[MediaWiki-l] Restoring MediaWiki after the Drupal exploit?

Alex Monk krenair at gmail.com
Sun Nov 2 23:31:32 UTC 2014


Just be careful about the 'MediaWiki:' restricted namespace pages. Those
can have things like JavaScript which MediaWiki often deliberately does not
escape.

On 2 November 2014 23:20, Bartosz Dziewoński <matma.rex at gmail.com> wrote:

> On Sun, 02 Nov 2014 23:53:28 +0100, Boris Steipe <boris.steipe at utoronto.ca>
> wrote:
>
>  If I understand the Drupal advisory correctly, backdoors could have been
>> installed in the database. I don't know nearly enough about this, but I
>> suspect this could mean that a backdoor could reappear on the new machine
>> if I were to dump my current Wiki tables from the old machine and reinstall
>> them on the new machine. Is this correct? And if so, what would the best
>> strategy be for recovery? I hope this can be done more efficiently than
>> copy/pasting Wikitext.
>>
>
> If you want to be extra paranoid, and you only care about the contents of
> pages (and possibly their earlier versions) and none of all the boring
> extra data, then you can export and import the contents of wiki pages. This
> should always be safe, as MediaWiki assumes that all page text is hostile
> user input and always parses and escapes everything that needs it.
>
> https://www.mediawiki.org/wiki/Manual:Importing_XML_dumps
>
> --
> Bartosz Dziewoński
>
>
> _______________________________________________
> MediaWiki-l mailing list
> To unsubscribe, go to:
> https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
>


More information about the MediaWiki-l mailing list