[Mediawiki-l] spam attack avoids captcha
Frederick Grose
fgrose at gmail.com
Wed Jul 28 16:33:21 UTC 2010
On Wed, Jul 28, 2010 at 12:11 PM, Hiram Clawson <hiram at soe.ucsc.edu> wrote:
> Good Morning MediaWiki Fans:
> Our wiki site suffered a spam attack this weekend. (version 1.13.0) The
> attack evidently
had some method to work-around the new account Captcha barrier, and the
authorized user email allowed to edit setting. I'm curious if anyone
else has encountered such attacks and if there are new ways to block
bogus account creation.
> --Hiram
We suffered such an attack and fortunately had OpenID login installed and
so decided to disable native wiki account creation with this
in LocalSettings.php
# Prevent new user registrations except by sysops
$wgGroupPermissions['*']['createaccount'] = false;
Then updated http://wiki.sugarlabs.org/go/MediaWiki:Loginprompt to
suggest that new users create accounts with an OpenID.
This has prevented the spam, but the server and database may still be
under attack.
--Fred
More information about the MediaWiki-l
mailing list