[OpenStack-Infra] Wiki.o.o sustaining spam attack

Marton Kiss marton.kiss at gmail.com
Tue Feb 23 09:40:23 UTC 2016


Tom,

I can help in infra contribution if required, but don't expect a quick
resolution, as the infra team is hell overloaded. This is the process:
- setup the same wiki in local dev env using infra puppet to make sure we
are not breaking anything irreversible in production
- create the patch
- deliver the patch to ci
- nagging infra core reviewers (hardest part)
- we can beg for an account to execute cleanup scripts to remove spam
content automagically

Cheers,
Marton
JP Maxwell <jp at tipit.net> (időpont: 2016. febr. 23., K, 8:59) ezt írta:

> One final thought, I recall on the mobile view there is a secret word
> request in the account creation page:
>
>
> https://wiki.openstack.org/w/index.php?title=Special:UserLogin&type=signup&returnto=Main+Page&returntoquery=mobileaction%3Dtoggle_view_mobile%26welcome%3Dyes
>
> So, this is probably already setup.  It's possible you only need to add
> the triggers.   Though I might make the question something a human could
> reasonably figure out if you want people to continue to be able to edit the
> wiki in the meantime:
>
>
> $wgCaptchaTriggers['edit']          = true;
> $wgCaptchaTriggers['create']        = true;
>
> J.P. Maxwell / tipit.net <http://www.tipit.net>
>
>
> On Tue, Feb 23, 2016 at 1:48 AM, JP Maxwell <jp at tipit.net> wrote:
>
>> Hah. Well, I'm not entirely sure how this is setup to manage code
>> changes.  I looked in GitHub and just see the puppet configs.  Not sure
>> where or how I could push changes into LocalSettings.php, otherwise I'd be
>> happy to do it :D   Gotta catch a little rest now, but will check in on
>> this in a few hours.
>>
>> J.P. Maxwell / tipit.net <http://www.tipit.net>
>>
>>
>> On Tue, Feb 23, 2016 at 1:43 AM, Tom Fifield <tom at openstack.org> wrote:
>>
>>> Cheers, that's exactly what we need someone to do.
>>>
>>>
>>> On 23/02/16 15:34, JP Maxwell wrote:
>>>
>>>> OK - so per the info here, you have to set the type of Captcha and add
>>>> in editing and create page as triggers requiring Captcha.
>>>>
>>>> As an example to use QuestyCaptcha a the bottom of the LocalSettings.php
>>>> file:
>>>>
>>>> https://www.mediawiki.org/wiki/Extension:ConfirmEdit#QuestyCaptcha
>>>>
>>>> And make sure the triggers are set:
>>>>
>>>> https://www.mediawiki.org/wiki/Extension:ConfirmEdit#Configuration
>>>>
>>>> So, for example (you might want to change the questions), but the below
>>>> should at least stop the bleeding?
>>>>
>>>> require_once "$IP/extensions/ConfirmEdit/ConfirmEdit.php";
>>>>
>>>> // Use this line ONLY if your MediaWiki version is 1.25 or newer:
>>>> //wfLoadExtension( 'ConfirmEdit/QuestyCaptcha' );
>>>> // Use this line ONLY if your MediaWiki version is older than 1.25:
>>>> require_once "$IP/extensions/ConfirmEdit/QuestyCaptcha.php";
>>>>
>>>> $wgCaptchaClass = 'QuestyCaptcha';
>>>>
>>>> // Add your questions in LocalSettings.php using this format
>>>> $wgCaptchaQuestions[] = array( 'question' => "A question?", 'answer' =>
>>>> "An Answer");
>>>> $wgCaptchaQuestions[] = array( 'question' => 'How much wood would a
>>>> woodchuck chuck if a woodchuck could chuck wood?', 'answer' => 'as much
>>>> wood as...' );
>>>> $wgCaptchaQuestions[] = array( 'question' => "What is this wiki's
>>>> name?", 'answer' => "$wgSitename" );
>>>> // You can also provide several acceptable answers to a given question
>>>> (the answers shall be in lowercase):
>>>> $wgCaptchaQuestions[] = array( 'question' => "2 + 2 ?", 'answer' =>
>>>> array( '4', 'four' ) );
>>>>
>>>> $wgCaptchaTriggers['edit']          = true;
>>>> $wgCaptchaTriggers['create']        = true;
>>>>
>>>>
>>>> J.P. Maxwell / tipit.net <http://www.tipit.net>
>>>>
>>>>
>>>> On Tue, Feb 23, 2016 at 12:55 AM, Tom Fifield <tom at openstack.org
>>>> <mailto:tom at openstack.org>> wrote:
>>>>
>>>>     For wiki.o.o, I believe this is at:
>>>>
>>>>     https://wiki.openstack.org/wiki/Special:Version
>>>>
>>>>     On 23/02/16 14:51, JP Maxwell wrote:
>>>>
>>>>         I did setup a wiki and have a look at this briefly.   Can you
>>>>         confirm
>>>>         what extensions you are loading?  When you setup the wiki it
>>>>         generates a
>>>>         localsettings.php file that lists the extensions:
>>>>
>>>>
>>>>
>>>>         Inline image 1
>>>>
>>>>         # Enabled Extensions. Most extensions are enabled by including
>>>>         the base
>>>>         extension file here
>>>>         # but check specific extension documentation for more details
>>>>         # The following extensions were automatically enabled:
>>>>         wfLoadExtension( 'ConfirmEdit' );
>>>>         wfLoadExtension( 'InputBox' );
>>>>         wfLoadExtension( 'SpamBlacklist' );
>>>>         wfLoadExtension( 'TitleBlacklist' );
>>>>         wfLoadExtension( 'WikiEditor' );
>>>>
>>>>         I think if you have that ConfirmEdit extension you can enable
>>>>         captcha
>>>>         when creating new pages / editing existing ones.  In addition,
>>>>         there do
>>>>         seem to be some spam extensions that come built in.
>>>>
>>>>
>>>>
>>>
>>
> _______________________________________________
> OpenStack-Infra mailing list
> OpenStack-Infra at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-infra
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-infra/attachments/20160223/2a73197f/attachment-0001.html>


More information about the OpenStack-Infra mailing list