[OpenStack-Infra] Wiki.o.o sustaining spam attack

Marton Kiss marton.kiss at gmail.com
Tue Feb 23 15:00:22 UTC 2016 

It is using the openstack-infra's puppet-mediawiki module, and for first
sight this setting seems to be unmanaged by puppet. I not found any related
entries in system-config's wiki.pp. Would be great to ssh in, but just an
infra core have access for this instance. Maybe we could replace rlane's
account with mine, he is not maintaining the server as I know, but infra
reviewers used to refuse those changes. As I see this LocalSettings.php was
generated during the application installation process, but it could be
moved somehow to puppet modules.

I don't have this experience with mediawiki, but I think it is a typical
php app, and if it not implements an anti-pattern, we can add the config
file to puppet. But first of all we need to retrieve the existing file from
an infra member.

M.

On Tue, Feb 23, 2016 at 3:31 PM JP Maxwell <jp at tipit.net> wrote:

> Thanks Marton. So is there a Git repo for the code or are you just relying
> on an upstream wiki media repository directly?  If so is this setting file
> populated by puppet or unmanaged?
>
> If the latter I would suggest we just ssh in and make the change to the
> file as the  wiki is being effectively owned by the spammers otherwise.
>
> Happy to do this or work with somebody on this...
>
> J.P. Maxwell | tipit.net | fibercove.com
> On Feb 23, 2016 3:40 AM, "Marton Kiss" <marton.kiss at gmail.com> wrote:
>
>> Tom,
>>
>> I can help in infra contribution if required, but don't expect a quick
>> resolution, as the infra team is hell overloaded. This is the process:
>> - setup the same wiki in local dev env using infra puppet to make sure we
>> are not breaking anything irreversible in production
>> - create the patch
>> - deliver the patch to ci
>> - nagging infra core reviewers (hardest part)
>> - we can beg for an account to execute cleanup scripts to remove spam
>> content automagically
>>
>> Cheers,
>> Marton
>> JP Maxwell <jp at tipit.net> (időpont: 2016. febr. 23., K, 8:59) ezt írta:
>>
>>> One final thought, I recall on the mobile view there is a secret word
>>> request in the account creation page:
>>>
>>>
>>> https://wiki.openstack.org/w/index.php?title=Special:UserLogin&type=signup&returnto=Main+Page&returntoquery=mobileaction%3Dtoggle_view_mobile%26welcome%3Dyes
>>>
>>> So, this is probably already setup.  It's possible you only need to add
>>> the triggers.   Though I might make the question something a human could
>>> reasonably figure out if you want people to continue to be able to edit the
>>> wiki in the meantime:
>>>
>>>
>>> $wgCaptchaTriggers['edit']          = true;
>>> $wgCaptchaTriggers['create']        = true;
>>>
>>> J.P. Maxwell / tipit.net <http://www.tipit.net>
>>>
>>>
>>> On Tue, Feb 23, 2016 at 1:48 AM, JP Maxwell <jp at tipit.net> wrote:
>>>
>>>> Hah. Well, I'm not entirely sure how this is setup to manage code
>>>> changes.  I looked in GitHub and just see the puppet configs.  Not sure
>>>> where or how I could push changes into LocalSettings.php, otherwise I'd be
>>>> happy to do it :D   Gotta catch a little rest now, but will check in on
>>>> this in a few hours.
>>>>
>>>> J.P. Maxwell / tipit.net <http://www.tipit.net>
>>>>
>>>>
>>>> On Tue, Feb 23, 2016 at 1:43 AM, Tom Fifield <tom at openstack.org> wrote:
>>>>
>>>>> Cheers, that's exactly what we need someone to do.
>>>>>
>>>>>
>>>>> On 23/02/16 15:34, JP Maxwell wrote:
>>>>>
>>>>>> OK - so per the info here, you have to set the type of Captcha and add
>>>>>> in editing and create page as triggers requiring Captcha.
>>>>>>
>>>>>> As an example to use QuestyCaptcha a the bottom of the
>>>>>> LocalSettings.php
>>>>>> file:
>>>>>>
>>>>>> https://www.mediawiki.org/wiki/Extension:ConfirmEdit#QuestyCaptcha
>>>>>>
>>>>>> And make sure the triggers are set:
>>>>>>
>>>>>> https://www.mediawiki.org/wiki/Extension:ConfirmEdit#Configuration
>>>>>>
>>>>>> So, for example (you might want to change the questions), but the
>>>>>> below
>>>>>> should at least stop the bleeding?
>>>>>>
>>>>>> require_once "$IP/extensions/ConfirmEdit/ConfirmEdit.php";
>>>>>>
>>>>>> // Use this line ONLY if your MediaWiki version is 1.25 or newer:
>>>>>> //wfLoadExtension( 'ConfirmEdit/QuestyCaptcha' );
>>>>>> // Use this line ONLY if your MediaWiki version is older than 1.25:
>>>>>> require_once "$IP/extensions/ConfirmEdit/QuestyCaptcha.php";
>>>>>>
>>>>>> $wgCaptchaClass = 'QuestyCaptcha';
>>>>>>
>>>>>> // Add your questions in LocalSettings.php using this format
>>>>>> $wgCaptchaQuestions[] = array( 'question' => "A question?", 'answer'
>>>>>> =>
>>>>>> "An Answer");
>>>>>> $wgCaptchaQuestions[] = array( 'question' => 'How much wood would a
>>>>>> woodchuck chuck if a woodchuck could chuck wood?', 'answer' => 'as
>>>>>> much
>>>>>> wood as...' );
>>>>>> $wgCaptchaQuestions[] = array( 'question' => "What is this wiki's
>>>>>> name?", 'answer' => "$wgSitename" );
>>>>>> // You can also provide several acceptable answers to a given question
>>>>>> (the answers shall be in lowercase):
>>>>>> $wgCaptchaQuestions[] = array( 'question' => "2 + 2 ?", 'answer' =>
>>>>>> array( '4', 'four' ) );
>>>>>>
>>>>>> $wgCaptchaTriggers['edit']          = true;
>>>>>> $wgCaptchaTriggers['create']        = true;
>>>>>>
>>>>>>
>>>>>> J.P. Maxwell / tipit.net <http://www.tipit.net>
>>>>>>
>>>>>>
>>>>>> On Tue, Feb 23, 2016 at 12:55 AM, Tom Fifield <tom at openstack.org
>>>>>> <mailto:tom at openstack.org>> wrote:
>>>>>>
>>>>>>     For wiki.o.o, I believe this is at:
>>>>>>
>>>>>>     https://wiki.openstack.org/wiki/Special:Version
>>>>>>
>>>>>>     On 23/02/16 14:51, JP Maxwell wrote:
>>>>>>
>>>>>>         I did setup a wiki and have a look at this briefly.   Can you
>>>>>>         confirm
>>>>>>         what extensions you are loading?  When you setup the wiki it
>>>>>>         generates a
>>>>>>         localsettings.php file that lists the extensions:
>>>>>>
>>>>>>
>>>>>>
>>>>>>         Inline image 1
>>>>>>
>>>>>>         # Enabled Extensions. Most extensions are enabled by including
>>>>>>         the base
>>>>>>         extension file here
>>>>>>         # but check specific extension documentation for more details
>>>>>>         # The following extensions were automatically enabled:
>>>>>>         wfLoadExtension( 'ConfirmEdit' );
>>>>>>         wfLoadExtension( 'InputBox' );
>>>>>>         wfLoadExtension( 'SpamBlacklist' );
>>>>>>         wfLoadExtension( 'TitleBlacklist' );
>>>>>>         wfLoadExtension( 'WikiEditor' );
>>>>>>
>>>>>>         I think if you have that ConfirmEdit extension you can enable
>>>>>>         captcha
>>>>>>         when creating new pages / editing existing ones.  In addition,
>>>>>>         there do
>>>>>>         seem to be some spam extensions that come built in.
>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>>
>>> _______________________________________________
>>> OpenStack-Infra mailing list
>>> OpenStack-Infra at lists.openstack.org
>>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-infra
>>>
>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-infra/attachments/20160223/eb307a7a/attachment-0001.html>

More information about the OpenStack-Infra mailing list