[Systems] Wiki spam attack.

Bernie Innocenti bernie at codewiz.org
Wed May 11 17:06:35 EDT 2016



On May 11, 2016 2:36:26 PM EDT, Frederick Grose <fgrose at sugarlabs.org> wrote:

>​Looking at the logs, this latest, 10 May 2016, spam attack started at
>11:43 and ended at 13:15 after 5 new accounts were created and 6 files
>were
>uploaded.  These were cleared on 11 May.
>
>The last similar attack was on 23 March 2016 and lasted 15 minutes with
>1
>new account and 12 files uploaded and associated pages created.  These
>were
>cleared on 25 March.
>
>I suspect that new OpenID accounts are responsible as new normal wiki
>accounts have required administrator creation for many months or a
>couple
>of years now.
>
>Forcing automated account creation to OpenID had stopped massive spam
>account creation attacks over the last few years, but this
>authentication
>method has stalled in development, been compromised, and has been
>deprecated elsewhere.   We should now probably close new Sugar Labs
>wiki
>account creation by OpenID (looking to Bernie) and, if necessary, ask
>existing OpenID users to request standard accounts from administrators.

I agree. OpenID 2.0 is a pretty dead standard anyway. We should discontinue it and see if adding support for OpenID Connect would be feasible. Any takers?

-- 
Sent from my Android device with K-9 Mail. Please excuse my brevity.


More information about the Systems mailing list