[Olpc-sysadmin] wiki Talk:page spam attack
fgrose at gmail.com
Fri Jul 23 01:14:28 EDT 2010
wiki.laptop.org is being attacked much like wiki.sugarlabs.org was on 13
July 2010 between 11:21 and 19:22 EDT.
See http://wiki.laptop.org/go/Special:RecentChanges for lines like this:
N ! 23:56 User talk:Whereresi (diff; hist) . . (+101) . . Whereresi
(Talk | contribs | block) (Created page with 'wear,
http://dotnetfreak.co.uk/members/Lilian_5F00_Devries.aspx teeth whitening
louisiana , sentence.')
Using OpenID for new accounts authentification seems to have ended the
spamming at wiki.SL, although the autoblocking pattern visible here,
http://wiki.laptop.org/go/Special:BlockList, persists at wiki.SL.
See this post,
subscribed, or this extract:
Almost 150 new accounts were opened, almost all placing spamming links in
> the Talk page.
See http://wiki.sugarlabs.org/go/Special:RecentChanges for that time range.
At 18:03 I noticed the attack and blocked the most recent account.
> Immediately #369 was (Autoblocked because your IP address has been recently
> used by "Eridalad".)
> See http://wiki.sugarlabs.org/go/Special:BlockList
> After 5 similar cycles, at 18:35, I sent a note to
> webmaster at sugarlabs.orgwith <http://lists.sugarlabs.org/listinfo/systems> this message,
> See http://wiki.sugarlabs.org/go/Special:RecentChanges
> - decided to disable wiki account creation with this in
> # 2010-07-13 18:41:59 -0400 fgrose
> # Prevent new user registrations except by sysops
> # 2010-07-13 19:21:21 -0400 fgrose: commented out for testing
> # 2010-07-13 19:24:00 -0400 fgrose: reinhibit
> $wgGroupPermissions['*']['createaccount'] = false;
> The blocklist and the test at 19:21 showed that the attack had not stopped.
> (Notice the pattern of increasing odd number autoblocks.)
> - updated http://wiki.sugarlabs.org/go/MediaWiki:Loginprompt to suggest
> that new users create accounts with an OpenID.
> This has prevented the spam, but the server and database may still be under
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Olpc-sysadmin