[Mediawiki-l] Re: Attack of one user: Rollback of all changes?
Sy Ali
sy1234 at gmail.com
Wed Oct 12 22:32:27 UTC 2005
On 10/12/05, Karl-Otto Kirst <post at karl-kirst.de> wrote:
> > > <div id="wiki1883" style="overflow:auto; height: 1px; ">
> >
> >
> > besides installing the blacklist extension, I have set
> >
> > $wgSpamRegex="/<div/";
> >
> > so edits which include '<div' should be blocked. (I can't see any of
> > my regular users using <div>...</div>).
>
> Isn't it better do use:
>
> $wgSpamRegex="/overflow:auto/";
>
> Because "<div>" can be useful.
Thanks for these tips, I'll add these to my arsenal. I also got hit
by this guy on the GTALUG wiki (http://gtalug.org) and it really
pissed me off. I've locked it down and the two others I'm an admin
for.
I'll be requiring an update to 1.5, spamassassin, these tweaks and a
bit more. I don't think I'll ever allow anonymous editing again, and
I'll probably end up with email registration once I figure it out.
Being unable to completely eradicate (not rollback, but delete) edits
by a user or IP is really frustrating. Having to ban and hand-edit
edits by multiple bots from multiple IPs is outrageous. A properly
organized distributed attack could easily completely overwhelm a wiki
(countermeasures aren't supplied with mediawiki), requiring a
rollback-bot (which isn't supplied with mediawiki) or a database
restore followed by a lot of security scaffolding (which isn't
supplied with mediawiki).
A default installation of mediawiki is wide open to a lot of different
attacks. Small and medium-sized wikis don't have the manpower or
tools to fend off bot attacks.
I hope a lot more of these attacks come, and they get a lot smarter..
it'll help push the improvement of defences.
More information about the MediaWiki-l
mailing list