[WikiEN-l] We need a way to deal with AOL vandals THIS year

Tony Wilson list at redhill.net.au
Thu Jun 5 15:57:50 UTC 2003


Right at this moment, Michael is logged in as User:Fuck. He has
cottoned on to two key weaknesses in our security setup. 

Either one on its own is a problem, but both together is a gaping hole:

(a) There is no way to block a logged-in user if you can't guess his IP
address.

(b) You can revert and rollback, but page moves are *much* more
difficult to restore. You can't jus rollback a page move, you have to
fiddle about making sure you are restoring the right page and not
losing the history, and so on.

So far as I can see, there are only three possible solutions  - no,
make that four, but I don't like the last one much.

(i) Establish a time + number of edits before any new user is
unblockable

(ii) Figure out a way to make the Rollback feature work on page moves
as well as ordinary edits

(iii) Disallow page moves to ordinary users and make that a sysop-only
task

(iv) Pick another half-dozen people, trusted and experienced sysops,
and give them the ability to stand in when Brion and Eloquence are not
around to block the Michaels of this world. Those guys are great, but
they can't be here all the time.

This current vulnerability is a *major* problem, and in my view it
needs action RIGHT AWAY.

In the meantime, Michael is running rampage through the database.

Tony

(Tannin)






More information about the WikiEN-l mailing list