Skip to content

Anti Spam Tools

Jump to bottom Edit New page
RayBB edited this page May 17, 2024 · 1 revision

This document is quickly becoming deprecated, please instead view the DDOS section of our Disaster Recovery & First Responder's Guide

The following was originally published by Giovanni Damiola @gdamdam via http://gio.blog.archive.org/2016/03/10/ol-anti-spam-tools. Gio writes:

Measures taken

I’ve added the common words found in the recent spam to the spam words blacklisted mail.com as almost all of the spam was coming from that domain. This may stop some genuine people from registering and making edits. blocked and reverted edits lot of accounts

Other approaches:

On ol-db1 investigate volume and patterns:

  • select * from store where key like 'account/%/verify' order by id desc limit 50;

Check nginx access logs for common vectoros on ol-www1

  • sudo cat /var/log/nginx/access.log | grep "/people"
  • sudo cat /var/log/nginx/access.log | grep "/account/create"

Sam's magic sauce:

netstat -n | /home/samuel/work/reveal-abuse/mktable
sudo cat /var/log/nginx/access.log | cut -d ' ' -f 1 | sort | uniq -c  | sort -n | tail -n 10 | /home/samuel/work/reveal-abuse/reveal | /home/samuel/work/reveal-abuse/shownames

Using Sam's Legacy Tools

First, ssh over to ol-www0 (which is the entry point for all traffic) and determine who the bad actor(s) are. Because we anonymize IPs, you'll first have to populate a map of anonymous IPs to IPs we can actually block:

ssh -A ol-www1
netstat -n | /home/samuel/work/reveal-abuse/mktable  # XXX this should probably be added to `olsystem`, see: https://github.com/internetarchive/olsystem/issues/45

Then run:

sudo tail -n 5000 /var/log/nginx/access.log | cut -d ' ' -f 1 | sort | uniq -c  | sort -n | tail -n 10 | /home/samuel/work/reveal-abuse/reveal | /home/samuel/work/reveal-abuse/shownames

Or...

sudo tail -n 250000 /1/var/log/nginx/access.log | awk '{print $1}' | sort | uniq -c | sort -nr | head -n 30

At this point, see nginx.conf, you can add the IPs to /olsystem/etc/nginx/deny.conf or add classes of IPs or user-agents to /etc/nginx/sites-available/openlibrary.conf, e.g.:

    if ($http_user_agent ~* (Slurp|Yahoo|libwww-perl|Java)) {
        return 403;
    }

Or, you can block on a per-IP basis in /opt/openlibrary/olsystem/etc/nginx/deny.conf.

Add a custom footer

Getting Started & Contributing

  1. Setting up your developer environment
  2. Using git in Open Library
  3. Finding good First Issues
  4. Code Recipes
  5. Testing Your Code, Debugging & Performance Profiling
  6. Loading Production Site Data ↦ Dev Instance
  7. Submitting good Pull Requests
  8. Asking Questions on Gitter Chat
  9. Joining the Community Slack
  10. Attending Weekly Community Calls @ 9a PT
  11. Applying to Google Summer of Code & Fellowship Opportunities

Developer Resources

  1. FAQs: Frequently Asked Questions
  2. Front-end Guide: JS, CSS, HTML
  3. Internationalization
  4. Infogami & Data Model
  5. Solr Search Engine Manual
  6. Imports
  7. BookWorm / Affiliate Server
  8. Writing Bots

Developer Guides

APIs & Client Libraries

Project Management

  1. Directory of Projects
  2. Important Documents by Year
  3. Responsibilities Matrix

Other Portals

Legacy
Old Getting Started
Orphaned Editions Planning
Canonical Books Page

Clone this wiki locally