On Wed, Jul 28, 2010 at 12:11 PM, Hiram Clawson <hiram(a)soe.ucsc.edu> wrote:
Good Morning MediaWiki Fans:
Our wiki site suffered a spam attack this weekend.
(version 1.13.0) The
had some method to work-around the new account Captcha barrier, and the
authorized user email allowed to edit setting. I'm curious if anyone
else has encountered such attacks and if there are new ways to block
bogus account creation.
We suffered such an attack and fortunately had OpenID login installed and
so decided to disable native wiki account creation with this
# Prevent new user registrations except by sysops
$wgGroupPermissions['*']['createaccount'] = false;
Then updated http://wiki.sugarlabs.org/go/MediaWiki:Loginprompt
suggest that new users create accounts with an OpenID.
This has prevented the spam, but the server and database may still be