(old)Puppy Linux Discussion Forum

The wiki was attacked again as predicted
'Registered users' with spam bot name such as "rtg67op" need to be deleted in the MySQL database that Wikka uses (I don't have that access)

Going to page history (bottom of wiki page) allows genuine users to click on the date for a pre bot edit and then near the bottom of the page re-edit that page - which can then be stored

update:
A new attack matching username and wikki page has begun. It is possible it is an isolated case . . .

Shame, seems the dimwit wanna be hackers/children are at it again.

It's a shame that some idiot(s) needs to stomp all over it just because the library door is left open.

...and so easy to fix... middle finger extended to them.

I didn't see it, was it spam or spew?

Society for the Promotion of Elfish Welfare = spew?



It is not lone hackers or script kiddies it is commercial interests
They would probably like to be thought of as 'guerilla marketers'

By having links on our site their google page rank may go up if the links are not removed. There may be other motivations that I am unaware of. We are not being singled out, this is something that would be occuring on other wikka sites . . .

As mentioned SQL removal of the 'registered user/bots' is required. as we are now in the 3rd or 4th day of attacks and it may not stop until this is attended to . . .

I am running a later version of the wikka software at tmxxine.com but this was attacked too and has the disadvanatage that all the images would have to be upgraded to a full wikka link (at the moment just the url for the image is used)

it would have to become


or similar

This is something I have mentioned before but no one was inclined to upgrade the images

I am inclined NOT to change ACL's. At the moment unregistered users can post, though sadly on fewer pages. More and more pages have become for registered users only [shrug]

Anyway if you have the time, pages need attention
http://puppylinux.org/wikka/RecentChanges

Lobster,
I am happy to do some. Is there a way of just saying "revert back to revision x" or is it a matter of manually editing the content to get it to match the last sensible revision.

you have to do it manually

the best thing is to go back to a real name (click on the date not the name)

There is also (I seem to remember) a way of changing the wiki ACL's to no posting globally but I can not remember it. The command has not been used but now might be a good time . . .
ah - here it is - but that is only for comments . . .
http://wikkawiki.org/ACLInfo

thanks for the offer, I find the wiki is a useful resource, so once it is back to health a backup would also be a good idea and perhaps even a mirror

I'm trying to recall.... I think I gave the mySQL admin access to raffy?
Just what accesses did I give you raffy?

Lobster wrote:you have to do it manually

the best thing is to go back to a real name (click on the date not the name)

That stinks. I wonder how difficult it is to remove a users edits from the back end.

I can't see how editing the ACLs is going to help unless you want to add a default deny to a particular user and have it affect all pages. As you have said what you really want to do is delete their account.

Now I'm really confused user XpeLwf put in an edit to fix an old forum link
http://puppylinux.org/wikka/KDE/history

OK if Raffy or Puppian have access

they go to servage admin
go to the sql database for the wikki
then (I forget the exact details) they can change registered users by clicking by their names and then clicking on delete

this deletes the users (none have created any pages - just modified existing work)

Most of the names are pretty obviously script created . . .

Hairy Will - the so called registered users have to be deleted first - need to contact Raffy or Puppian as they have SQL access . . .

BarryK wrote:I'm trying to recall.... I think I gave the mySQL admin access to raffy?
Just what accesses did I give you raffy?

Whatever you gave raffy, Barry, he has also given to me so we can update the website.

I have had a quick look at both mysql database groups, and done a search on users, but I am unable to locate any users of the name/type Lobster mentions.

OK Warren I will go to my tmxxine database and try and give more details soon . . .

many thanks

- for now
(as an example) all these are spambots
http://puppylinux.org/wikka/UsersList

OK Warren here is the procedure (there are some new ones back at tmxxine - so will have to keep an eye on this for a few days)

• MySQL Databases
  view database (for wikki or Wikka)
  wikka users
  browse
  click and delete

note - spammers are using gmail.com as their email address
if you are unsure
(but some genuine registers will also be using this)

Lobster wrote:OK Warren here is the procedure (there are some new ones back at tmxxine - so will have to keep an eye on this for a few days)

• MySQL Databases
  view database (for wikki or Wikka)
  wikka users
  browse
  click and delete

note - spammers are using gmail.com as their email address
if you are unsure
(but some genuine registers will also be using this)

Ok, I've been through and deleted a number of users I thought were spamming bots. Most were dead giveaways with their name/address combinations.

Problem is, I have access to 2 sections of Barry's mysql databases, and I can't see the wiki or wikka or wakka anywhere in there. I've got forums, mantis, news, reviews and 2 users databases, among many many others, but nothing for the wiki. Sorry.

some databases can be shared . . . but that does not seem the right databases . . .

it also seems that you have access for
http://puppylinux.org (amongst others)

the database connection details should be wikka.config.php

There is a way to undo a bad edit and prevent them.

Thanks to GuestToo for this (my re-wording):
Click the date at the bottom of the page for a list of the versions of the page and select the version desired.

The BootParms page was ruined so I reverted it to a previous version in this manner. And, to prevent unauthorized changes, I've put a list of known wiki editors in the Write ACL list box within Edit ACL. I've dont this to all my pages. Here's my current list:

BarryDavidKauler
BarryKauler
BlackAdder
CatmanDru
CrustyLobster
GuestToo
HairyWill
IanMul
JaDy
JeyRey
KethD
PuppianL

If you want to be added, please shout.

I know this is a headache to maintain but I can't think of a better way. I had done this in a previous year and for some reason (unknown, don't remember) had changed it to + (registered users) but the evil-doers got through.

Some pages are being edited but not damaged. I presume they are checking to see if their changes are reverted or not. Is it better to leave them alone and make it look like the page is not maintained or is it better to revert them?

As to the ACL it works but its a bit like locking the library doors to stop people stealing the books. My beef with this method is that if someone asks for write access it has to be granted on a page by page basis. (or an admin facility to apply an ACL mod to all pages)

I think that a better authentication method and an easy way for an admin to roll back changes are preferable.

I think that a better authentication method and an easy way for an admin to roll back changes are preferable

this is some of what is available - anything you think suitable?
http://wikkawiki.org/CodeContributions

and yes I would revert as soon as possible

JaDy that is quite a task
and sadly it is very restrictive
It is an idea though



Basically I have been changing the ACL's of any pages that get struck

I did a check of the config and CrustyLobster is admin. You must have some special powers over the wiki.

(The wiki database and directory setup was handled directly by Barry.)

Am quite afraid of making database changes (other than edit entries) through phpmyadmin. Maybe deletion of entry is better left to the wiki admin (so that the scripts will be able to complete the subsequent tasks).