[Mediawiki-l] bot intrusion?

Helmut Hullen Hullen at t-online.de
Mon Aug 25 20:28:00 UTC 2008


Hallo, Michael,

Du (michael.daly) meintest am 11.08.08:

>> "GET /Wiki/index.php?title=http://example.tld/some-side.htm?
>> HTTP/1.1" 301 "GET /Wiki/index.php?title=Http://example.tld/some-sid
>> e.htm%3F HTTP/1.1" 200


> That's spam.  Example.tld is likely coming from Russia (i.e. the real
> domain is something.ru) - at least that's what I'm getting.

> I've added some statements to my Apache <VirtualHost> sections to use
> mod_rewrite to send back a 403 (forbidden URL) message:

> RewriteCond %{REQUEST_URI} ^title=.*http:            [OR,NC]
> RewriteCond %{REQUEST_URI} ^/index\.php/.*http:      [OR,NC]
> #... other forbidden stuff...
> RewriteRule ^(.*)$    http://example.com             [F,L,R]

> That seems to catch most of it.

Doesn't work - sorry.

Just another idea:
This spambot always asks "<wiki-dir>/index.php", and that skript always  
could detect

        title=http://xyz
        or
        title=Http://xyz

In my Wiki I've never seen an allowed query string with an URL as title:  
mediawiki should (as far as I can see) detect such titles as errors.

How and where could I patch the "index.php"?

Viele Gruesse!
Helmut



More information about the MediaWiki-l mailing list