[Mediawiki-l] Re: Attack of one user: Rollback of all changes?

[Sy Ali]

On 10/12/05, Karl-Otto Kirst <post at karl-kirst.de> wrote:
> > > <div id="wiki1883" style="overflow:auto; height: 1px; ">
> >
> >
> > besides installing the blacklist extension, I have set
> >
> > $wgSpamRegex="/<div/";
> >
> > so edits which include '<div' should be blocked. (I can't see any of
> > my regular users using <div>...</div>).
>
> Isn't it better do use:
>
> $wgSpamRegex="/overflow:auto/";
>
> Because "<div>" can be useful.

Thanks for these tips, I'll add these to my arsenal.  I also got hit
by this guy on the GTALUG wiki (http://gtalug.org) and it really
pissed me off.  I've locked it down and the two others I'm an admin
for.

I'll be requiring an update to 1.5, spamassassin, these tweaks and a
bit more.  I don't think I'll ever allow anonymous editing again, and
I'll probably end up with email registration once I figure it out.

Being unable to completely eradicate (not rollback, but delete) edits
by a user or IP is really frustrating.  Having to ban and hand-edit
edits by multiple bots from multiple IPs is outrageous.  A properly
organized distributed attack could easily completely overwhelm a wiki
(countermeasures aren't supplied with mediawiki), requiring a
rollback-bot (which isn't supplied with mediawiki) or a database
restore followed by a lot of security scaffolding (which isn't
supplied with mediawiki).

A default installation of mediawiki is wide open to a lot of different
attacks.  Small and medium-sized wikis don't have the manpower or
tools to fend off bot attacks.

I hope a lot more of these attacks come, and they get a lot smarter..
it'll help push the improvement of defences.