[OpenStack-Infra] Wiki.o.o sustaining spam attack

Elizabeth K. Joseph lyz at princessleia.com
Wed Feb 17 20:21:10 UTC 2016


On Mon, Feb 15, 2016 at 7:46 AM, Jeremy Stanley <fungi at yuggoth.org> wrote:
> On 2016-02-15 09:04:41 -0600 (-0600), JP Maxwell wrote:
>> Tom, yes we can probably help. Do you want to ping me off list -
>> need to get some more info about how it is setup / version
>> controlled / deployed / etc.
>
> Our openstack_project::wiki class[1] calls into our mediawiki Puppet
> module[2]. Ryan Lane set up and maintained most of this for us while
> he was at WMF, but since he's moved on to other things it's fallen
> into some disuse so assistance is appreciated!
>
> [1] http://git.openstack.org/cgit/openstack-infra/system-config/tree/modules/openstack_project/manifests/wiki.pp
> [2] http://git.openstack.org/cgit/openstack-infra/puppet-mediawiki/tree/

As Jeremy points out, our infrastructure is all open source so I'd
prefer to keep this discussion here on the list so we can all pitch
in. I don't see any active patches for this yet (please let me know if
I've missed anything).

Another data point: Canonical IS also uses Launchpad authentication,
like we do, for edits to their Ubuntu wikis and have been hit pretty
hard by spammers this week (initial attacks go back to December). They
are on MoinMoin, we're on Mediawiki, so wiki-side anti-spam proposals
will differ, but I've been keeping an eye on any solutions they may
propose for altering how SSO is being handled for their wiki to
perhaps shut these spammers down before they get a chance to edit.

-- 
Elizabeth Krumbach Joseph || Lyz || pleia2



More information about the OpenStack-Infra mailing list