[Mediawiki-l] RE: MediaWiki-l Digest, Vol 24, Issue 11
Chris Blake
cblake at pembroke.sa.edu.au
Sun Sep 4 05:44:21 UTC 2005
login id as parameter ?
Here's an apparently simple question who's solution is evading me.
We have mediawiki running on Ubuntu in a windows intranet (in a school). Everyone who gains access to the wiki has already logged on. I can easily grab their login name and pass it as a parameter to the weblink to the wiki.
So I want a use to launch the wiki with something like http://localintranetserver/wiki?mylogin=fredbloggs which would mean that all editing that Fred Bloggs does bears his name. Sounds easy... would solve lots of issues... but can't quite figure it out.
________________________________
From: mediawiki-l-bounces at Wikimedia.org on behalf of mediawiki-l-request at Wikimedia.org
Sent: Sun 4/09/2005 2:42 PM
To: mediawiki-l at Wikimedia.org
Subject: MediaWiki-l Digest, Vol 24, Issue 11
Send MediaWiki-l mailing list submissions to
mediawiki-l at Wikimedia.org
To subscribe or unsubscribe via the World Wide Web, visit
http://mail.wikipedia.org/mailman/listinfo/mediawiki-l
or, via email, send a message with subject or body 'help' to
mediawiki-l-request at Wikimedia.org
You can reach the person managing the list at
mediawiki-l-owner at Wikimedia.org
When replying, please edit your Subject line so it is more specific
than "Re: Contents of MediaWiki-l digest..."
Today's Topics:
1. RE: Create New Page button (Robert Hartmann)
2. Re: table user_rights gone! (Brion Vibber)
3. Default template for a Namespace (Ken)
4. Re: Default template for a Namespace (Mike Valstar)
5. Re: Member database auth plugin (Josh)
6. The file you uploaded seems to be empty. (Sy Ali)
7. Re: repeated spambot attacks (Muzaffer Ozakca)
8. Re: repeated spambot attacks (Sy Ali)
9. How does wfDebug work? (Rick DeNatale)
10. Re: encrypt mySQL password? (Anthony DiPierro)
----------------------------------------------------------------------
Message: 1
Date: Sat, 3 Sep 2005 20:32:03 +0200
From: "Robert Hartmann" <rob.hartmann at gmx.de>
Subject: RE: [Mediawiki-l] Create New Page button
To: "'MediaWiki announcements and site admin list'"
<mediawiki-l at Wikimedia.org>
Message-ID: <000f01c5b0b5$c9859070$4b7107d5 at RoboterScience>
Content-Type: text/plain; charset="us-ascii"
For this yoh have to install version 1.5 and install the
inputbox-plugin!
Look here: http://meta.wikimedia.org/wiki/Help:Inputbox
-----Original Message-----
From: Craig Hoffman [mailto:choffman at eclimb.net]
Sent: Saturday, September 03, 2005 12:01 AM
To: MediaWiki announcements and site admin list
Subject: [Mediawiki-l] Create New Page button
Hi There,
I just installed latest version 1.4.9 of MediaWiki and I'm learning
to use it. Please bear with me if my questions seem trivial.
Q1 - Can anyone recommend a tutorial site?
Q2 - On a few wiki sites I saw handy button (Create New Page) -- How
can I get this button to appear or is it some sort of hack I need to do?
Thanks,
Craig Hoffman
_______________________
Craig Hoffman
choffman at eclimb.net
iChat / AIM: m0untaind0g
_______________________
------------------------------
Message: 2
Date: Sat, 03 Sep 2005 12:23:15 -0700
From: Brion Vibber <brion at pobox.com>
Subject: Re: [Mediawiki-l] table user_rights gone!
To: MediaWiki announcements and site admin list
<mediawiki-l at Wikimedia.org>
Message-ID: <4319F823.20700 at pobox.com>
Content-Type: text/plain; charset="iso-8859-1"
Christian Parpart wrote:
> I've had some serous disk trouble and now, I'm missing the user_rights table,
> however, I'd simply create a new one, so, that every little user should just
> recreate their accounts.
>
> but how do I do?
>
> could anyone gimme a short hint on what the schema of this table usually looks
> like *AND* wether this would lead into other problems when I do it that way?
> (I do not wanna loose the page contents)....
See maintenance/tables.sql for the schema. Create the table, then a
blank row for each user:
INSERT INTO user_rights (ur_user,ur_rights) SELECT user_id,'' FROM user;
You'd want to set up some account as a sysop, probably, putting
'sysop,bureaucrat' or such into its ur_rights field.
(Note that this table is no longer used in 1.5, as it's been replaced by
user_groups.)
-- brion vibber (brion @ pobox.com)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 253 bytes
Desc: OpenPGP digital signature
Url : http://mail.wikipedia.org/pipermail/mediawiki-l/attachments/20050903/03a17b13/signature-0001.bin
------------------------------
Message: 3
Date: Sun, 04 Sep 2005 07:22:11 +1000
From: Ken <itknt at tpg.com.au>
Subject: [Mediawiki-l] Default template for a Namespace
To: mediawiki-l at wikimedia.org
Message-ID: <431A1403.6060105 at tpg.com.au>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Is it possible to specify a 'default' template for all documents in a
particular namespace? I am using v1.5rc4.
I am very new to mediaWiki and I am sure this is a simple thing to do
but I have not been able to tease it out of the documentation..
------------------------------
Message: 4
Date: Sat, 03 Sep 2005 17:48:03 -0400
From: Mike Valstar <mikevalstar at gentoo-wiki.com>
Subject: Re: [Mediawiki-l] Default template for a Namespace
To: MediaWiki announcements and site admin list
<mediawiki-l at Wikimedia.org>
Message-ID: <431A1A13.2040207 at gentoo-wiki.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
nope, you might need to find an extension or write one.
Ken wrote:
> Is it possible to specify a 'default' template for all documents in a
> particular namespace? I am using v1.5rc4.
>
> I am very new to mediaWiki and I am sure this is a simple thing to do
> but I have not been able to tease it out of the documentation..
> _______________________________________________
> MediaWiki-l mailing list
> MediaWiki-l at Wikimedia.org
> http://mail.wikipedia.org/mailman/listinfo/mediawiki-l
--
Mike Valstar
------------
My Gentoo Sites: http://gentoo-wiki.com http://gentoo-portage.com
My Site: http://thrasher7.net
Need Hosting: http://thrashcorp.com
------------------------------
Message: 5
Date: Sat, 3 Sep 2005 23:05:58 +0000 (UTC)
From: Josh <joshua.l.bass at lmco.com>
Subject: [Mediawiki-l] Re: Member database auth plugin
To: mediawiki-l at wikimedia.org
Message-ID: <loom.20050904T010422-601 at post.gmane.org>
Content-Type: text/plain; charset=us-ascii
Ashar Voultoiz <hashar at ...> writes:
>
> Bass, Joshua L wrote:
> > I need help with an authorization script. I have an external member
> > database that I wish to verify against. I have tried all the authplugins
> > that I could find on the net and modified the code using these values,
> > but I cannot get any of them to work. Can someone help me out here?
> >
> > Database Name: 'members'
> > Database Server: 'localhost'
> > Database Wser: 'DB_USER'
> > Database Password: 'DB_PASS'
> > Member Table: 'authuser'
> > Username Field: 'uname'
> > Password Field: 'passwd'
> >
> > Email is stored in a separate table: 'signup'
> > Email Field: 'email'
>
> Have you read my reply to your previous post ?
>
Yes, but after some thinking, I have decided to use a separate database to hold
all my members information. i will use that database to auth both the wiki and
forums. I already have the forums working, but cannot get the wiki auth plugin
to work.
------------------------------
Message: 6
Date: Sun, 4 Sep 2005 05:53:44 +0500
From: Sy Ali <sy1234 at gmail.com>
Subject: [Mediawiki-l] The file you uploaded seems to be empty.
To: MediaWiki announcements and site admin list
<mediawiki-l at wikimedia.org>
Message-ID: <1e55af9905090317537655f012 at mail.gmail.com>
Content-Type: text/plain; charset=ISO-8859-1
When trying to upload, I get:
--
The file you uploaded seems to be empty. This might be due to a typo
in the file name. Please check whether you really want to upload this
file.
--
Having been through this several times before, I have notes on the
common things to check for. Unfortunately, after having gone through
those solutions I am still unable to resolve this problem.
First, is there any other documentation on the subject, other than
http://meta.wikimedia.org/wiki/Uploading_files ?
* php.ini has file uploading enabled.
* php.ini has a 2M upload size, which is larger than the file size.
* I tried editing php.ini to specify a temp folder, which I made sure
was world-writable.
* images/ is writable.
* I'm not running php safe_mode
* my browser has permission to upload the file.
* I'm not running Apache2, and don't have funky settings.
* I've tried taking down various firewalls, to no avail.
The thing that's changed is.. the underlying distribution. So I
suspect there's an issue there, but I don't have the knowhow to know
where to poke around.
Ideas?
Running mw 1.5rc4
------------------------------
Message: 7
Date: Sat, 03 Sep 2005 22:01:13 -0500
From: Muzaffer Ozakca <mozakca at indiana.edu>
Subject: Re: [Mediawiki-l] repeated spambot attacks
To: MediaWiki announcements and site admin list
<mediawiki-l at Wikimedia.org>
Message-ID: <431A6379.7080304 at indiana.edu>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Maybe we could use rate control to reduce spam. phpBB has a similar
control I believe. I don't know how effective these schemes are but it
might help ease the pain of reverting everything back. This probably
requires a new table with ip addresses/user-ids and the time of last
update. Whenever a new update is submitted:
. check the time of previous update attempt if exists in the table from
this user or ip
. if the time between these two requests is too short, show a warning
that the user has to wait a minute or whatever to send a new update
How long the program should wait can be determined empirically. It
should be made sure that whenever a warning is shown, user's
contributions are not lost. it would be really frustrating to lose it
because of a stupid software thinking you're a bot. And this table can
be cleared periodically, say every hour, to remove old records.
Mike Valstar wrote:
> you could:
> 1. enable blocking of ip blocks (see defaultsettings.php) then block
> 69.50.0.0/16
>
> 2. change your settings to only allow people who are logged in to edit
>
> 3. run a wiki bot, give that bot the ability to block suspected spammers
> (this is what i do)
>
> The first will only help for a short while, there are many spammers,
> with all the wiki-mania going on on the web spammers see a great
> opertunity to increase their google rank
>
> the second works pretty well (there are a few bots that get through, but
> no plan is perfect), but for a wiki that is starting out i concider
> this an early death to the wiki unless you already have a good
> readership and editorship
>
> the 3rd works, but there are no public bots specifically made for this
> that i know of off hand, I am currently building mine by hand and will
> be releaseing it to the public when i feel its ready, if you want a
> preview copy .. mail me and i'll see what i can do (my current version
> is very rudimentary but blocks 95% of spammers, it still dosent auto
> revert)
>
> Mike Valstar
> http://gentoo-wiki.com
>
> Andy Roberts wrote:
>
>> Hi all, This is my first contribution, I have a few queries and I hope
>> somebody can help me find the solutions or information I need.
>>
>> Problem:
>> I have a mediawiki running on a hosted web server ( ie not on my own
>> computer ) which is being repeatedly spammed by a bot or bots which
>> not only edits multiple pages inserting hundreds of porn links and so
>> on, but also creates lots of new pages and talk pages.
>>
>> according to the version page, the wiki is running on
>> MediaWiki (http://wikipedia.sf.net/): 1.3.5 PHP
>> (http://www.php.net/): 4.3.10 (apache) MySQL
>> (http://www.mysql.com/): 4.0.24-standard-log
>>
>> I can access the database using phpMyAdmin 2.6.3
>>
>> The spammer(s) use IP addresses which vary, but always begin with
>> 69.50.
>> So what I can do for now, after a spam attack, is to log in as
>> WikiSysop, block the individual IP number, go through reverting all
>> the pages and deleting the newly created ones.
>> Then I go to the phpMyAdmin page and run a few stored scripts which
>> delete all the unwanted edits from both 'old' and 'recentchanges' ,
>> empty archive , and then the database is back to normal without
>> expanding unmanageably.
>>
>> My main question is :
>>
>> How can I block the entire range of IP addresses like 69.50.* ??
>>
>> Any help much appreciated, as I am determined to try and keep this
>> wiki open to all and not concede to the spambots.
>>
>>
>>
>
> _______________________________________________
> MediaWiki-l mailing list
> MediaWiki-l at Wikimedia.org
> http://mail.wikipedia.org/mailman/listinfo/mediawiki-l
>
------------------------------
Message: 8
Date: Sun, 4 Sep 2005 08:40:48 +0500
From: Sy Ali <sy1234 at gmail.com>
Subject: Re: [Mediawiki-l] repeated spambot attacks
To: MediaWiki announcements and site admin list
<mediawiki-l at wikimedia.org>
Message-ID: <1e55af99050903204019dfead7 at mail.gmail.com>
Content-Type: text/plain; charset=ISO-8859-1
The most heavy solution would be to force edits by logged in users and
have a user only creatable by an administrator.
There have also been some nice hacks floating about to allow anonymous
edits only to talk pages. I rather like the combination of these
ideas for the beginnings of spam prevention.
Then denying the wholesale dump of links into talk pages via some
other spam prevention mechanism.
Also, it would be nice to rewrite talk pages into a folder and tell
google via robots.txt not to rank anything in that folder.
But all of this just adds layers upon layers of complexity.. =/
------------------------------
Message: 9
Date: Sun, 4 Sep 2005 00:39:17 -0400
From: Rick DeNatale <rick.denatale at gmail.com>
Subject: [Mediawiki-l] How does wfDebug work?
To: MediaWiki announcements and site admin list
<mediawiki-l at wikimedia.org>
Message-ID: <deb2337a0509032139393f7119 at mail.gmail.com>
Content-Type: text/plain; charset=ISO-8859-1
I'm trying to debug an extension. I found the wfDebug function which
seems to be widely used in the rest of the mediawiki code, but I can't
seem to get it to do anything. I know that I'm running through at
least one wfDebug() call but it seems to have no effect.
I've set $wgDebugLogFile to the path of a file and made sure that the
web server has write access to it. I don't get any output. I then set
$wgDebugComments to true but still no output.
Is there something I'm missing?
------------------------------
Message: 10
Date: Sat, 3 Sep 2005 15:04:36 -0400
From: Anthony DiPierro <wikispam at inbox.org>
Subject: Re: [Mediawiki-l] encrypt mySQL password?
To: MediaWiki announcements and site admin list
<mediawiki-l at wikimedia.org>
Message-ID: <71cd4dd9050903120448a6ace0 at mail.gmail.com>
Content-Type: text/plain; charset=ISO-8859-1
It's not a very good design, security-wise, for included php files to be
within the web document root. See
http://meta.wikimedia.org/wiki/Documentation:Security#Alternate_file_layout.
That said, this situation alone does not seem to be an exploitable security
problem.
Personally I've moved all the included files outside the document root.
Mediawiki wasn't designed for this, so I do a chdir() at the top of each
directly accessed php file. This hasn't been tested very well, might not
work right, and might present security problems of its own. The proper
solution would be for the Mediawiki developers to explicitly design the wiki
software to run in this way, possibly as an option if there is some
particular reason, but I don't see what that reason could be.
Anthony
On 9/2/05, dug <dalford at mindleaders.com> wrote:
>
> I've noticed that the admin password to the mySQL db is included in plain
> text in the LocalSettings.php file in my Wiki directory, which is set to
> 755, readable and executable by the world. Am I being paranoid, or is this
> a
> slightly insecure situation?
>
> Can the password be encrypted, or is there some other security measure I
> should take?
>
> TIA
> --doug
>
>
>
>
> _______________________________________________
> MediaWiki-l mailing list
> MediaWiki-l at Wikimedia.org
> http://mail.wikipedia.org/mailman/listinfo/mediawiki-l
>
------------------------------
_______________________________________________
MediaWiki-l mailing list
MediaWiki-l at Wikimedia.org
http://mail.wikipedia.org/mailman/listinfo/mediawiki-l
End of MediaWiki-l Digest, Vol 24, Issue 11
*******************************************
More information about the MediaWiki-l
mailing list