View Full Version : Vandal attack

2007-06-11, 05:52
Check the recent changes :) .

Looks like bots rather than real people to me, and still I wonder how they managed to register. Anyway, banned them all.

2007-06-11, 10:10
it's a manual action, bots can do way more dammage

2007-06-11, 15:35
Yep, this is one of the disadvantages of mediawiki I guess. (in case of it was bots)

Good job kicking their ass morshem :)

2007-06-11, 16:58
Well, I'm glad it's this minor. For automated sign-ups and spam I suppose there should be a pc-or-human check (popular example: type over distorted text in an image) on the sign up page, or even introduce moderated signing up. But I don't think such a thing would ne necessary for now, seeing how long the Twinsunica as a wiki is around now and how little spam/vandalism we've had so far.

2007-06-11, 17:15
Yeah, I do not think it is necessary, considering the Twinsunica isn't known much around the web, as compared to many other wikis.

2007-06-11, 17:17
If it were to suffer alot from vandals in the future, I guess we could implement something. But as for now, let's just leave it as it is.

2007-06-12, 14:32
Kobold, I guess there are tricks (Google search phrases) to find any MediaWiki site, even for example inactive test installations. I suppose they're an easy way to place links all over the internet, not only to put links for naive people but also to get a higher ranking in the Google results caused by these links. So it wouldn't surprise me if someone made a nice crawler/bot specialized in any MediaWiki sites.

2007-06-12, 14:55
We had a bit of trouble at the Prequel site as well, someone put a malicious code in our header. Not too nice.

Alex fixed it up right away though, so no worries.

2007-06-12, 15:01
We had a bit of trouble at the Prequel site as well, someone put a malicious code in our header. Not too nice.

Alex fixed it up right away though, so no worries.
Oh! I thought it was your extremely slow server that made my computer crash when viewing your site...

Can my computer got infected?

2007-06-12, 15:23
I don't think so. It was a link to some retards site, and there were nasty downloads, but I don't think so. Dopey's Norton went nuts on the site saying there was a trojan, which brought it to our attention, but I know my Symantec didn't. Our PC's are clean, so I'd run a scan to be safe, but I think we averted any damage. ;)

2007-07-04, 19:40
I just noticed another teeny weeny bit of vandalism occuring yesterday.

We've recently set up and started using MediaWiki at my work, and we made it there so only sysops can create new users. If necessary we could introduce a similar moderated user sign up for the Twinsunica.

I wasn't sure of this possibility before, or the ease of implementing it, so I just wanted to make a note of it.

See here (http://www.mediawiki.org/wiki/Preventing_Access#1.5_upwards).

2007-07-15, 04:48
I noticed quite a few number of users with random names in the User List (http://twinsunica.waxo.nl/index.php/Special:Listusers). They don't seem to be contributing anything constructive; two recent changes (http://twinsunica.waxo.nl/index.php/Special:Recentchanges) are two users independently changing a "+" to a " " in two different articles. My guess is they're automated.

Time to just throw them out? Worst case is they're sleeper accounts that could massively vandalize a lot of pages simultaneously.

Perhaps time to introduce moderated user registration after that?

Update: I just installed the ConfirmEdit (http://www.mediawiki.org/wiki/User:Robchurch/ConfirmEdit_rewrite) extension which adds a CAPTCHA (http://en.wikipedia.org/wiki/CAPTCHA) to do certain actions; an example can be seen at the sign up page (http://twinsunica.waxo.nl/index.php?title=Special:Userlogin&type=signup). Once logged in I don't get these while editing a page for example, but I'm not sure where they do and don't turn up, let me know if they get in the way anywhere. There's mentioning of them at the version page (http://twinsunica.waxo.nl/index.php/Special:Version) page (under 'Hooks').

Update 2: I created a list of suspicous user (http://twinsunica.waxo.nl/index.php?title=Special:Whatlinkshere/Template:SuspiciousUser&limit=500&from=0) using a new template (http://twinsunica.waxo.nl/index.php?title=Template:SuspiciousUser&redirect=no).

2007-07-15, 11:25
Hehe, nice. Never even noticed all these, maybe we should include registration logs in Recent Changes (I know it's possible because the Hebrew Wikipedia does that, but I don't know how to do it).