关于垃圾评论指向本项目的说明

[Mister-Hope]

English Version

从 7月18日起，大部分 Waline 评论系统遭到恶意评论攻击。攻击者采取一言API，并添加 “好自为之 + 本项目和 Waline 项目的链接“ 评论，恶意对大量 Waline 评论系统进行高强度攻击，甚至导致国内部分地区访问 Vercel 间歇性被屏蔽。同时攻击者随机伪造昵称、邮箱、UA以及IP，具有无法追踪的特点。

本次攻击疑似是对 ”Waline 评论系统的直接攻击“ 或 ”收到垃圾评论的反制“。

需要注意的是这种对 Waline 开发者的诋毁已经不是第一次

类似的事情早在 2020年11月就已经发生过，详情请见 https://imnerd.org/spam-statement.html 。当时就有攻击者以 @lizheming 的名义到 Valine 评论区大量添加 Waline 介绍评论，导致 @lizheming 遭到了不明真相用户的声讨。

Waline 当时的核心贡献者只有 @lizheming，我于2021年5月份开始贡献 Waline 项目，成为了新的核心贡献者(代码行数也超越 @lizheming)，因此我也被卷入了第二轮攻击。

从 “好自为之 + 本项目和 Waline 项目的链接“ 的项目来看，似乎是攻击者的评论率先被来自 我和 @lizheming 项目的垃圾评论填充，进而攻击全部 Waline 用户，当然也不排除攻击者本人装作受害者进行反向攻击。

可以肯定的是，作为 Waline 的两位核心贡献者，我们没有道理对自己项目的用户发起攻击，同时我们也即没有无聊到到处刷垃圾评论引向自己的项目，更不至于”团伙作案“。

我本人现在理论物理研究生在读，代码只是我的爱好，我日后计划从事科研方向，没有理由以这种很明显会产生负面好感度的方式同时和 @lizheming 刷自己的项目。所以希望大家保持理智

另外从后台来看，攻击者的 IP 池深度超过 2500，很有可能是在伪造 IP，这也表明了攻击者不想让别找到他。

• 如果您在使用 Waline，并正在寻求一个解决方案，请您进入 Waline 项目 查看，有几种方式可以暂时屏蔽攻击。
• 如果您没有使用 Waline，而是直接收到了以我和 @lizheming 口吻发出的垃圾评论，欢迎您在评论区留言，并提供您是否含有攻击者额外信息的线索。

最后愿我们尽快找出攻击者并对他加以反制。

[Mister-Hope]

Starting from July 18th, there has been a malicious attack on the Waline Comment system. The attacker uses YIYAN API with a comment of "Good for oneself + this project and the link to the Waline project", maliciously carrying out a high-intensity attack on a large number of Waline comment systems, and even causing vercel service blocked in some parts of the China. At the same time, the attackers randomly generates IP addresses, mailboxes, UAs, which is untraceable.

This attack may be a "direct attack on the Waline comment system" or a "countermeasure against spam comments received".

Please note that this is not the first time waline core contributors are faked.

Similar events already happened in November 2020. For details, please visit https://imnerd.org/spam-statement.html. At that time, the attacker fake @lizheming posting a large number of comments pointing to Waline on Valine comment system, which caused @lizheming being denounced by users who do not know the facts.

only @lizheming is in Waline’s core contributor at the time. I started contributing to the Waline project in May 2021 and became a new core contributor (the line numbers of code also surpassed @lizheming), so I was also included in the second round of attacks.

From the comment containing our project links, it seems that attacker’s comment is first filled with spam comments with me and @lizheming 's project. All then he started to attack all users of Waline, and of course it can be the attacker himself pretending to be victum

It is certain that me and lizheming as the core contributor of Waline, have no reason to attack our projects users. At the same time, we are not boring enough to spam comments about our projects together, which abviously leads to hatred.

Also I am currently studying as a postgraduate student in theoretical physics, and programming is just my hobby. I plan to engage in scientific research in the future or be a physic teacher, and no plans to work in IT.

From the backstage, the attacker's IP pool depth exceeds 2500, which is likely faking his IP, which also prevents anyone recognize him.

• If you are using Waline and are looking for a solution, please see Waline Project, there are several ways to temporarily block the attack.
• If you are not using Waline, but you are receiving spam comments about me and @lizheming's project. You are welcome to leave a message below and provides more detail about attackers.

Wish we all can find him one day and give him the punishment he deserve!

[ocoke]

如果您在使用 Waline，并正在寻求一个解决方案，请您进入 Waline 项目 查看，有几种方式可以暂时屏蔽攻击。

欸？没看到呢

[Mister-Hope]

你可以暂时开启评论审查并关闭邮件通知，定期手动审核评论。

[ocoke]

谢谢