[OpenStack-Infra] Wiki.o.o sustaining spam attack

Marton Kiss marton.kiss at gmail.com
Fri Feb 26 13:45:50 UTC 2016


Yeah, I'm waiting for my ssh access, it will arrive soon, so I can do a
proper clone of the site. Anyway it is interesting that mediawiki is
rendering a different output based on user agent.

M.

On Fri, Feb 26, 2016 at 2:41 PM JP Maxwell <jp at tipit.net> wrote:

> Marton
>
> Make sure you are using the right upstream repository. They are in version
> 1.25. Check out: https://wiki.openstack.org/wiki/Special:Version
>
> Not that it shouldn't all be upgraded ;) be aware there seem to be config
> file formatting differences in the latest version vs 1.25 as well.
>
> J.P. Maxwell | tipit.net | fibercove.com
> On Feb 26, 2016 4:35 AM, "Marton Kiss" <marton.kiss at gmail.com> wrote:
>
>> I've deployed the mediawiki using our puppet modules to my dev machine,
>> and we have more problems here:
>> [image: The MediaWiki logo] MediaWiki 1.27 internal error
>>
>> MediaWiki 1.27 requires at least PHP version 5.5.9, you are using PHP
>> 5.3.10-1ubuntu3.21.
>> Supported PHP versions
>>
>> Please consider upgrading your copy of PHP
>> <http://www.php.net/downloads.php>. PHP versions less than 5.5.0 are no
>> longer supported by the PHP Group and will not receive security or bugfix
>> updates.
>>
>> If for some reason you are unable to upgrade your PHP version, you will
>> need to download <https://www.mediawiki.org/wiki/Download> an older
>> version of MediaWiki from our website. See our compatibility page
>> <https://www.mediawiki.org/wiki/Compatibility#PHP> for details of which
>> versions are compatible with prior versions of PHP.
>>
>> The wiki.o.o seems to be running on precise, meanwhile the git consumed
>> repo simply not supporting the PHP version provided there.
>>
>> M.
>>
>> On Fri, Feb 26, 2016 at 5:19 AM JP Maxwell <jp at tipit.net> wrote:
>>
>>> Is it an option to put the question back to an impossible answer for
>>> even a little while? I think it would be very telling if the spam continues
>>> then there may be an exploit possibly tied to the launchpad SSO.  It would
>>> at least give a clue where to focus.
>>>
>>> J.P. Maxwell | tipit.net | fibercove.com
>>> On Feb 25, 2016 10:10 PM, "Elizabeth K. Joseph" <lyz at princessleia.com>
>>> wrote:
>>>
>>>> On Thu, Feb 25, 2016 at 6:35 AM, Jeremy Stanley <fungi at yuggoth.org>
>>>> wrote:
>>>> > On 2016-02-25 02:46:13 -0600 (-0600), JP Maxwell wrote:
>>>> >> Please be aware that you can now create accounts under the mobile
>>>> >> view in the wiki native user table. I just created an account for
>>>> >> JpMaxMan.  Not sure if this matters but wanted to make sure you
>>>> >> were aware.
>>>> >
>>>> > Oh, yes I think having a random garbage question/answer was in fact
>>>> > previously preventing account creation under the mobile view. We
>>>> > probably need a way to disable mobile view account creation as it
>>>> > bypasses OpenID authentication entirely.
>>>>
>>>> So that's what it was doing! We'll have to tackle the mobile view issue.
>>>>
>>>> Otherwise, quick update here:
>>>>
>>>> The captcha didn't appear to help stem the spam tide. We'll want to
>>>> explore and start implementing some of the other solutions.
>>>>
>>>> I did some database poking around today and it does seem like all the
>>>> users do have launchpad accounts and email addresses.
>>>>
>>>> --
>>>> Elizabeth Krumbach Joseph || Lyz || pleia2
>>>>
>>> _______________________________________________
>>> OpenStack-Infra mailing list
>>> OpenStack-Infra at lists.openstack.org
>>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-infra
>>>
>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-infra/attachments/20160226/73d30a36/attachment.html>


More information about the OpenStack-Infra mailing list