spam attack on trac

a few tickets from the cypherpunks account are being vandalized with obscene content and spam.

added component::internal services/service - trac owner::qbi priority::immediate resolution::fixed severity::major status::closed type::defect labels

i have removed the following permissions from the GRP_cypherpunks role: TICKET_APPEND and TICKET_CREATE.

i will see about removing the offensive content permanently.

Trac:
Owner: qbi to anarcat
Status: new to accepted

i have removed tickets #34168, #34170 and deleted user onionfap

i removed #34172 which was also spammed by the cypherpunks account.

next step is to look at the timeline and see what other damage was done and revert that. :/

cypherpunks can still post comments and edit old ones.

@anarcat

https://trac.torproject.org/projects/tor/ticket/34173?cversion=0&cnum_hist=3#comment:3

https://trac.torproject.org/projects/tor/ticket/34169?cversion=0&cnum_hist=11#comment:11

https://trac.torproject.org/projects/tor/ticket/34169?cversion=0&cnum_hist=15#comment:15

https://trac.torproject.org/projects/tor/ticket/34166?cversion=0&cnum_hist=5#comment:5

(merged to comment 5)

cypherpunks can still post comments and edit old ones.

i disabled the cypherpunks account until we can get a hold of this.

i'll let qbi followup on the cleanup and next steps

Trac:
Status: accepted to assigned
Owner: anarcat to qbi

Replying to anarcat:

cypherpunks can still post comments and edit old ones.

i disabled the cypherpunks account until we can get a hold of this. thank you for taking care of this abuse. sad to see this is needed. but best choice atm. (excuse me, don't get tricked by my account name, I'm kind user. i created this because my comments was edited)

looks like cleaned offensive content cleared. still there are a lot of changes of comments and trac wiki pages in past over weeks with interval increasing.

as the account now got disabled, i cannot log into it and revert this. where or how to report? there is something around 100 comments affected 5 pages.

shall i list them in a new ticket or here? would someone revert this things? wiki page hard to revert because trac detect spam (limit exceeded) if try to do so. comment only can revert by account of commenter and since account disabled, this not possible.

i have spotted at least those following:

comments in tickets search for "edited by cypherpunks": #18361 (moved) #23840 (moved) #24351 #33010 (moved) #34159 (moved) #34173 (moved)

wiki: org/doc/ListOfServicesBlockingTor org/projects/WeSupportTor doc/CloudflareSites org/projects/DontBlockMe

Trac:
Username: ϲypherpunks

Replying to ϲypherpunks:

The Wayback machine has an archive of the Tor wiki pages and the first 4 tickets you listed. :)

Tickets: https://web.archive.org/web/20200109124658/https://trac.torproject.org/projects/tor/ticket/18361 https://web.archive.org/web/20200427133137/https://trac.torproject.org/projects/tor/ticket/23840 https://web.archive.org/web/20200301013104/https://trac.torproject.org/projects/tor/ticket/24351 https://web.archive.org/web/20200215065227/https://trac.torproject.org/projects/tor/ticket/33010 Wiki:

https://web.archive.org/web/20200501003445/https://trac.torproject.org/projects/tor/wiki/org/doc/ListOfServicesBlockingTor https://web.archive.org/web/20200507011754/https://trac.torproject.org/projects/tor/wiki/org/projects/WeSupportTor https://web.archive.org/web/20190615070007/https://trac.torproject.org/projects/tor/wiki/doc/CloudflareSites https://web.archive.org/web/20200306040422/https://trac.torproject.org/projects/tor/wiki/org/projects/DontBlockMe

Trac:
Username: Dbryrtfbcbhgf

Ok. Pages can get reverted by track history without loosing formatting. But take long time because of link limit can only revert 2 lines per page edit.

Comments can't restore but quote versions of track diff history. You find comment history link underevery comment below the link DIFF last edited ago.... if there was multilple edits you can go back in time by selecting previous.

If restore through quotes. Order of conversation. Get lost.

At least nothing really lost. Just hidden by first look.

Trac:
Username: ϲypherpunks

But take long time because of link limit can only revert 2 lines per page edit.

This trac is very annoying. You can't post more than 5(?) links.

Trac:
Username: cypherpunk1

Submission rejected as potential spam
    Maximum number of external links per post exceeded

https://trac.torproject.org/projects/tor/wiki/org/projects/WeSupportTor?action=edit&version=461

What now?

Trac:
Username: cypherpunk1

Replying to cypherpunk1:

{{{ Submission rejected as potential spam Maximum number of external links per post exceeded }}}

https://trac.torproject.org/projects/tor/wiki/org/projects/WeSupportTor?action=edit&version=461 What now?

If you want you can copy the text to a pad and paste the link to the pad here. I can make the change in trac for you.

Replying to qbi:

Replying to cypherpunk1: If you want you can copy the text to a pad and paste the link to the pad here. I can make the change in trac for you.

Version 461 looks fine to me. Can you revert it to version 461?

The text can be retrieved from https://trac.torproject.org/projects/tor/wiki/org/projects/WeSupportTor?action=edit&version=461

462 25 hours cypherpunks (vandalized) 461 26 hours cypherpunks (last good)

i disabled the cypherpunks account

How long are you going to lock it? Other cpunks might wondering why they can't log in if they didn't logged in recently.

Trac:
Username: cypherpunk1

Replying to ϲypherpunks:

wiki: org/doc/ListOfServicesBlockingTor org/projects/WeSupportTor doc/CloudflareSites org/projects/DontBlockMe

I resetted all of the wiki pages. Resetting the tickets requires a bit more work.

As far as I can tell all vandalism is now resetted.

Thanks ! wiki looks now like nothing happend. The years of comments also. Great.

Trac:
Username: ϲypherpunks

wiki looks now like nothing happend.

My contrib was defaced again. This is second time. I'm not going to waste my time on this.

Trac:
Username: cypherpunk1

Added new subpage. https://trac.torproject.org/projects/tor/wiki/doc/tgcw_people_voice

edit: :(

Trac:
Username: cypherpunk1

Illegal images on https://trac.torproject.org/projects/tor/wiki/org/projects/DontBlockMe https://trac.torproject.org/projects/tor/wiki/org/doc/ListOfServicesBlockingTor

Enough already https://trac.torproject.org/projects/tor/timeline?daysback=5&authors=%23BuiltForThis&tag_query=&ticket_details=on&wiki=on&update=Update

Trac:
Username: cypherpunk1

Trac:
Username: cypherpunk1

Thanks a lot. User is removed and pages are reverted.

Vandalism here and there, revert here and there. I've no idea which version is real now...

1. Would you please revert this to Version 149? https://trac.torproject.org/projects/tor/wiki/doc/tgcw_people_voice?action=history

2. I suggest you add following "keyword" to trac denylist so the spammer can't post same illegal images.

-sex
videocp (domain part of .onion)
bonanza
lolip
ipor
://fuck

3. Close thse as duplicate of 34175? https://trac.torproject.org/projects/tor/ticket/34166 https://trac.torproject.org/projects/tor/ticket/34169

4. Disallow non-alphanumeric !([a-zA-Z0-9]{1,255}) username. Related https://trac.torproject.org/projects/tor/ticket/23771

Trac:
Username: cypherpunk1

Add here: wiki:BadContent ?

Replying to cypherpunk1:

4. Disallow non-alphanumeric !([a-zA-Z0-9]{1,255}) username. Related https://trac.torproject.org/projects/tor/ticket/23771

No, don't disallow my existence please.

Trac:
Username: ϲypherpunks

@qbi

The copy paste to bad content missed a line. The (part of onion) Line needs change into a pattern. Not working as it is

Xxx*.onion

Trac:
Username: ϲypherpunks

Replying to ϲypherpunks:

The copy paste to bad content missed a line.

Thanks. I changed it.

Replying to cypherpunk1:

1. Would you please revert this to Version 149? https://trac.torproject.org/projects/tor/wiki/doc/tgcw_people_voice?action=history

[X] Done.

2. I suggest you add following "keyword" to trac denylist so the spammer can't post same illegal images. Done.
3. Close thse as duplicate of 34175? Done.
4. Disallow non-alphanumeric !([a-zA-Z0-9]{1,255}) username. Related https://trac.torproject.org/projects/tor/ticket/23771 I need to investigate how to do it correctly. It will probably take some more time.

Thanks for the ticket.

cypherpunks

No, don't disallow my existence please.

I'm not talking about you. I was talking about username "#BuildForThis" who've replaced my contributions.

ϲypherpunks

Looking at your username, it is very hard to distinguish. You used non-alphabet 'c'. Any hard-to-distinguish characters should be banned.

Can you distinguish between this ϲypherpunks(your name) and cypherpunks(real account name)? Impossible.

'ϲypherpunks'=='cypherpunks'
false

What if someone register 'c'ypherpunk1 and vandalize some wiki? (please don't do it)

What if someone used non-ASCII word to fake themselves as Tor contributor?

Trac:
Username: cypherpunk1

What's wrong with this anti-Cloudflare lunatic? Did he know that Tor's threat model has no problem in defying it? We all know Cloudflare is bad can you all stop now?

Trac:
Username: cypherpunks_writecode

We all know Cloudflare is bad

Not all. As far as I can see from this ticket #24351, there's some people who don't understand Cloudflare is bad. I really don't care whether they dislike anti-Cloudflare activity or not.

Whatevs. I'm sorry if #24351 or GCW hurts your feeling. Just don't replace any documents to some illegal images, ok?

I'm getting outta here.

Trac:
Username: cypherpunk1

There was still someone vandalizing the wiki. So we disabled several cypherpunks accounts and online assigning viewing permissions to authenticated users.

Out current solution is that people should ask for more permissions like #34210 (moved). After some time we will probably reset this policy, but experience from similar cases suggests that it needs some cooling down.

Replying to cypherpunk1:

4. Disallow non-alphanumeric !([a-zA-Z0-9]{1,255}) username. Related https://trac.torproject.org/projects/tor/ticket/23771

I tried to use several regexes to disallow non-alphanumeric characters, but even simple ones like [AB] didn't work as expected (only allowed A and B plus non-ASCII characters). Also (?a)[AB] and similar combinations didn't work. Currently it is unclear how to make this work. We'll investigate later and adjust the settings if there is a good fix. For now I'll close this ticket.

Trac:
Status: assigned to closed
Resolution: N/A to fixed

closed

mentioned in issue #34190 (moved)