Opened 7 months ago

Last modified 6 months ago

#34190 new task

New shared account idea

Reported by: cypherpunk1 Owned by: qbi
Priority: Medium Milestone:
Component: Internal Services/Service - trac Version:
Severity: Normal Keywords:
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

Old system:

  • cypherpunks, writecode
  • Anyone can use it
    • Bot attack / Script is very easy

New system:

  • cypherpunk(RandomStringHere), writecode
    • ID:Password rotate every 1 week or 1 day
      • So they can't vandalize comments after 1 week or 1 day
  • Anyone can use it
    • Yes, this is a must
    • Bot attack / Script is difficult

  1. Open https://trac.torproject.org/projects/tor/wiki/WikiStart#UnofficialDocumentation
  2. Click "use this shared account of this week"
  3. Solve Captcha
  4. Display current ID:Password pair

Before

Most of the content here is written by volunteers from around the world. If you find a topic you want to fix, expand, or create, please either create an account or use the multi-user account cypherpunks with the password writecode Note that edits will be credited to the cypherpunks account and not you personally. 

After

Most of the content here is written by volunteers from around the world. If you find a topic you want to fix, expand, or create, please either create an account or use the multi-user account. Click here to view ''account information''. Note that edits will be credited to the cypherpunks account and not you personally. 

Child Tickets

Change History (3)

comment:1 Changed 7 months ago by cypherpunk1

Week 1: create/keep cypherpunk2020051 writecode, delete cypherpunks, delete cypherpunks2020*
Week 2: create/keep cypherpunk2020052 writecode, delete cypherpunks, delete cypherpunks2020*
Week 3: ...

(and prevent the creation of 'cypherpunk*' account from trac.tpo website)

@weekly rotate_cypherpunks.sh

e.g

year = current year#2020
month = current month#05
weeknumber = current week of month#02

delete account cypherpunks
delete account ypherpunks{year}*

delete account{year}{month}{weeknum}
create account{year}{month}{weeknum} as password writecode

update website text

comment:2 Changed 7 months ago by ϲypherpunks

Before and after looks same.


The abuse was up to daily editing comments. This will not cover by this sadly. Hardened effort for the spammer but won't prevent it. Well a first step to recovery functionality of anonymous bug report is important. Of course no 100% solution exits. If someone after it he will find his way. Cat and mouse game. But daily account rotate would be to much I think. Keep in mind timezones differences.
Weekly sounds reasonable.

Is it possible to drop permission of editing (at least comments) for anything not from same session instead account based?

There it is org/operations/services/trac

Last edited 7 months ago by ϲypherpunks (previous) (diff)

comment:3 Changed 6 months ago by qbi

Parent ID: #34175

removed parent #34175, because this is not strictly a child of that ticket. I'd like to think and discuss this separately.

Note: See TracTickets for help on using tickets.