[Systems] wiki account creation, Talk page spam
fgrose at sugarlabs.org
Tue Jul 13 21:49:58 EDT 2010
We suffered a wiki spam attack today between 11:21 and 19:22 EDT.
Almost 150 new accounts were opened, almost all placing spamming links in
the Talk page.
See http://wiki.sugarlabs.org/go/Special:RecentChanges for that time range.
At 18:03 I noticed the attack and blocked the most recent account.
Immediately #369 was (Autoblocked because your IP address has been recently
used by "Eridalad".)
After 5 similar cycles, at 18:35, I sent a note to
webmaster at sugarlabs.orgwith this message,
We are under attack, and single blocks are not impeding the attack.
Should we inhibit new accounts until we understand this?
- received an automatic response with this ID: [rt.sugarlabs.org #36]
- then decided to disable wiki account creation with this in
# 2010-07-13 18:41:59 -0400 fgrose
# Prevent new user registrations except by sysops
# 2010-07-13 19:21:21 -0400 fgrose: commented out for testing
# 2010-07-13 19:24:00 -0400 fgrose: reinhibit
$wgGroupPermissions['*']['createaccount'] = false;
- signed into irc://irc.freenode.net#sugar and pinged for bernie sascha
smparrish, with no response.
The blocklist and the test at 19:21 showed that the attack had not stopped.
(Notice the pattern of increasing odd number autoblocks.)
- updated http://wiki.sugarlabs.org/go/MediaWiki:Loginprompt to suggest
that new users create accounts with an OpenID.
This has prevented the spam, but the server and database may still be under
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Systems