Community Projects > The FreeSpace Wiki Project

Help! FSWiki under spambot attack

<< < (3/3)

Goober5000:
No response from rev_posix in the last week. ¯\_(ツ)_/¯  And the spammers are still coming.

I'm mostly back online but it will be several days before the wiki is fully fixed.  Whatever happened really screwed things up.

rev_posix:
Ug, sorry peeps, been sick this past week, work as always (funny how the xmas 'freeze' time often seems to be the busiest times of the year)...

I'm not sure what happened with the wiki, it is possible that the fixed version was accidentally reverted when experimentation was being done to get it to run over SSL.

Any future work will have confirmed backups in place, which reminds me, I need to adjust the rsync stuff to reflect the new directory structure.

Vidmaster:
As of today, the debug stuff has been combined with missing images now. Well, the GTVA thought they had proven their technological superiory as well and then the Juggernauts started jumping in ;-)

Goober5000:
I specifically disabled debug messages and I also specifically disabled account creation.  It's like LocalSettings.php isn't even being loaded.

I hope to have more time to look at this in the next few days.

rev_posix:

--- Quote from: Goober5000 on December 07, 2017, 02:18:41 pm ---I specifically disabled debug messages and I also specifically disabled account creation.  It's like LocalSettings.php isn't even being loaded.

I hope to have more time to look at this in the next few days.

--- End quote ---
I checked this, and it's reading the LocalSettings file.  If new accounts are still being made, I can only think that somehow, the bots might have set up a bogus account and got rights on it to make new ones?  I don't have an account on it myself to look at the UI and see, but I can get into the backend and edit the settings file...

So, I've added some lines and adjusted the section that was added:


--- Code: ---# Only users with accounts four days old or older can create pages
# Requires MW 1.6 or higher.
$wgGroupPermissions['*'            ]['createpage'] = false;
$wgGroupPermissions['user'         ]['createpage'] = false;
$wgGroupPermissions['autoconfirmed']['createpage'] = true;

# Prevent new user registrations except by sysops
$wgGroupPermissions['*']['createaccount'] = false;

#This will stop sysops from creating accounts as well
$wgGroupPermissions['sysop']['createaccount'] = false;

--- End code ---

Starts on line 143 of the file.  It's a kind of emergency setting, but should prevent any new accounts being made until it can be better cleaned up.

As for the debug stuff, it looks like it was turned up in the php.ini as well.  I changed those settings and reloaded apache and the php module.  But I see there is something still printing it up.  I'll poke around and see if I can find it

EDIT:  Found it in the index.php.  Changed.  Post the URL if it still shows up anywhere.

Navigation

[0] Message Index

[*] Previous page

Go to full version