Puppy Linux Discussion Forum

[Lobster]

The wiki was attacked again as predicted
'Registered users' with spam bot name such as "rtg67op" need to be deleted in the MySQL database that Wikka uses (I don't have that access)

Going to page history (bottom of wiki page) allows genuine users to click on the date for a pre bot edit and then near the bottom of the page re-edit that page - which can then be stored

update:
A new attack matching username and wikki page has begun. It is possible it is an isolated case . . .

[Previously known as Guest]

Shame, seems the dimwit wanna be hackers/children are at it again.

[John Doe]

It's a shame that some idiot(s) needs to stomp all over it just because the library door is left open.

...and so easy to fix... middle finger extended to them.

I didn't see it, was it spam or spew?

[Lobster]

Society for the Promotion of Elfish Welfare = spew?



It is not lone hackers or script kiddies it is commercial interests
They would probably like to be thought of as 'guerilla marketers'

By having links on our site their google page rank may go up if the links are not removed. There may be other motivations that I am unaware of. We are not being singled out, this is something that would be occuring on other wikka sites . . .

As mentioned SQL removal of the 'registered user/bots' is required. as we are now in the 3rd or 4th day of attacks and it may not stop until this is attended to . . .

I am running a later version of the wikka software at tmxxine.com but this was attacked too and has the disadvanatage that all the images would have to be upgraded to a full wikka link (at the moment just the url for the image is used)

it would have to become

[HairyWill]

Lobster,
I am happy to do some. Is there a way of just saying "revert back to revision x" or is it a matter of manually editing the content to get it to match the last sensible revision.

[Lobster]

you have to do it manually

the best thing is to go back to a real name (click on the date not the name)

There is also (I seem to remember) a way of changing the wiki ACL's to no posting globally but I can not remember it. The command has not been used but now might be a good time . . .
ah - here it is - but that is only for comments . . .
http://wikkawiki.org/ACLInfo

thanks for the offer, I find the wiki is a useful resource, so once it is back to health a backup would also be a good idea and perhaps even a mirror

[BarryK]

I'm trying to recall.... I think I gave the mySQL admin access to raffy?
Just what accesses did I give you raffy?

[HairyWill]

[Lobster]

OK if Raffy or Puppian have access

they go to servage admin
go to the sql database for the wikki
then (I forget the exact details) they can change registered users by clicking by their names and then clicking on delete

this deletes the users (none have created any pages - just modified existing work)

Most of the names are pretty obviously script created . . .

[Lobster]

Hairy Will - the so called registered users have to be deleted first - need to contact Raffy or Puppian as they have SQL access . . .

[WhoDo]

[Lobster]

OK Warren I will go to my tmxxine database and try and give more details soon . . .

many thanks

- for now
(as an example) all these are spambots
http://puppylinux.org/wikka/UsersList

[Lobster]

OK Warren here is the procedure (there are some new ones back at tmxxine - so will have to keep an eye on this for a few days)

MySQL Databases
view database (for wikki or Wikka)
wikka users
browse
click and delete

note - spammers are using gmail.com as their email address
if you are unsure
(but some genuine registers will also be using this)

[WhoDo]

[Lobster]

some databases can be shared . . . but that does not seem the right databases . . .

it also seems that you have access for
http://puppylinux.org (amongst others)