-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
As noted in other threads on several mailing lists, a few admin accounts on en.wikipedia have been compromised recently, used to vandalize high-traffic protected pages.
We're starting to roll out some additional protections against password-guessing attacks, including but not limited to:
* Additional logging to better detect dictionary-style attacks
* Speed-bump measures against multiple failed logins [But not that should DoS legitimate users. The traditional "lock out the account after three tries" would make it trivial to lock out all the site's sysops -- not wise. :)]
* Weak-password checks on existing sysops on our largest sites. Several accounts have had their weak passwords invalidated and will need to reset by mail before logging in again.
* Several targeted blocks against known cracking attempts.
Over the coming days we will additionally be rolling out more automated password-strength checkers at login / set-password / change-password time to reduce the danger of guessable passwords.
Please distribute this information as appropriate to your local projects/languages.
- -- brion vibber (brion @ wikimedia.org)
Brion Vibber wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
As noted in other threads on several mailing lists, a few admin accounts on en.wikipedia have been compromised recently, used to vandalize high-traffic protected pages.
We're starting to roll out some additional protections against password-guessing attacks, including but not limited to:
Additional logging to better detect dictionary-style attacks
Speed-bump measures against multiple failed logins
[But not that should DoS legitimate users. The traditional "lock out the account after three tries" would make it trivial to lock out all the site's sysops -- not wise. :)]
What you should do here is after three failed attempts **CHANGE** the password and email the new password to the affected account. Otherwise, the account is locked up. It will require people enter a valid email address, but oh well.
Jeff
On Mon, 07 May 2007 16:19:28 -0600, Jeff V. Merkey wrote:
What you should do here is after three failed attempts **CHANGE** the password and email the new password to the affected account. Otherwise, the account is locked up. It will require people enter a valid email address, but oh well.
Jeff
DOS and spam seems like adding insult to injury. I'd expect lot of complaints from the poor users who's passwords change hourly.
Slowing down the response rate based on the number of requests seems less painful.
Steve Sanbeg wrote:
On Mon, 07 May 2007 16:19:28 -0600, Jeff V. Merkey wrote:
What you should do here is after three failed attempts **CHANGE** the password and email the new password to the affected account. Otherwise, the account is locked up. It will require people enter a valid email address, but oh well.
Jeff
DOS and spam seems like adding insult to injury. I'd expect lot of complaints from the poor users who's passwords change hourly.
Slowing down the response rate based on the number of requests seems less painful.
Actually no. Only one password email can be sent every 24 hours. This is how the current MediaWiki works, so this would work well.
Jeff
Wikitech-l mailing list Wikitech-l@lists.wikimedia.org http://lists.wikimedia.org/mailman/listinfo/wikitech-l
On 07/05/07, Jeff V. Merkey jmerkey@wolfmountaingroup.com wrote:
Actually no. Only one password email can be sent every 24 hours. This is how the current MediaWiki works, so this would work well.
The problem is that if this was done, then a malicious user could trigger account suspension for all administrators on a wiki, which would interrupt important actions such as blocking vandals and other undesirable editors, deleting pages and images, and disrupt the overall administrative infrastructure.
This might not be such an issue on large wikis, such as the English Wikipedia, which has upwards of 900 administrators, but consider the smaller wikis with fewer active administrators.
Rob Church
Rob Church wrote:
On 07/05/07, Jeff V. Merkey jmerkey@wolfmountaingroup.com wrote:
Actually no. Only one password email can be sent every 24 hours. This is how the current MediaWiki works, so this would work well.
The problem is that if this was done, then a malicious user could trigger account suspension for all administrators on a wiki, which would interrupt important actions such as blocking vandals and other undesirable editors, deleting pages and images, and disrupt the overall administrative infrastructure.
This might not be such an issue on large wikis, such as the English Wikipedia, which has upwards of 900 administrators, but consider the smaller wikis with fewer active administrators.
Rob Church
Wikitech-l mailing list Wikitech-l@lists.wikimedia.org http://lists.wikimedia.org/mailman/listinfo/wikitech-l
Add a check for the admins IP address from checkuser and if the address is different send a new email.
Jeff
On 5/8/07, Jeffrey V. Merkey jmerkey@wolfmountaingroup.com wrote:
Add a check for the admins IP address from checkuser and if the address is different send a new email.
Far too fragile. Admins may want to log in from multiple IPs for any of a wide variety of reasons, not least of which is a dynamic ISP, but also travelling, work/school/home, etc.
On 08/05/07, Simetrical Simetrical+wikilist@gmail.com wrote:
On 5/8/07, Jeffrey V. Merkey jmerkey@wolfmountaingroup.com wrote:
Add a check for the admins IP address from checkuser and if the address is different send a new email.
Far too fragile. Admins may want to log in from multiple IPs for any of a wide variety of reasons, not least of which is a dynamic ISP, but also travelling, work/school/home, etc.
Indeed. I tend to live my online life from whatever copy of Firefox is handy - Gmail, Gtalk, LiveJournal, Wikipedia.
I'm surprised https:// login isn't standard on Wikimedia sites already ... it is on every other large service.
- d.
wikitech-l@lists.wikimedia.org