[Imc] tech issues for steering group mtg this week

Paul Riismandel p-riism at uiuc.edu
Thu Aug 1 20:11:44 UTC 2002 

Our website continues to be bombarded by a relatively savvy spammer who 
is posting as many as 70 articles in a row.  Tech believes that he is 
exploiting a weakness in our website software that we can't quite figure 
out.

In addition, he is hiding his computer's identity (IP address) by using 
a web proxy -- an Internet server that forwards Internet traffic. This 
makes his hits to our website look like they come from somewhere else.

It is not overstatement to say that right now the usability and 
integrity of our website is at stake.  Mike L. is busting himself right 
now to hide the onslaught of spam so that our front page and newswire is 
still useful and good articles aren't pushed off.  But this kind of 
vigilence can't be maintained.

We are currently logging IPs and blocking the ones this mad spammer is 
using, which slows him down but does not stop him because new proxies 
can be found relatively easily.

At our tech meeting yesterday we came up with a way to block most of 
this guy's hits to our server.  It is an established sysadmin technique 
for protecting systems.  Unfortunately, it also runs the risk of 
blocking some legitimate traffic.  Dan L. is currently figuring out 
about how much legitimate traffice it might block by analyzing our web 
server logs.

Because of the potential to block legitimate traffic Tech decided that 
it was best to bring the question to Steering this Sunday for consent to 
implement this method.  We're purposely not putting the technical 
details in this e-mail because it's pretty certain that our spammer is 
reading our e-mail archives.  We will explain this technique on Sunday 
or over private e-mail to anyone who asks.  Tech has no intention of 
hiding anything from any IMC members  -- simply, we've been forced to 
defend our web server and can't afford to reveal our defenses to the 
entire Internet.

Everyone's input and consideration is invited -- we hope to have this 
next step decided at Sunday's steering meeting at noon, at the IMC.

Thanks,

Paul

More information about the IMC mailing list