (heavy, I know) and some VMS-specifics like accessing indexed files (the RMS way) which requires specific code. But there are sufficient examples available for any code block I would like to use. I guess I’ll start coding soon.
The latest version is now 2.7.1, perhaps I’ll update soon. Hoepfully it does work with the current HP-supplied PHP engine (I didn’y notice the definite version yet)