Voldemort attacks wiki
- Lobster
- Official Crustacean
- Posts: 15522
- Joined: Wed 04 May 2005, 06:06
- Location: Paradox Realm
- Contact:
Voldemort attacks wiki
The wiki was attacked again as predicted
'Registered users' with spam bot name such as "rtg67op" need to be deleted in the MySQL database that Wikka uses (I don't have that access)
Going to page history (bottom of wiki page) allows genuine users to click on the date for a pre bot edit and then near the bottom of the page re-edit that page - which can then be stored
update:
A new attack matching username and wikki page has begun. It is possible it is an isolated case . . .
Last edited by Lobster on Sun 22 Jul 2007, 13:42, edited 2 times in total.
- Previously known as Guest
- Posts: 240
- Joined: Thu 29 Sep 2005, 00:39
- Lobster
- Official Crustacean
- Posts: 15522
- Joined: Wed 04 May 2005, 06:06
- Location: Paradox Realm
- Contact:
Society for the Promotion of Elfish Welfare = spew?
It is not lone hackers or script kiddies it is commercial interests
They would probably like to be thought of as 'guerilla marketers'
By having links on our site their google page rank may go up if the links are not removed. There may be other motivations that I am unaware of. We are not being singled out, this is something that would be occuring on other wikka sites . . .
As mentioned SQL removal of the 'registered user/bots' is required. as we are now in the 3rd or 4th day of attacks and it may not stop until this is attended to . . .
I am running a later version of the wikka software at tmxxine.com but this was attacked too and has the disadvanatage that all the images would have to be upgraded to a full wikka link (at the moment just the url for the image is used)
it would have to become
or similar
This is something I have mentioned before but no one was inclined to upgrade the images
I am inclined NOT to change ACL's. At the moment unregistered users can post, though sadly on fewer pages. More and more pages have become for registered users only [shrug]
Anyway if you have the time, pages need attention
http://puppylinux.org/wikka/RecentChanges
It is not lone hackers or script kiddies it is commercial interests
They would probably like to be thought of as 'guerilla marketers'
By having links on our site their google page rank may go up if the links are not removed. There may be other motivations that I am unaware of. We are not being singled out, this is something that would be occuring on other wikka sites . . .
As mentioned SQL removal of the 'registered user/bots' is required. as we are now in the 3rd or 4th day of attacks and it may not stop until this is attended to . . .
I am running a later version of the wikka software at tmxxine.com but this was attacked too and has the disadvanatage that all the images would have to be upgraded to a full wikka link (at the moment just the url for the image is used)
it would have to become
Code: Select all
{{image class="left" alt="logo" image url="http://i5.tinypic.com/14vrxv5.jpg"}}
or similar
This is something I have mentioned before but no one was inclined to upgrade the images
I am inclined NOT to change ACL's. At the moment unregistered users can post, though sadly on fewer pages. More and more pages have become for registered users only [shrug]
Anyway if you have the time, pages need attention
http://puppylinux.org/wikka/RecentChanges
Last edited by Lobster on Thu 05 Jul 2007, 10:56, edited 2 times in total.
Lobster,
I am happy to do some. Is there a way of just saying "revert back to revision x" or is it a matter of manually editing the content to get it to match the last sensible revision.
I am happy to do some. Is there a way of just saying "revert back to revision x" or is it a matter of manually editing the content to get it to match the last sensible revision.
Will
contribute: [url=http://www.puppylinux.org]community website[/url], [url=http://tinyurl.com/6c3nm6]screenshots[/url], [url=http://tinyurl.com/6j2gbz]puplets[/url], [url=http://tinyurl.com/57gykn]wiki[/url], [url=http://tinyurl.com/5dgr83]rss[/url]
contribute: [url=http://www.puppylinux.org]community website[/url], [url=http://tinyurl.com/6c3nm6]screenshots[/url], [url=http://tinyurl.com/6j2gbz]puplets[/url], [url=http://tinyurl.com/57gykn]wiki[/url], [url=http://tinyurl.com/5dgr83]rss[/url]
- Lobster
- Official Crustacean
- Posts: 15522
- Joined: Wed 04 May 2005, 06:06
- Location: Paradox Realm
- Contact:
you have to do it manually
the best thing is to go back to a real name (click on the date not the name)
There is also (I seem to remember) a way of changing the wiki ACL's to no posting globally but I can not remember it. The command has not been used but now might be a good time . . .
ah - here it is - but that is only for comments . . .
http://wikkawiki.org/ACLInfo
thanks for the offer, I find the wiki is a useful resource, so once it is back to health a backup would also be a good idea and perhaps even a mirror
the best thing is to go back to a real name (click on the date not the name)
There is also (I seem to remember) a way of changing the wiki ACL's to no posting globally but I can not remember it. The command has not been used but now might be a good time . . .
ah - here it is - but that is only for comments . . .
http://wikkawiki.org/ACLInfo
thanks for the offer, I find the wiki is a useful resource, so once it is back to health a backup would also be a good idea and perhaps even a mirror
That stinks. I wonder how difficult it is to remove a users edits from the back end.Lobster wrote:you have to do it manually
the best thing is to go back to a real name (click on the date not the name)
I can't see how editing the ACLs is going to help unless you want to add a default deny to a particular user and have it affect all pages. As you have said what you really want to do is delete their account.
Now I'm really confused user XpeLwf put in an edit to fix an old forum link
http://puppylinux.org/wikka/KDE/history
Will
contribute: [url=http://www.puppylinux.org]community website[/url], [url=http://tinyurl.com/6c3nm6]screenshots[/url], [url=http://tinyurl.com/6j2gbz]puplets[/url], [url=http://tinyurl.com/57gykn]wiki[/url], [url=http://tinyurl.com/5dgr83]rss[/url]
contribute: [url=http://www.puppylinux.org]community website[/url], [url=http://tinyurl.com/6c3nm6]screenshots[/url], [url=http://tinyurl.com/6j2gbz]puplets[/url], [url=http://tinyurl.com/57gykn]wiki[/url], [url=http://tinyurl.com/5dgr83]rss[/url]
- Lobster
- Official Crustacean
- Posts: 15522
- Joined: Wed 04 May 2005, 06:06
- Location: Paradox Realm
- Contact:
OK if Raffy or Puppian have access
they go to servage admin
go to the sql database for the wikki
then (I forget the exact details) they can change registered users by clicking by their names and then clicking on delete
this deletes the users (none have created any pages - just modified existing work)
Most of the names are pretty obviously script created . . .
they go to servage admin
go to the sql database for the wikki
then (I forget the exact details) they can change registered users by clicking by their names and then clicking on delete
this deletes the users (none have created any pages - just modified existing work)
Most of the names are pretty obviously script created . . .
Whatever you gave raffy, Barry, he has also given to me so we can update the website.BarryK wrote:I'm trying to recall.... I think I gave the mySQL admin access to raffy?
Just what accesses did I give you raffy?
I have had a quick look at both mysql database groups, and done a search on users, but I am unable to locate any users of the name/type Lobster mentions.
[i]Actions speak louder than words ... and they usually work when words don't![/i]
SIP:whodo@proxy01.sipphone.com; whodo@realsip.com
SIP:whodo@proxy01.sipphone.com; whodo@realsip.com
- Lobster
- Official Crustacean
- Posts: 15522
- Joined: Wed 04 May 2005, 06:06
- Location: Paradox Realm
- Contact:
OK Warren I will go to my tmxxine database and try and give more details soon . . .
many thanks
- for now
(as an example) all these are spambots
http://puppylinux.org/wikka/UsersList
many thanks
- for now
(as an example) all these are spambots
http://puppylinux.org/wikka/UsersList
- Lobster
- Official Crustacean
- Posts: 15522
- Joined: Wed 04 May 2005, 06:06
- Location: Paradox Realm
- Contact:
OK Warren here is the procedure (there are some new ones back at tmxxine - so will have to keep an eye on this for a few days)
if you are unsure
(but some genuine registers will also be using this)
- MySQL Databases
view database (for wikki or Wikka)
wikka users
browse
click and delete
if you are unsure
(but some genuine registers will also be using this)
Ok, I've been through and deleted a number of users I thought were spamming bots. Most were dead giveaways with their name/address combinations.Lobster wrote:OK Warren here is the procedure (there are some new ones back at tmxxine - so will have to keep an eye on this for a few days)
note - spammers are using gmail.com as their email address
- MySQL Databases
view database (for wikki or Wikka)
wikka users
browse
click and delete
if you are unsure
(but some genuine registers will also be using this)
Problem is, I have access to 2 sections of Barry's mysql databases, and I can't see the wiki or wikka or wakka anywhere in there. I've got forums, mantis, news, reviews and 2 users databases, among many many others, but nothing for the wiki. Sorry.
[i]Actions speak louder than words ... and they usually work when words don't![/i]
SIP:whodo@proxy01.sipphone.com; whodo@realsip.com
SIP:whodo@proxy01.sipphone.com; whodo@realsip.com
- Lobster
- Official Crustacean
- Posts: 15522
- Joined: Wed 04 May 2005, 06:06
- Location: Paradox Realm
- Contact:
some databases can be shared . . . but that does not seem the right databases . . .
it also seems that you have access for
http://puppylinux.org (amongst others)
it also seems that you have access for
http://puppylinux.org (amongst others)
the database connection details should be wikka.config.php
Will
contribute: [url=http://www.puppylinux.org]community website[/url], [url=http://tinyurl.com/6c3nm6]screenshots[/url], [url=http://tinyurl.com/6j2gbz]puplets[/url], [url=http://tinyurl.com/57gykn]wiki[/url], [url=http://tinyurl.com/5dgr83]rss[/url]
contribute: [url=http://www.puppylinux.org]community website[/url], [url=http://tinyurl.com/6c3nm6]screenshots[/url], [url=http://tinyurl.com/6j2gbz]puplets[/url], [url=http://tinyurl.com/57gykn]wiki[/url], [url=http://tinyurl.com/5dgr83]rss[/url]
There is a way to undo a bad edit and prevent them.
Thanks to GuestToo for this (my re-wording):
Click the date at the bottom of the page for a list of the versions of the page and select the version desired.
The BootParms page was ruined so I reverted it to a previous version in this manner. And, to prevent unauthorized changes, I've put a list of known wiki editors in the Write ACL list box within Edit ACL. I've dont this to all my pages. Here's my current list:
BarryDavidKauler
BarryKauler
BlackAdder
CatmanDru
CrustyLobster
GuestToo
HairyWill
IanMul
JaDy
JeyRey
KethD
PuppianL
If you want to be added, please shout.
I know this is a headache to maintain but I can't think of a better way. I had done this in a previous year and for some reason (unknown, don't remember) had changed it to + (registered users) but the evil-doers got through.
Thanks to GuestToo for this (my re-wording):
Click the date at the bottom of the page for a list of the versions of the page and select the version desired.
The BootParms page was ruined so I reverted it to a previous version in this manner. And, to prevent unauthorized changes, I've put a list of known wiki editors in the Write ACL list box within Edit ACL. I've dont this to all my pages. Here's my current list:
BarryDavidKauler
BarryKauler
BlackAdder
CatmanDru
CrustyLobster
GuestToo
HairyWill
IanMul
JaDy
JeyRey
KethD
PuppianL
If you want to be added, please shout.
I know this is a headache to maintain but I can't think of a better way. I had done this in a previous year and for some reason (unknown, don't remember) had changed it to + (registered users) but the evil-doers got through.
Felicitations & Facilitations, Rev. John G. Derrickson
Wrote fast. Goofs happen. Tell me.
Wrote fast. Goofs happen. Tell me.
Some pages are being edited but not damaged. I presume they are checking to see if their changes are reverted or not. Is it better to leave them alone and make it look like the page is not maintained or is it better to revert them?
As to the ACL it works but its a bit like locking the library doors to stop people stealing the books. My beef with this method is that if someone asks for write access it has to be granted on a page by page basis. (or an admin facility to apply an ACL mod to all pages)
I think that a better authentication method and an easy way for an admin to roll back changes are preferable.
As to the ACL it works but its a bit like locking the library doors to stop people stealing the books. My beef with this method is that if someone asks for write access it has to be granted on a page by page basis. (or an admin facility to apply an ACL mod to all pages)
I think that a better authentication method and an easy way for an admin to roll back changes are preferable.
Will
contribute: [url=http://www.puppylinux.org]community website[/url], [url=http://tinyurl.com/6c3nm6]screenshots[/url], [url=http://tinyurl.com/6j2gbz]puplets[/url], [url=http://tinyurl.com/57gykn]wiki[/url], [url=http://tinyurl.com/5dgr83]rss[/url]
contribute: [url=http://www.puppylinux.org]community website[/url], [url=http://tinyurl.com/6c3nm6]screenshots[/url], [url=http://tinyurl.com/6j2gbz]puplets[/url], [url=http://tinyurl.com/57gykn]wiki[/url], [url=http://tinyurl.com/5dgr83]rss[/url]
- Lobster
- Official Crustacean
- Posts: 15522
- Joined: Wed 04 May 2005, 06:06
- Location: Paradox Realm
- Contact:
this is some of what is available - anything you think suitable?I think that a better authentication method and an easy way for an admin to roll back changes are preferable
http://wikkawiki.org/CodeContributions
and yes I would revert as soon as possible
JaDy that is quite a task
and sadly it is very restrictive
It is an idea though
Basically I have been changing the ACL's of any pages that get struck
Lobster is admin
I did a check of the config and CrustyLobster is admin. You must have some special powers over the wiki.
(The wiki database and directory setup was handled directly by Barry.)
Am quite afraid of making database changes (other than edit entries) through phpmyadmin. Maybe deletion of entry is better left to the wiki admin (so that the scripts will be able to complete the subsequent tasks).
(The wiki database and directory setup was handled directly by Barry.)
Am quite afraid of making database changes (other than edit entries) through phpmyadmin. Maybe deletion of entry is better left to the wiki admin (so that the scripts will be able to complete the subsequent tasks).