PDA

View Full Version : Vandal attack


morshem
2007-06-11, 04:52
Check the recent changes :) .

Looks like bots rather than real people to me, and still I wonder how they managed to register. Anyway, banned them all.

elmuerte
2007-06-11, 09:10
it's a manual action, bots can do way more dammage

LBAWinOwns
2007-06-11, 14:35
Yep, this is one of the disadvantages of mediawiki I guess. (in case of it was bots)

Good job kicking their ass morshem :)

wacko
2007-06-11, 15:58
Well, I'm glad it's this minor. For automated sign-ups and spam I suppose there should be a pc-or-human check (popular example: type over distorted text in an image) on the sign up page, or even introduce moderated signing up. But I don't think such a thing would ne necessary for now, seeing how long the Twinsunica as a wiki is around now and how little spam/vandalism we've had so far.

Kobold
2007-06-11, 16:15
Yeah, I do not think it is necessary, considering the Twinsunica isn't known much around the web, as compared to many other wikis.

Homeless
2007-06-11, 16:17
If it were to suffer alot from vandals in the future, I guess we could implement something. But as for now, let's just leave it as it is.

wacko
2007-06-12, 13:32
Kobold, I guess there are tricks (Google search phrases) to find any MediaWiki site, even for example inactive test installations. I suppose they're an easy way to place links all over the internet, not only to put links for naive people but also to get a higher ranking in the Google results caused by these links. So it wouldn't surprise me if someone made a nice crawler/bot specialized in any MediaWiki sites.

Double-J
2007-06-12, 13:55
We had a bit of trouble at the Prequel site as well, someone put a malicious code in our header. Not too nice.

Alex fixed it up right away though, so no worries.

LBAWinOwns
2007-06-12, 14:01
We had a bit of trouble at the Prequel site as well, someone put a malicious code in our header. Not too nice.

Alex fixed it up right away though, so no worries.
Oh! I thought it was your extremely slow server that made my computer crash when viewing your site...

Can my computer got infected?

Double-J
2007-06-12, 14:23
I don't think so. It was a link to some retards site, and there were nasty downloads, but I don't think so. Dopey's Norton went nuts on the site saying there was a trojan, which brought it to our attention, but I know my Symantec didn't. Our PC's are clean, so I'd run a scan to be safe, but I think we averted any damage. ;)

wacko
2007-07-04, 18:40
I just noticed another teeny weeny bit of vandalism occuring yesterday.

We've recently set up and started using MediaWiki at my work, and we made it there so only sysops can create new users. If necessary we could introduce a similar moderated user sign up for the Twinsunica.

I wasn't sure of this possibility before, or the ease of implementing it, so I just wanted to make a note of it.

See here (http://www.mediawiki.org/wiki/Preventing_Access#1.5_upwards).

wacko
2007-07-15, 03:48
I noticed quite a few number of users with random names in the User List (http://twinsunica.waxo.nl/index.php/Special:Listusers). They don't seem to be contributing anything constructive; two recent changes (http://twinsunica.waxo.nl/index.php/Special:Recentchanges) are two users independently changing a "+" to a " " in two different articles. My guess is they're automated.

Time to just throw them out? Worst case is they're sleeper accounts that could massively vandalize a lot of pages simultaneously.

Perhaps time to introduce moderated user registration after that?


Update: I just installed the ConfirmEdit (http://www.mediawiki.org/wiki/User:Robchurch/ConfirmEdit_rewrite) extension which adds a CAPTCHA (http://en.wikipedia.org/wiki/CAPTCHA) to do certain actions; an example can be seen at the sign up page (http://twinsunica.waxo.nl/index.php?title=Special:Userlogin&type=signup). Once logged in I don't get these while editing a page for example, but I'm not sure where they do and don't turn up, let me know if they get in the way anywhere. There's mentioning of them at the version page (http://twinsunica.waxo.nl/index.php/Special:Version) page (under 'Hooks').

Update 2: I created a list of suspicous user (http://twinsunica.waxo.nl/index.php?title=Special:Whatlinkshere/Template:SuspiciousUser&limit=500&from=0) using a new template (http://twinsunica.waxo.nl/index.php?title=Template:SuspiciousUser&redirect=no).

morshem
2007-07-15, 10:25
Hehe, nice. Never even noticed all these, maybe we should include registration logs in Recent Changes (I know it's possible because the Hebrew Wikipedia does that, but I don't know how to do it).