[conspire] Web spam and yandex forms

Akkana Peck akkana at shallowsky.com
Wed Dec 8 18:36:52 PST 2021


Ivan Sergio Borgonovo writes:
> If I remember correctly flask has some plugin to validate forms that comes
> with something a bit more sophisticated than maximum length etc... still I

I'm using WTForms, and it has validators for email addresses, but if
it has validators that can keep usernames a reasonable length and
free of suspicious characters, I haven't found them. Which doesn't
mean they don't exist; I'm not having much luck with search terms
for that.

I wrote:
> > Meanwhile I've figured out how to ban IPs in apache. In the past
> > day the requests have all come from two IPs, though I know that will
> > change and I'll have to add more over time, and I'm noting when IPs
> > are added in case I want to move them off the blacklist after a
> > while. I think I'm going to need some intelligent log-monitoring
> > scripts, keeping track of which IPs are seen when.

Ivan:
> Give a look to fail2ban. I'm not really sure if it can be still tricked to

I'll take a look. Does it do anything that the built-in apache
"Require not ip" doesn't do?

I think I'd actually prefer to refuse connections (so it appears
that there's no web server on the machine, instead of a web server
that's refusing connection based on IP), maybe at the iptables level.

Rick:
R> Playing IP address whack-a-mole is a losing game.

Acknowledged. I know it doesn't scale and I definitely wouldn't rely
entirely on it.. On the other hand, now that I've blocked two IP
addresses, I have a usable log file again that isn't completely
flooded with warnings about cyrillic signup attempts.

Meanwhile, I wrote a simple ChattyCaptcha class. Python, so it's no
help if Rick wants a Perl version. I haven't finished hooking it
into the real BillTracker registration form yet, because I still
need to work out details like limiting the number of failures (and
figure out what to do if that happens), but you can play with it on
the commandline:
https://github.com/akkana/billtracker/blob/master/billtracker/chattycaptcha.py

        ...Akkana



More information about the conspire mailing list