Hard Light Productions Forums
Community Projects => The FreeSpace Wiki Project => Topic started by: TopAce on November 26, 2017, 03:39:16 am
-
http://wiki.hard-light.net/index.php/Special:RecentChanges
It's happening right now. Even as I'm trying to get rid of the accounts/articles they created, new ones are generated. Any other admin online that could help?
-
Were registrations opened back up in the server move? Should probably fix that.
-
Not on purpose. I assume we've been hacked.
I checked the last 3500(!) recent changes and found out that all those edits were spambot account creations, spam article creations, or me doing cleanup. And they just keep coming. This is above my head.
[EDIT]Normal wiki browsing has been compromised too. There's a long "debug" log that starts roughly from the center of the page, and there are images and some templates missing. The Apollo article (http://wiki.hard-light.net/index.php/GTF_Apollo) for example is a complete mess.
-
Yeah, things are getting kind of bad on the wiki. long nonsense spoiled strings of debug data and what not.
-
Those errors look a lot like the stuff we saw after the server move and the user creation page is publicly accessible. Did someone revert one of the fixes that were applied after the move? I thought it worked fine after Goober reinstalled the wiki.
-
I hope we have a backup... Kill it with fire. Start again.
-
Well, they stopped at least. Guess that's good.
-
Yeah, that debug stuff has been there a few days. I just assumed it was you guys doing something server-move related (wiki is outputting debug stuff to spoilered text lines on every wiki page).
-
My guess is that this is somehow related to the HTTPS move. I fixed the wiki before I fixed the forum, and it has been working just fine for the last few weeks.
The configuration settings that prevented account creation had been removed. I added them back.
The debug data should not be displayed; it wasn't enabled in LocalSettings.php and I tried specifically disabling it with no luck. It looks like disabling account creation is working properly, so it's not a case of LocalSettings.php not being loaded somehow. It must be caused by something else, but I couldn't say what.
I'm on travel this weekend and for the next few days so my ability to do much more will be limited. Hopefully Zacam and/or rev_posix can look into this in the meantime. We do have backups, so rolling it back sounds like the best option to me.
Yeah, that debug stuff has been there a few days. I just assumed it was you guys doing something server-move related (wiki is outputting debug stuff to spoilered text lines on every wiki page).
FFS, there is a big blue newspost for a reason. "If you see anything that isn't working, please let us know."
-
My guess is that this is somehow related to the HTTPS move. I fixed the wiki before I fixed the forum, and it has been working just fine for the last few weeks.
The configuration settings that prevented account creation had been removed. I added them back.
The debug data should not be displayed; it wasn't enabled in LocalSettings.php and I tried specifically disabling it with no luck. It looks like disabling account creation is working properly, so it's not a case of LocalSettings.php not being loaded somehow. It must be caused by something else, but I couldn't say what.
I'm on travel this weekend and for the next few days so my ability to do much more will be limited. Hopefully Zacam and/or rev_posix can look into this in the meantime. We do have backups, so rolling it back sounds like the best option to me.
Yeah, that debug stuff has been there a few days. I just assumed it was you guys doing something server-move related (wiki is outputting debug stuff to spoilered text lines on every wiki page).
FFS, there is a big blue newspost for a reason. "If you see anything that isn't working, please let us know."
To my mind, that's still within the realm of "working properly", as I can put up with it and it remains functional. I was a bit concerned at first, but I figured someone who knows about web dev would have noticed it if it wasn't intentional (bad assumption, I know; in hindsight, those were probably busy doing other things besides editing the wiki. My very bad, I shall now go sit in the corner by the air ducts with my lunch bag. :( )
-
No response from rev_posix in the last week. ¯\_(ツ)_/¯ And the spammers are still coming.
I'm mostly back online but it will be several days before the wiki is fully fixed. Whatever happened really screwed things up.
-
Ug, sorry peeps, been sick this past week, work as always (funny how the xmas 'freeze' time often seems to be the busiest times of the year)...
I'm not sure what happened with the wiki, it is possible that the fixed version was accidentally reverted when experimentation was being done to get it to run over SSL.
Any future work will have confirmed backups in place, which reminds me, I need to adjust the rsync stuff to reflect the new directory structure.
-
As of today, the debug stuff has been combined with missing images now. Well, the GTVA thought they had proven their technological superiory as well and then the Juggernauts started jumping in ;-)
-
I specifically disabled debug messages and I also specifically disabled account creation. It's like LocalSettings.php isn't even being loaded.
I hope to have more time to look at this in the next few days.
-
I specifically disabled debug messages and I also specifically disabled account creation. It's like LocalSettings.php isn't even being loaded.
I hope to have more time to look at this in the next few days.
I checked this, and it's reading the LocalSettings file. If new accounts are still being made, I can only think that somehow, the bots might have set up a bogus account and got rights on it to make new ones? I don't have an account on it myself to look at the UI and see, but I can get into the backend and edit the settings file...
So, I've added some lines and adjusted the section that was added:
# Only users with accounts four days old or older can create pages
# Requires MW 1.6 or higher.
$wgGroupPermissions['*' ]['createpage'] = false;
$wgGroupPermissions['user' ]['createpage'] = false;
$wgGroupPermissions['autoconfirmed']['createpage'] = true;
# Prevent new user registrations except by sysops
$wgGroupPermissions['*']['createaccount'] = false;
#This will stop sysops from creating accounts as well
$wgGroupPermissions['sysop']['createaccount'] = false;
Starts on line 143 of the file. It's a kind of emergency setting, but should prevent any new accounts being made until it can be better cleaned up.
As for the debug stuff, it looks like it was turned up in the php.ini as well. I changed those settings and reloaded apache and the php module. But I see there is something still printing it up. I'll poke around and see if I can find it
EDIT: Found it in the index.php. Changed. Post the URL if it still shows up anywhere.