Good afternoon everyone,
I finished upgrading our mediawiki wiki.redmountainmakers.org to 1.22.6 last weekend. Due to some family issues, ended up accessing my ISP to run maintenance scripts from the command line over an airport network enroute to another city. This may have been the source of the hacking problem, as due to some problems establishing a secure connection, I transmitted a password in the clear to my ISP.
Checked back in on the wiki last week to find around 1300 new spammy users.
Have locked down the wiki, blocking new account creation, enabled a captcha, and have restricted administrator's priviledges to create new accounts. But the new accounts keep on coming.
Spam blacklist is enabled. Sysops have been blocked from creating accounts, as have all ordinary users. I've changed the critical passwords.
Recommendations as to other settings I should be checking?
-- Shirley Hicks
Hi
I recommend making your captcha questions dynamic. Best answer I ever found for spam on Mediawiki: http://thingelstad.com/stopping-mediawiki-spam-with-dynamic-questy-captchas/...
Sent from my iPad
On Jun 15, 2014, at 10:22 AM, Shirley Hicks shirley@velochicdesign.com wrote:
Good afternoon everyone,
I finished upgrading our mediawiki wiki.redmountainmakers.org to 1.22.6 last weekend. Due to some family issues, ended up accessing my ISP to run maintenance scripts from the command line over an airport network enroute to another city. This may have been the source of the hacking problem, as due to some problems establishing a secure connection, I transmitted a password in the clear to my ISP.
Checked back in on the wiki last week to find around 1300 new spammy users.
Have locked down the wiki, blocking new account creation, enabled a captcha, and have restricted administrator's priviledges to create new accounts. But the new accounts keep on coming.
Spam blacklist is enabled. Sysops have been blocked from creating accounts, as have all ordinary users. I've changed the critical passwords.
Recommendations as to other settings I should be checking?
-- Shirley Hicks
MediaWiki-l mailing list MediaWiki-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
Thank you Chris for that link, I had a terrible spam problem when I started my farm, not so much anymore (I believe an abuse filter a developer friend created coupled with range blocks seems to be catching them now). I'm going to re-config ConfirmEdit to the suggested on that page, it just seems to be a good set even if you're not having any problems.
*Mlpearc* Founder Everything Food & Drink.org everythingfoodanddrink.org http://www.everythingfoodanddrink.org/w/index.php/Main_Page
On Sun, Jun 15, 2014 at 10:30 AM, Chris Tharp tharpenator@gmail.com wrote:
Hi
I recommend making your captcha questions dynamic. Best answer I ever found for spam on Mediawiki: http://thingelstad.com/stopping-mediawiki-spam-with-dynamic-questy-captchas/...
Sent from my iPad
On Jun 15, 2014, at 10:22 AM, Shirley Hicks shirley@velochicdesign.com wrote:
Good afternoon everyone,
I finished upgrading our mediawiki wiki.redmountainmakers.org to 1.22.6
last weekend.
Due to some family issues, ended up accessing my ISP to run maintenance
scripts from the command line over an airport network enroute to another city.
This may have been the source of the hacking problem, as due to some
problems establishing a secure connection, I transmitted a password in the clear to my ISP.
Checked back in on the wiki last week to find around 1300 new spammy
users.
Have locked down the wiki, blocking new account creation, enabled a
captcha, and have restricted administrator's priviledges to create new accounts.
But the new accounts keep on coming.
Spam blacklist is enabled. Sysops have been blocked from creating accounts, as have all ordinary
users.
I've changed the critical passwords.
Recommendations as to other settings I should be checking?
-- Shirley Hicks
MediaWiki-l mailing list MediaWiki-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
MediaWiki-l mailing list MediaWiki-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
Thanks for thanking me, but seriously you should thank Jamie Thingelstad. Not only did he come up with the best answer for spam I've seen, but he also is, I think, one half of the time that created the Foreground skin (for my money the best skin in Mediawiki). Oh, and he started Wikiapiary: https://wikiapiary.com/wiki/Main_Page...
On Sun, Jun 15, 2014 at 12:50 PM, Mlpearc < mlpearc@everythingfoodanddrink.org> wrote:
Thank you Chris for that link, I had a terrible spam problem when I started my farm, not so much anymore (I believe an abuse filter a developer friend created coupled with range blocks seems to be catching them now). I'm going to re-config ConfirmEdit to the suggested on that page, it just seems to be a good set even if you're not having any problems.
*Mlpearc* Founder Everything Food & Drink.org everythingfoodanddrink.org http://www.everythingfoodanddrink.org/w/index.php/Main_Page
On Sun, Jun 15, 2014 at 10:30 AM, Chris Tharp tharpenator@gmail.com wrote:
Hi
I recommend making your captcha questions dynamic. Best answer I ever found for spam on Mediawiki:
http://thingelstad.com/stopping-mediawiki-spam-with-dynamic-questy-captchas/...
Sent from my iPad
On Jun 15, 2014, at 10:22 AM, Shirley Hicks shirley@velochicdesign.com wrote:
Good afternoon everyone,
I finished upgrading our mediawiki wiki.redmountainmakers.org to
1.22.6
last weekend.
Due to some family issues, ended up accessing my ISP to run maintenance
scripts from the command line over an airport network enroute to another city.
This may have been the source of the hacking problem, as due to some
problems establishing a secure connection, I transmitted a password in
the
clear to my ISP.
Checked back in on the wiki last week to find around 1300 new spammy
users.
Have locked down the wiki, blocking new account creation, enabled a
captcha, and have restricted administrator's priviledges to create new accounts.
But the new accounts keep on coming.
Spam blacklist is enabled. Sysops have been blocked from creating accounts, as have all ordinary
users.
I've changed the critical passwords.
Recommendations as to other settings I should be checking?
-- Shirley Hicks
MediaWiki-l mailing list MediaWiki-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
MediaWiki-l mailing list MediaWiki-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
MediaWiki-l mailing list MediaWiki-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
mediawiki-l@lists.wikimedia.org