Context Navigation

ScallyWhack/Rules/420014

Rule 420014: block SandBox spamvertisements

Purpose

Blocks the increasing amount of spamvertisements that are posted to the SandBox wiki page. This page is a natural choise for many wikis: it's meant as playground and place where people can get used to the wiki formatting syntax, thus usually everyone is allowed to change this page. Although Trac slightly differs from other wikis in terms of its (missing) abilities to adjust access permissions on a per-page-basis, a lot of Trac-driven sites are vulnerable to this method nevertheless.

Looks for POSTs without trac_auth cookie, having the strings "http:/" or "https:/" in either the summary, description, comment or text form parameter.

Example

--92d1f258-A--
[08/Oct/2007:19:30:17 +0200] mx7016wQKoYAAHv6wUMAAACE XX.XX.XX.XX 13395 217.24.1.134 80
--92d1f258-B--
POST /wiki/SandBox HTTP/1.1
Via: 1.0 LVC01
Cookie: trac_form_token=b72c7da94f9aeb5e0c2f0870; trac_session=8893c4aa1fa59b26d88db83e
Referer: http://madwifi.org/wiki/SandBox?action=edit
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
Host: madwifi.org
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, */*
Accept-Language: en
Connection: Keep-Alive
Content-Length: 1333

--92d1f258-C--
__FORM_TOKEN=b72c7da94f9aeb5e0c2f0870&action=edit&version=1&scroll_bar_pos=&editrows=28&text=http%3A%2F%2Franitidinebuytramadolnowkfg%2Ebloghoster%2Etld&author=arnold&tags=None&comment=None&save=Submit%20changes
--92d1f258-F--
HTTP/1.1 403 Forbidden
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=512
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

--92d1f258-H--
Message: Access denied with code 403 (phase 2). Pattern match "(http|https):/" at ARGS:text. [id "420014"] [rev "1"] [msg "SandBox spam"]
Action: Intercepted (phase 2)
Stopwatch: 1191864617071831 220057 (218065* 218464 -)
Producer: ModSecurity v2.1.1 (Apache 2.x)
Server: Apache/2.2.3 (Debian) DAV/2 SVN/1.4.2 mod_python/3.3.1 Python/2.4.4
WebApp-Info: "scallywhack.trac.madwifi" "-" "-"

--92d1f258-Z--

Protected handlers

wiki (restricted to page "SandBox")

History

rev:1: Initial version.

Download in other formats:

Plain Text