[OpenStack-Infra] Wiki.o.o sustaining spam attack

JP Maxwell jp at tipit.net
Fri Feb 12 17:55:20 UTC 2016


Ahh - gotcha - makes sense.   Yes, it seems the mobile view wasn't modified
to use open ID sso.  Is it using an extension to accomplish this?  There
are a lot of auth extensions available (
https://www.mediawiki.org/wiki/Category:User_identity_extensions ).  Or was
it extended by hand?

J.P. Maxwell / tipit.net <http://www.tipit.net>


On Fri, Feb 12, 2016 at 11:16 AM, James E. Blair <corvus at inaugust.com>
wrote:

> Jeremy Stanley <fungi at yuggoth.org> writes:
>
> > On 2016-02-12 09:03:16 -0600 (-0600), JP Maxwell wrote:
> >> I don't think it currently used open ID as far as I can see from the
> login
> >> screen.  Could be mistaken though :)
> >>
> >>
> https://drive.google.com/file/d/0B47GGpF8-_XHb2JFeUVHTG4tTU0/view?usp=docslist_api
> >
> > Wow! That's interesting. I wonder if there's an auth hole in the
> > mobile browser support in Mediawiki? If you try to log in with a
> > normal browser it sends you to login.launchpad.net to do OpenID
> > authentication.
>
> There is a mobile/desktop toggle on the bottom of the page.  Clicking
> mobile and then clicking login takes me to:
>
>
> https://wiki.openstack.org/w/index.php?title=Special:UserLogin&returnto=Main+Page&returntoquery=mobileaction%3Dtoggle_view_mobile%26welcome%3Dyes
>
> -Jim
>
> _______________________________________________
> OpenStack-Infra mailing list
> OpenStack-Infra at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-infra
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-infra/attachments/20160212/5d48aa09/attachment.html>


More information about the OpenStack-Infra mailing list