[Labs-l] Ensure your MediaWiki/software install is either locked-down or properly patrolled
Damian Zaremba
damian at damianzaremba.co.uk
Wed Oct 3 00:55:30 UTC 2012
On 03/10/2012 01:46, Ryan Lane wrote:
> We've had some issues with really bad vandalism on some public
> instances that have MediaWiki installed in such a way that allows
> anonymous editing.
>
> If you are using MediaWiki and your instance has a public IP which
> allows access to the outside world, then you must lock down your wiki,
> or you must properly patrol it. When community members inform us of a
> vandalised wiki that isn't being cleaned up, we'll be forced to
> disable access to the wiki via the project's security groups.
>
> - Ryan
>
> _______________________________________________
> Labs-l mailing list
> Labs-l at lists.wikimedia.org
> https://lists.wikimedia.org/mailman/listinfo/labs-l
I'd just like to extend this to 'all software', it really needs keeping
up to date and properly securing where applicable if at all public.
We had an issue in bots just last week, with a rouge PhpMyAdmin install
causing an instance to become a security risk and resulting in wasted
time recreating it.
Just remember we are in a shared environment and not everyone in the
world is nice :)
Damian
More information about the Labs-l
mailing list