How lovely, someone deleted the Main Page again - WikiEN-l - lists.wikimedia.org

List overview All Threads
Download

How lovely, someone deleted the Main Page again

The 09 F9 magic number

Admin account cracker about to be...

NSLE (Wikipedia)

7 May 2007 7 May '07

3:46 a.m.

Brilliant, someone went rouge again today. Ryulong was blocked and the Main Page deleted. http://en.wikipedia.org/w/index.php?title=Wikipedia:Requests_for_adminship/… 67/0/0. How long until the perennial proposals start coming in? Well, I'll start. When will desysopping long-inactive admins start to even be considered? Anyone? NSLE

Reply

Show replies by date

Pedro Sanchez

7 May 7 May

3:58 a.m.

On 5/6/07, NSLE (Wikipedia) <nsle.wikipedia(a)gmail.com> wrote:

Brilliant, someone went rouge again today. Ryulong was blocked and the Main Page deleted. http://en.wikipedia.org/w/index.php?title=Wikipedia:Requests_for_adminship/… 67/0/0. How long until the perennial proposals start coming in? Well, I'll start. When will desysopping long-inactive admins start to even be considered? Anyone? NSLE _______________________________________________ WikiEN-l mailing list WikiEN-l(a)lists.wikimedia.org To unsubscribe from this mailing list, visit: http://lists.wikimedia.org/mailman/listinfo/wikien-l

Well, now it only took 5 minutes ... 01:32, 7 May 2007 AndyZ (Talk | contribs | block) deleted "Main Page" (My password is password!) (Restore) 01:37, 7 May 2007 Drini (Talk | contribs | block) changed group membership for User:AndyZ@enwiki from sysop to (none) (rogue)

Reply

Ron Ritzman

4:05 a.m.

On 5/6/07, Pedro Sanchez <pdsanchez(a)gmail.com> wrote:

01:32, 7 May 2007 AndyZ (Talk | contribs | block) deleted "Main Page" (My password is password!) (Restore)

I suspect that somebody started trying to log into admin accounts with the password "password" until he found an admin using "password". What's scary is that if true he found one in the A's. Would a 24 hour autoblock for x number of wrong passwords to any account within a certain period of time help prevent this kind of thing?

Reply

NSLE (Wikipedia)

4:07 a.m.

With proxies... probably useful, but not useful enough. On 07/05/07, Ron Ritzman <ritzman(a)gmail.com> wrote:

On 5/6/07, Pedro Sanchez <pdsanchez(a)gmail.com> wrote:

01:32, 7 May 2007 AndyZ (Talk | contribs | block) deleted "Main Page" (My password is password!) (Restore)

I suspect that somebody started trying to log into admin accounts with the password "password" until he found an admin using "password". What's scary is that if true he found one in the A's. Would a 24 hour autoblock for x number of wrong passwords to any account within a certain period of time help prevent this kind of thing? _______________________________________________ WikiEN-l mailing list WikiEN-l(a)lists.wikimedia.org To unsubscribe from this mailing list, visit: http://lists.wikimedia.org/mailman/listinfo/wikien-l

Reply

Ron Ritzman

4:07 a.m.

On 5/6/07, Ron Ritzman <ritzman(a)gmail.com> wrote:

Would a 24 hour autoblock for x number of wrong passwords to any account within a certain period of time help prevent this kind of thing?

Oops, an autoblock wouldn't stop him from logging in and doing admin stuff. /me puts down the crack pipe.

Reply

William Pietri

8:20 a.m.

Ron Ritzman wrote:

On 5/6/07, Ron Ritzman <ritzman(a)gmail.com> wrote:

Would a 24 hour autoblock for x number of wrong passwords to any account within a certain period of time help prevent this kind of thing?

Oops, an autoblock wouldn't stop him from logging in and doing admin stuff. /me puts down the crack pipe.

And it would create certain denial-of-service attack possibilities as well, so even if the block did prevent login, it wouldn't be such a good thing. William

Reply

William Pietri

4:28 a.m.

Pedro Sanchez wrote:

On 5/6/07, NSLE (Wikipedia) <nsle.wikipedia(a)gmail.com> wrote:

How long until the perennial proposals start coming in? Well, I'll start. When will desysopping long-inactive admins start to even be considered? Anyone?

Well, now it only took 5 minutes ... 01:32, 7 May 2007 AndyZ (Talk | contribs | block) deleted "Main Page" (My password is password!) (Restore) 01:37, 7 May 2007 Drini (Talk | contribs | block) changed group membership for User:AndyZ@enwiki from sysop to (none) (rogue)

Heh. If his password really was "password", perhaps running a password cracker against all the administrator passwords would be a good idea. As would https-based login, to reduce risk of password theft. And now that I think about it, perhaps I'll go change my password before my RfA closes, just in case. :-) William

Reply

Michael Billington

4:51 a.m.

Just to note, AmiDaniel has filed a bug report about the security of the login system. I particularly like the idea of using captchas after multiple attempts, to stop automated password cracking. The bug report is at http://bugzilla.wikimedia.org/show_bug.cgi?id=9816 --Michael Billington

Reply

Todd Allen

5:20 a.m.

On 5/6/07, Michael Billington <michael.billington(a)gmail.com> wrote:

Just to note, AmiDaniel has filed a bug report about the security of the login system. I particularly like the idea of using captchas after multiple attempts, to stop automated password cracking. The bug report is at http://bugzilla.wikimedia.org/show_bug.cgi?id=9816 --Michael Billington _______________________________________________ WikiEN-l mailing list WikiEN-l(a)lists.wikimedia.org To unsubscribe from this mailing list, visit: http://lists.wikimedia.org/mailman/listinfo/wikien-l

How about, "use a captcha for all login attempts"? Right now, we're having a ton of trouble with a sockmaster that -- Freedom is the right to know that 2+2=4. From this all else follows.

Reply

Todd Allen

5:22 a.m.

On 5/6/07, Todd Allen <toddmallen(a)gmail.com> wrote:

On 5/6/07, Michael Billington <michael.billington(a)gmail.com> wrote:

Just to note, AmiDaniel has filed a bug report about the security of the login system. I particularly like the idea of using captchas after multiple attempts, to stop automated password cracking. The bug report is at http://bugzilla.wikimedia.org/show_bug.cgi?id=9816 --Michael Billington _______________________________________________ WikiEN-l mailing list WikiEN-l(a)lists.wikimedia.org To unsubscribe from this mailing list, visit: http://lists.wikimedia.org/mailman/listinfo/wikien-l

How about, "use a captcha for all login attempts"? Right now, we're having a ton of trouble with a sockmaster that -- Freedom is the right to know that 2+2=4. From this all else follows.

That cuts off my messages during sending, apparently. Meant to say he likes to bot through old accounts and find weak passwords, then use them to evade semiprotection on his vandalism targets. What could possibly be bad about a captcha, unless you're a login bot? -- Freedom is the right to know that 2+2=4. From this all else follows.

Reply

Oskar Sigvardsson

5:30 a.m.

On 5/7/07, Todd Allen <toddmallen(a)gmail.com> wrote:

That cuts off my messages during sending, apparently. Meant to say he likes to bot through old accounts and find weak passwords, then use them to evade semiprotection on his vandalism targets. What could possibly be bad about a captcha, unless you're a login bot?

I've yet to meet a captcha that isn't a pain in the arse. Often they are too blurry for even humans to easily make out, they are long strings of nonsense (it isn't trivial to copy down "ecx76ns", it takes a few seconds), you can't quite see the difference between I and l (capital i and lower-case L, that is), and then if you do get it right it turns out that you mistyped your password and then you have to do it all over again. That's the downside. I'm not to keen on having captchas for every login, but for repeat logins from the same IP, it does make a lot of sense.

Reply

Blu Aardvark

6:33 a.m.

I'd like to see some changes to the password system. As it is, there are *no* restrictions on allowed passwords, as long as it is at least one character in length. Passwords should be /required/ to be at least six characters in length and contain at least one letter and one number. Most other popular sites do at least this. (If such a change were made, users with passwords not meeting this requirement could be prompted to change theirs upon the next login.) In addition, it should be entirely disallowed for a user to create a password containing the string "password" or that is identical to their username. Just an idea, anyway. I think the current system needs a bit of work, because password security *is* a concern on a site as wildly popular as Wikipedia is. Michael Billington wrote:

Just to note, AmiDaniel has filed a bug report about the security of the login system. I particularly like the idea of using captchas after multiple attempts, to stop automated password cracking. The bug report is at http://bugzilla.wikimedia.org/show_bug.cgi?id=9816 --Michael Billington _______________________________________________ WikiEN-l mailing list WikiEN-l(a)lists.wikimedia.org To unsubscribe from this mailing list, visit: http://lists.wikimedia.org/mailman/listinfo/wikien-l

Reply

Ron Ritzman

7:17 a.m.

On 5/7/07, Blu Aardvark <jeffrey.latham(a)gmail.com> wrote:

In addition, it should be entirely disallowed for a user to create a password containing the string "password" or that is identical to their username.

I think one problem is that people don't view "website passwords" as important as a password to their ISP account or a unix shell account. After all, who cares if somebody cracks their nytimes.com password? You can get a shitload of those from bugmenot anyway. An exception might be their bank's website. People view their Wikipedia accounts the same way they view a news site password so they pick a simple one like their cat's name or "password" and it may stay that way even when they are made admins.

Reply

Mark Ryan

7:57 a.m.

On 07/05/07, Blu Aardvark <jeffrey.latham(a)gmail.com> wrote:

In addition, it should be entirely disallowed for a user to create a password containing the string "password" or that is identical to their username.

I agree entirely, except I think, for longer usernames at least, it should not *contain* their username. But that sorta gets stuffed up when people have like [[User:A]]. :-\ ~Mark Ryan

Reply

Gregory Maxwell

8:09 a.m.

On 5/7/07, Mark Ryan <ultrablue(a)gmail.com> wrote:

On 07/05/07, Blu Aardvark <jeffrey.latham(a)gmail.com> wrote:

In addition, it should be entirely disallowed for a user to create a password containing the string "password" or that is identical to their username.

I agree entirely, except I think, for longer usernames at least, it should not *contain* their username. But that sorta gets stuffed up when people have like [[User:A]]. :-\

If we can get consensus to do it we could run a password cracker on all the hashes of the sysops passwords.. desysop the inactive ones with weak passwords, and quietly email the active ones with weak passwords and tell them to pick better ones. Ultimately it would be nice if we had a password strength checker ... but doing this would address the immediate need.

Reply

Gwern Branwen

8:16 a.m.

On 0, Gregory Maxwell <gmaxwell(a)gmail.com> scribbled:

On 5/7/07, Mark Ryan <ultrablue(a)gmail.com> wrote:

On 07/05/07, Blu Aardvark <jeffrey.latham(a)gmail.com> wrote:

In addition, it should be entirely disallowed for a user to create a password containing the string "password" or that is identical to their username.

I agree entirely, except I think, for longer usernames at least, it should not *contain* their username. But that sorta gets stuffed up when people have like [[User:A]]. :-\

If we can get consensus to do it we could run a password cracker on all the hashes of the sysops passwords.. desysop the inactive ones with weak passwords, and quietly email the active ones with weak passwords and tell them to pick better ones. Ultimately it would be nice if we had a password strength checker ... but doing this would address the immediate need.

I second this. The bad guys are already running password crackers. (And if they aren't already, these incidents guarantee someone will.) Let's beat'em to the punch. Better that we learn from this while the damage is limited. There is no downside to requiring stronger passwords; fortunately for us, this is common sense which is legislate-able. -- Gwern Inquiring minds want to know.

Reply

Blu Aardvark

8:21 a.m.

I really don't see an "immediate need". The worst-case scenario would be an abusive user running a bot on an admin account and going on a deletion spree at a time a steward was not readily available. This is an incredibly unlikely scenario, as the bot would have to be smart enough to unblock itself and remove autoblocks, in addition to having access to an admin account in the first place. Even if this ever did happen, any damage actually done would be temporary, as any admin action is reversible. I think implementing password strength measures and forcing a password change on the next login for all users with insecure ones would be sufficient. Gregory Maxwell wrote:

If we can get consensus to do it we could run a password cracker on all the hashes of the sysops passwords.. desysop the inactive ones with weak passwords, and quietly email the active ones with weak passwords and tell them to pick better ones. Ultimately it would be nice if we had a password strength checker ... but doing this would address the immediate need. _______________________________________________ WikiEN-l mailing list WikiEN-l(a)lists.wikimedia.org To unsubscribe from this mailing list, visit: http://lists.wikimedia.org/mailman/listinfo/wikien-l

Reply

MacGyverMagic/Mgm

9:49 a.m.

Why is the main page even deleteable? Mgm

Reply

Ron Ritzman

2:12 p.m.

On 5/7/07, MacGyverMagic/Mgm <macgyvermagic(a)gmail.com> wrote:

Why is the main page even deleteable?

Because it's an ordinary page. Even if it could be somehow made undeletable it would still need to be editable so still could be blanked.

Reply

MacGyverMagic/Mgm

2:43 p.m.

On 5/7/07, Ron Ritzman <ritzman(a)gmail.com> wrote:

On 5/7/07, MacGyverMagic/Mgm <macgyvermagic(a)gmail.com> wrote:

Why is the main page even deleteable?

Because it's an ordinary page. Even if it could be somehow made undeletable it would still need to be editable so still could be blanked.

True, but deleting and undeleting the entire edit history of the main page, is more of a server strain that reverting a blanking. Mgm

Reply

geni

2:59 p.m.

On 5/7/07, MacGyverMagic/Mgm <macgyvermagic(a)gmail.com> wrote:

True, but deleting and undeleting the entire edit history of the main page, is more of a server strain that reverting a blanking.

I understood that the devs had largely solved that problem. -- geni

Reply

John Vandenberg

3:03 p.m.

On 5/7/07, MacGyverMagic/Mgm <macgyvermagic(a)gmail.com> wrote:

On 5/7/07, Ron Ritzman <ritzman(a)gmail.com> wrote:

On 5/7/07, MacGyverMagic/Mgm <macgyvermagic(a)gmail.com> wrote:

Why is the main page even deleteable?

Because it's an ordinary page. Even if it could be somehow made undeletable it would still need to be editable so still could be blanked.

True, but deleting and undeleting the entire edit history of the main page, is more of a server strain that reverting a blanking.

Why is it necessary to allow the front page to be blanked ? -- John

Reply

geni

3:08 p.m.

On 5/7/07, John Vandenberg <jayvdb(a)gmail.com> wrote:

Why is it necessary to allow the front page to be blanked ?

It needs to be possible to edit it and one feature of something being edited is that it can be blanked (or at least near blanked). Blanking is pretty mild compared to some of the alternatives. -- geni

Reply

Ron Ritzman

3:14 p.m.

On 5/7/07, John Vandenberg <jayvdb(a)gmail.com> wrote:

Why is it necessary to allow the front page to be blanked ?

How do you stop an editable page from being blanked? Even if you did, someone could still save it with one letter or fill it with garbage. If it can be edited, it can be vandalized.

Reply

Stephen Bain

4:27 p.m.

On 5/7/07, Ron Ritzman <ritzman(a)gmail.com> wrote:

On 5/7/07, MacGyverMagic/Mgm <macgyvermagic(a)gmail.com> wrote:

Why is the main page even deleteable?

Because it's an ordinary page. Even if it could be somehow made undeletable it would still need to be editable so still could be blanked.

One option we might consider would be to display some basic default content if the page is not present or blank, in the same way that MediaWiki messages work. This would make deleting or blanking the main page not so much of a problem. -- Stephen Bain stephen.bain(a)gmail.com

Reply

Mark Ryan

5:34 p.m.

On 07/05/07, Stephen Bain <stephen.bain(a)gmail.com> wrote:

One option we might consider would be to display some basic default content if the page is not present or blank, in the same way that MediaWiki messages work. This would make deleting or blanking the main page not so much of a problem.

But then that would be on a MediaWiki page, and would be editable by exactly the same people who can delete the Main Page. ~Mark Ryan

Reply

Charlotte Webb

6:04 p.m.

On 5/7/07, Stephen Bain <stephen.bain(a)gmail.com> wrote:

One option we might consider would be to display some basic default content if the page is not present or blank, in the same way that MediaWiki messages work. This would make deleting or blanking the main page not so much of a problem. -- Stephen Bain

Stephen, It would be easy to make some backup wikitext (basically a copy of the templates used on the main page), but if somebody is able to vandalize/delete the main page they would be able to vandalize/delete the backup too. The only way the disruption could be avoided is if:the hacker using an admin account to attack the main page: 1. Does not know ahead of time that a backup display exists, and... 2. Is not able to find the backup display quickly enough to also attack it before the account is blocked/desysopped. Other than changing the mediawiki software, obscuring the way we use it would be the only hope. CW

Reply

Andrew Gray

9:35 p.m.

On 07/05/07, MacGyverMagic/Mgm <macgyvermagic(a)gmail.com> wrote:

Why is the main page even deleteable?

Because it's still a page. If you want to enshrine special status for it in the code, then by all means patch mediawiki to that extent... -- - Andrew Gray andrew.gray(a)dunelm.org.uk

Reply

Bryan Derksen

6:06 p.m.

Blu Aardvark wrote:

I really don't see an "immediate need". The worst-case scenario would be an abusive user running a bot on an admin account and going on a deletion spree at a time a steward was not readily available. This is an incredibly unlikely scenario, as the bot would have to be smart enough to unblock itself and remove autoblocks, in addition to having access to an admin account in the first place. Even if this ever did happen, any damage actually done would be temporary, as any admin action is reversible.

There's still history merges. In principle reversible, but in practice I imagine it would take an awful lot of effort if done maliciously.

Reply

Charlotte Webb

6:16 p.m.

On 5/7/07, Bryan Derksen <bryan.derksen(a)shaw.ca> wrote:

There's still history merges. In principle reversible, but in practice I imagine it would take an awful lot of effort if done maliciously.

Quiet, you. CW

Reply

Bryan Derksen

8 May 8 May

2:07 a.m.

Charlotte Webb wrote:

On 5/7/07, Bryan Derksen <bryan.derksen(a)shaw.ca> wrote:

In principle reversible, but in practice I imagine it would take an awful lot of effort if done maliciously.

Quiet, you.

Censorship! <insert 16-byte hex string here>! Seriously, though, I expect that anyone whose goal was to cause Wikipedia a serious maintenance headache rather than just the brief thrill of seeing their vandalism sprayed all over the front page of a top-10 website would be able to come up with that on their own. Putting any sort of weight on the "hopefully they won't think of doing _that_" defense only serves to give a false sense of security.

Reply

Rich Holton

2:18 p.m.

Bryan Derksen wrote:

Charlotte Webb wrote:

On 5/7/07, Bryan Derksen <bryan.derksen(a)shaw.ca> wrote:

In principle reversible, but in practice I imagine it would take an awful lot of effort if done maliciously.

Quiet, you.

Censorship! <insert 16-byte hex string here>! Seriously, though, I expect that anyone whose goal was to cause Wikipedia a serious maintenance headache rather than just the brief thrill of seeing their vandalism sprayed all over the front page of a top-10 website would be able to come up with that on their own. Putting any sort of weight on the "hopefully they won't think of doing _that_" defense only serves to give a false sense of security.

This is frequently mentioned as a difficult-to-undo admin action. Perhaps we should discuss having some additional layer of security and/or permission necessary to perform history merges, until a mechanism for easily undoing them is created. -Rich

Reply

Ken Arromdee

7 May 7 May

4:14 p.m.

On Sun, 6 May 2007, Blu Aardvark wrote:

Passwords should be /required/ to be at least six characters in length and contain at least one letter and one number. Most other popular sites do at least this. (If such a change were made, users with passwords not meeting this requirement could be prompted to change theirs upon the next login.)

Which means they'll *have* to use the same password on multiple web sites. It's just impossible for a human being to dozens of different arbitrary sequences of characters needed to get around on the net these days. You can choose between crackable passwords, and passwords that anyone who runs a web forum and logs passwords can just type in. There are no other options.

Reply

NSLE (Wikipedia)

4:23 p.m.

Okay, TWO in one day? A 5-year-old long-established admin account deleted the main page and added tubgirl to the sitenotice just about two hours or so ago. Surely this is just random password guessing here. And anyone else willing to fill me in on the BuickCenturyDriver situation? I've not had internet access since the morning my time and apparently it has all gotten out of hand...

Reply

Blu Aardvark

9 May 9 May

12:06 a.m.

That's a good point, and I'll admit I didn't consider that. Nonetheless, I do still hold that passwords should be required to be six characters in length (maybe not requiring alphanumeric combinations), and that certain common insecure passwords (and their variants) should be disabled from a technical level. As it is, a one-character password is perfectly valid. It's also as insecure as all get-out. Ken Arromdee wrote:

On Sun, 6 May 2007, Blu Aardvark wrote:

Passwords should be /required/ to be at least six characters in length and contain at least one letter and one number. Most other popular sites do at least this. (If such a change were made, users with passwords not meeting this requirement could be prompted to change theirs upon the next login.)

Which means they'll *have* to use the same password on multiple web sites. It's just impossible for a human being to dozens of different arbitrary sequences of characters needed to get around on the net these days. You can choose between crackable passwords, and passwords that anyone who runs a web forum and logs passwords can just type in. There are no other options. _______________________________________________ WikiEN-l mailing list WikiEN-l(a)lists.wikimedia.org To unsubscribe from this mailing list, visit: http://lists.wikimedia.org/mailman/listinfo/wikien-l

Reply

Mark Wagner

8 May 8 May

12:13 a.m.

On 5/6/07, Blu Aardvark <jeffrey.latham(a)gmail.com> wrote:

I'd like to see some changes to the password system. As it is, there are *no* restrictions on allowed passwords, as long as it is at least one character in length. Passwords should be /required/ to be at least six characters in length and contain at least one letter and one number.

Bugger that. My standard forum password meets those requirements, but is still incredibly weak. My Wikipedia password does *not* meet those requirements, but is much stronger, and has the added bonus that I can remember it. -- Mark [[User:Carnildo]]

Reply

MacGyverMagic/Mgm

10 a.m.

On 5/8/07, Mark Wagner <carnildo(a)gmail.com> wrote:

On 5/6/07, Blu Aardvark <jeffrey.latham(a)gmail.com> wrote:

I'd like to see some changes to the password system. As it is, there are *no* restrictions on allowed passwords, as long as it is at least one character in length. Passwords should be /required/ to be at least six characters in length and contain at least one letter and one number.

Bugger that. My standard forum password meets those requirements, but is still incredibly weak. My Wikipedia password does *not* meet those requirements, but is much stronger, and has the added bonus that I can remember it. -- Mark [[User:Carnildo]]

Carnildo is right. If you had to pick a different password for absolutely every site you visit, you either forget it, or run into problems trying to store it somehow. Requiring people to use numbers just adds a few options to the list of possible passwords, but if the hacker spends enough time on it, that password is no safer. We should somehow try to notice multiple failed logins and warn the targetted user about what is happening if it happens again. Mgm

Reply

NSLE (Wikipedia)

7 May 7 May

4:02 a.m.

I meant "rogue", of course, not red. Heh. On 07/05/07, NSLE (Wikipedia) <nsle.wikipedia(a)gmail.com> wrote:

Brilliant, someone went rouge again today.

Yeah, at least that's quicker than last time. On 07/05/07, Pedro Sanchez <pdsanchez(a)gmail.com> wrote:

Well, now it only took 5 minutes ... 01:32, 7 May 2007 AndyZ (Talk | contribs | block) deleted "Main Page" (My password is password!) (Restore) 01:37, 7 May 2007 Drini (Talk | contribs | block) changed group membership for User:AndyZ@enwiki from sysop to (none) (rogue)

Reply

Matthew Brown

4:06 a.m.

On 5/6/07, NSLE (Wikipedia) <nsle.wikipedia(a)gmail.com> wrote:

Brilliant, someone went rouge again today. Ryulong was blocked and the Main Page deleted.

All of which was handled quickly, it seems.

How long until the perennial proposals start coming in? Well, I'll start. When will desysopping long-inactive admins start to even be considered? Anyone?

AndyZ was not a long-inactive admin; he has a volume of legit edits through the end of February. -Matt

Reply

6220

days inactive

6221

days old

wikien-l@lists.wikimedia.org

Manage subscription

38 comments

22 participants

tags (0)

participants (22)

Andrew Gray
Blu Aardvark
Bryan Derksen
Charlotte Webb
geni
Gregory Maxwell
Gwern Branwen
John Vandenberg
Ken Arromdee
MacGyverMagic/Mgm
Mark Ryan
Mark Wagner
Matthew Brown
Michael Billington
NSLE (Wikipedia)
Oskar Sigvardsson
Pedro Sanchez
Rich Holton
Ron Ritzman
Stephen Bain
Todd Allen
William Pietri