Voldemort attacks wiki

News, happenings
Message
Author
User avatar
Lobster
Official Crustacean
Posts: 15522
Joined: Wed 04 May 2005, 06:06
Location: Paradox Realm
Contact:

Voldemort attacks wiki

#1 Post by Lobster »

:shock:

The wiki was attacked again as predicted
'Registered users' with spam bot name such as "rtg67op" need to be deleted in the MySQL database that Wikka uses (I don't have that access)

Going to page history (bottom of wiki page) allows genuine users to click on the date for a pre bot edit and then near the bottom of the page re-edit that page - which can then be stored

update:
A new attack matching username and wikki page has begun. It is possible it is an isolated case . . .
Last edited by Lobster on Sun 22 Jul 2007, 13:42, edited 2 times in total.
Puppy Raspup 8.2Final 8)
Puppy Links Page http://www.smokey01.com/bruceb/puppy.html :D

User avatar
Previously known as Guest
Posts: 240
Joined: Thu 29 Sep 2005, 00:39

#2 Post by Previously known as Guest »

Shame, seems the dimwit wanna be hackers/children are at it again.

John Doe
Posts: 1681
Joined: Mon 01 Aug 2005, 04:46
Location: Michigan, US

#3 Post by John Doe »

It's a shame that some idiot(s) needs to stomp all over it just because the library door is left open.

...and so easy to fix... middle finger extended to them.

I didn't see it, was it spam or spew?

User avatar
Lobster
Official Crustacean
Posts: 15522
Joined: Wed 04 May 2005, 06:06
Location: Paradox Realm
Contact:

#4 Post by Lobster »

Society for the Promotion of Elfish Welfare = spew?

:)

It is not lone hackers or script kiddies it is commercial interests
They would probably like to be thought of as 'guerilla marketers'

By having links on our site their google page rank may go up if the links are not removed. There may be other motivations that I am unaware of. We are not being singled out, this is something that would be occuring on other wikka sites . . .

As mentioned SQL removal of the 'registered user/bots' is required. as we are now in the 3rd or 4th day of attacks and it may not stop until this is attended to . . .

I am running a later version of the wikka software at tmxxine.com but this was attacked too and has the disadvanatage that all the images would have to be upgraded to a full wikka link (at the moment just the url for the image is used)

it would have to become

Code: Select all

{{image class="left" alt="logo" image url="http://i5.tinypic.com/14vrxv5.jpg"}}


or similar

This is something I have mentioned before but no one was inclined to upgrade the images

I am inclined NOT to change ACL's. At the moment unregistered users can post, though sadly on fewer pages. More and more pages have become for registered users only [shrug]

Anyway if you have the time, pages need attention
http://puppylinux.org/wikka/RecentChanges
Last edited by Lobster on Thu 05 Jul 2007, 10:56, edited 2 times in total.
Puppy Raspup 8.2Final 8)
Puppy Links Page http://www.smokey01.com/bruceb/puppy.html :D

User avatar
HairyWill
Posts: 2928
Joined: Fri 26 May 2006, 23:29
Location: Southampton, UK

#5 Post by HairyWill »

Lobster,
I am happy to do some. Is there a way of just saying "revert back to revision x" or is it a matter of manually editing the content to get it to match the last sensible revision.
Will
contribute: [url=http://www.puppylinux.org]community website[/url], [url=http://tinyurl.com/6c3nm6]screenshots[/url], [url=http://tinyurl.com/6j2gbz]puplets[/url], [url=http://tinyurl.com/57gykn]wiki[/url], [url=http://tinyurl.com/5dgr83]rss[/url]

User avatar
Lobster
Official Crustacean
Posts: 15522
Joined: Wed 04 May 2005, 06:06
Location: Paradox Realm
Contact:

#6 Post by Lobster »

you have to do it manually :?

the best thing is to go back to a real name (click on the date not the name)

There is also (I seem to remember) a way of changing the wiki ACL's to no posting globally but I can not remember it. The command has not been used but now might be a good time . . .
ah - here it is - but that is only for comments . . .
http://wikkawiki.org/ACLInfo

thanks for the offer, I find the wiki is a useful resource, so once it is back to health a backup would also be a good idea and perhaps even a mirror

:)
Puppy Raspup 8.2Final 8)
Puppy Links Page http://www.smokey01.com/bruceb/puppy.html :D

User avatar
BarryK
Puppy Master
Posts: 9392
Joined: Mon 09 May 2005, 09:23
Location: Perth, Western Australia
Contact:

#7 Post by BarryK »

I'm trying to recall.... I think I gave the mySQL admin access to raffy?
Just what accesses did I give you raffy?

User avatar
HairyWill
Posts: 2928
Joined: Fri 26 May 2006, 23:29
Location: Southampton, UK

#8 Post by HairyWill »

Lobster wrote:you have to do it manually :?

the best thing is to go back to a real name (click on the date not the name)
That stinks. I wonder how difficult it is to remove a users edits from the back end.

I can't see how editing the ACLs is going to help unless you want to add a default deny to a particular user and have it affect all pages. As you have said what you really want to do is delete their account.

Now I'm really confused user XpeLwf put in an edit to fix an old forum link
http://puppylinux.org/wikka/KDE/history
Will
contribute: [url=http://www.puppylinux.org]community website[/url], [url=http://tinyurl.com/6c3nm6]screenshots[/url], [url=http://tinyurl.com/6j2gbz]puplets[/url], [url=http://tinyurl.com/57gykn]wiki[/url], [url=http://tinyurl.com/5dgr83]rss[/url]

User avatar
Lobster
Official Crustacean
Posts: 15522
Joined: Wed 04 May 2005, 06:06
Location: Paradox Realm
Contact:

#9 Post by Lobster »

OK if Raffy or Puppian have access

they go to servage admin
go to the sql database for the wikki
then (I forget the exact details) they can change registered users by clicking by their names and then clicking on delete

this deletes the users (none have created any pages - just modified existing work)

Most of the names are pretty obviously script created . . .
Puppy Raspup 8.2Final 8)
Puppy Links Page http://www.smokey01.com/bruceb/puppy.html :D

User avatar
Lobster
Official Crustacean
Posts: 15522
Joined: Wed 04 May 2005, 06:06
Location: Paradox Realm
Contact:

#10 Post by Lobster »

Hairy Will - the so called registered users have to be deleted first - need to contact Raffy or Puppian as they have SQL access . . .

:)
Puppy Raspup 8.2Final 8)
Puppy Links Page http://www.smokey01.com/bruceb/puppy.html :D

User avatar
WhoDo
Posts: 4428
Joined: Wed 12 Jul 2006, 01:58
Location: Lake Macquarie NSW Australia

#11 Post by WhoDo »

BarryK wrote:I'm trying to recall.... I think I gave the mySQL admin access to raffy?
Just what accesses did I give you raffy?
Whatever you gave raffy, Barry, he has also given to me so we can update the website.

I have had a quick look at both mysql database groups, and done a search on users, but I am unable to locate any users of the name/type Lobster mentions.
[i]Actions speak louder than words ... and they usually work when words don't![/i]
SIP:whodo@proxy01.sipphone.com; whodo@realsip.com

User avatar
Lobster
Official Crustacean
Posts: 15522
Joined: Wed 04 May 2005, 06:06
Location: Paradox Realm
Contact:

#12 Post by Lobster »

OK Warren I will go to my tmxxine database and try and give more details soon . . .

many thanks :)

- for now
(as an example) all these are spambots
http://puppylinux.org/wikka/UsersList
Puppy Raspup 8.2Final 8)
Puppy Links Page http://www.smokey01.com/bruceb/puppy.html :D

User avatar
Lobster
Official Crustacean
Posts: 15522
Joined: Wed 04 May 2005, 06:06
Location: Paradox Realm
Contact:

#13 Post by Lobster »

OK Warren here is the procedure (there are some new ones back at tmxxine - so will have to keep an eye on this for a few days)
  • MySQL Databases
    view database (for wikki or Wikka)
    wikka users
    browse
    click and delete
note - spammers are using gmail.com as their email address
if you are unsure
(but some genuine registers will also be using this)
Puppy Raspup 8.2Final 8)
Puppy Links Page http://www.smokey01.com/bruceb/puppy.html :D

User avatar
WhoDo
Posts: 4428
Joined: Wed 12 Jul 2006, 01:58
Location: Lake Macquarie NSW Australia

#14 Post by WhoDo »

Lobster wrote:OK Warren here is the procedure (there are some new ones back at tmxxine - so will have to keep an eye on this for a few days)
  • MySQL Databases
    view database (for wikki or Wikka)
    wikka users
    browse
    click and delete
note - spammers are using gmail.com as their email address
if you are unsure
(but some genuine registers will also be using this)
Ok, I've been through and deleted a number of users I thought were spamming bots. Most were dead giveaways with their name/address combinations.

Problem is, I have access to 2 sections of Barry's mysql databases, and I can't see the wiki or wikka or wakka anywhere in there. I've got forums, mantis, news, reviews and 2 users databases, among many many others, but nothing for the wiki. Sorry.
[i]Actions speak louder than words ... and they usually work when words don't![/i]
SIP:whodo@proxy01.sipphone.com; whodo@realsip.com

User avatar
Lobster
Official Crustacean
Posts: 15522
Joined: Wed 04 May 2005, 06:06
Location: Paradox Realm
Contact:

#15 Post by Lobster »

some databases can be shared . . . but that does not seem the right databases . . .

it also seems that you have access for
http://puppylinux.org (amongst others)
Puppy Raspup 8.2Final 8)
Puppy Links Page http://www.smokey01.com/bruceb/puppy.html :D

User avatar
HairyWill
Posts: 2928
Joined: Fri 26 May 2006, 23:29
Location: Southampton, UK

#16 Post by HairyWill »

the database connection details should be wikka.config.php
Will
contribute: [url=http://www.puppylinux.org]community website[/url], [url=http://tinyurl.com/6c3nm6]screenshots[/url], [url=http://tinyurl.com/6j2gbz]puplets[/url], [url=http://tinyurl.com/57gykn]wiki[/url], [url=http://tinyurl.com/5dgr83]rss[/url]

JaDy
Posts: 159
Joined: Wed 04 May 2005, 15:59
Location: SE PA USA
Contact:

#17 Post by JaDy »

There is a way to undo a bad edit and prevent them.

Thanks to GuestToo for this (my re-wording):
Click the date at the bottom of the page for a list of the versions of the page and select the version desired.

The BootParms page was ruined so I reverted it to a previous version in this manner. And, to prevent unauthorized changes, I've put a list of known wiki editors in the Write ACL list box within Edit ACL. I've dont this to all my pages. Here's my current list:

BarryDavidKauler
BarryKauler
BlackAdder
CatmanDru
CrustyLobster
GuestToo
HairyWill
IanMul
JaDy
JeyRey
KethD
PuppianL

If you want to be added, please shout.

I know this is a headache to maintain but I can't think of a better way. I had done this in a previous year and for some reason (unknown, don't remember) had changed it to + (registered users) but the evil-doers got through. :evil: :roll:
Felicitations & Facilitations, Rev. John G. Derrickson
Wrote fast. Goofs happen. Tell me.

User avatar
HairyWill
Posts: 2928
Joined: Fri 26 May 2006, 23:29
Location: Southampton, UK

#18 Post by HairyWill »

Some pages are being edited but not damaged. I presume they are checking to see if their changes are reverted or not. Is it better to leave them alone and make it look like the page is not maintained or is it better to revert them?

As to the ACL it works but its a bit like locking the library doors to stop people stealing the books. My beef with this method is that if someone asks for write access it has to be granted on a page by page basis. (or an admin facility to apply an ACL mod to all pages)

I think that a better authentication method and an easy way for an admin to roll back changes are preferable.
Will
contribute: [url=http://www.puppylinux.org]community website[/url], [url=http://tinyurl.com/6c3nm6]screenshots[/url], [url=http://tinyurl.com/6j2gbz]puplets[/url], [url=http://tinyurl.com/57gykn]wiki[/url], [url=http://tinyurl.com/5dgr83]rss[/url]

User avatar
Lobster
Official Crustacean
Posts: 15522
Joined: Wed 04 May 2005, 06:06
Location: Paradox Realm
Contact:

#19 Post by Lobster »

I think that a better authentication method and an easy way for an admin to roll back changes are preferable
this is some of what is available - anything you think suitable?
http://wikkawiki.org/CodeContributions

and yes I would revert as soon as possible

JaDy that is quite a task
and sadly it is very restrictive
It is an idea though

:)

Basically I have been changing the ACL's of any pages that get struck
Puppy Raspup 8.2Final 8)
Puppy Links Page http://www.smokey01.com/bruceb/puppy.html :D

raffy
Posts: 4798
Joined: Wed 25 May 2005, 12:20
Location: Manila

Lobster is admin

#20 Post by raffy »

I did a check of the config and CrustyLobster is admin. You must have some special powers over the wiki.

(The wiki database and directory setup was handled directly by Barry.)

Am quite afraid of making database changes (other than edit entries) through phpmyadmin. Maybe deletion of entry is better left to the wiki admin (so that the scripts will be able to complete the subsequent tasks).

Post Reply