[OpenStack-Infra] Wiki.o.o sustaining spam attack
JP Maxwell
jp at tipit.net
Tue Feb 23 14:31:11 UTC 2016
Thanks Marton. So is there a Git repo for the code or are you just relying
on an upstream wiki media repository directly? If so is this setting file
populated by puppet or unmanaged?
If the latter I would suggest we just ssh in and make the change to the
file as the wiki is being effectively owned by the spammers otherwise.
Happy to do this or work with somebody on this...
J.P. Maxwell | tipit.net | fibercove.com
On Feb 23, 2016 3:40 AM, "Marton Kiss" <marton.kiss at gmail.com> wrote:
> Tom,
>
> I can help in infra contribution if required, but don't expect a quick
> resolution, as the infra team is hell overloaded. This is the process:
> - setup the same wiki in local dev env using infra puppet to make sure we
> are not breaking anything irreversible in production
> - create the patch
> - deliver the patch to ci
> - nagging infra core reviewers (hardest part)
> - we can beg for an account to execute cleanup scripts to remove spam
> content automagically
>
> Cheers,
> Marton
> JP Maxwell <jp at tipit.net> (időpont: 2016. febr. 23., K, 8:59) ezt írta:
>
>> One final thought, I recall on the mobile view there is a secret word
>> request in the account creation page:
>>
>>
>> https://wiki.openstack.org/w/index.php?title=Special:UserLogin&type=signup&returnto=Main+Page&returntoquery=mobileaction%3Dtoggle_view_mobile%26welcome%3Dyes
>>
>> So, this is probably already setup. It's possible you only need to add
>> the triggers. Though I might make the question something a human could
>> reasonably figure out if you want people to continue to be able to edit the
>> wiki in the meantime:
>>
>>
>> $wgCaptchaTriggers['edit'] = true;
>> $wgCaptchaTriggers['create'] = true;
>>
>> J.P. Maxwell / tipit.net <http://www.tipit.net>
>>
>>
>> On Tue, Feb 23, 2016 at 1:48 AM, JP Maxwell <jp at tipit.net> wrote:
>>
>>> Hah. Well, I'm not entirely sure how this is setup to manage code
>>> changes. I looked in GitHub and just see the puppet configs. Not sure
>>> where or how I could push changes into LocalSettings.php, otherwise I'd be
>>> happy to do it :D Gotta catch a little rest now, but will check in on
>>> this in a few hours.
>>>
>>> J.P. Maxwell / tipit.net <http://www.tipit.net>
>>>
>>>
>>> On Tue, Feb 23, 2016 at 1:43 AM, Tom Fifield <tom at openstack.org> wrote:
>>>
>>>> Cheers, that's exactly what we need someone to do.
>>>>
>>>>
>>>> On 23/02/16 15:34, JP Maxwell wrote:
>>>>
>>>>> OK - so per the info here, you have to set the type of Captcha and add
>>>>> in editing and create page as triggers requiring Captcha.
>>>>>
>>>>> As an example to use QuestyCaptcha a the bottom of the
>>>>> LocalSettings.php
>>>>> file:
>>>>>
>>>>> https://www.mediawiki.org/wiki/Extension:ConfirmEdit#QuestyCaptcha
>>>>>
>>>>> And make sure the triggers are set:
>>>>>
>>>>> https://www.mediawiki.org/wiki/Extension:ConfirmEdit#Configuration
>>>>>
>>>>> So, for example (you might want to change the questions), but the below
>>>>> should at least stop the bleeding?
>>>>>
>>>>> require_once "$IP/extensions/ConfirmEdit/ConfirmEdit.php";
>>>>>
>>>>> // Use this line ONLY if your MediaWiki version is 1.25 or newer:
>>>>> //wfLoadExtension( 'ConfirmEdit/QuestyCaptcha' );
>>>>> // Use this line ONLY if your MediaWiki version is older than 1.25:
>>>>> require_once "$IP/extensions/ConfirmEdit/QuestyCaptcha.php";
>>>>>
>>>>> $wgCaptchaClass = 'QuestyCaptcha';
>>>>>
>>>>> // Add your questions in LocalSettings.php using this format
>>>>> $wgCaptchaQuestions[] = array( 'question' => "A question?", 'answer' =>
>>>>> "An Answer");
>>>>> $wgCaptchaQuestions[] = array( 'question' => 'How much wood would a
>>>>> woodchuck chuck if a woodchuck could chuck wood?', 'answer' => 'as much
>>>>> wood as...' );
>>>>> $wgCaptchaQuestions[] = array( 'question' => "What is this wiki's
>>>>> name?", 'answer' => "$wgSitename" );
>>>>> // You can also provide several acceptable answers to a given question
>>>>> (the answers shall be in lowercase):
>>>>> $wgCaptchaQuestions[] = array( 'question' => "2 + 2 ?", 'answer' =>
>>>>> array( '4', 'four' ) );
>>>>>
>>>>> $wgCaptchaTriggers['edit'] = true;
>>>>> $wgCaptchaTriggers['create'] = true;
>>>>>
>>>>>
>>>>> J.P. Maxwell / tipit.net <http://www.tipit.net>
>>>>>
>>>>>
>>>>> On Tue, Feb 23, 2016 at 12:55 AM, Tom Fifield <tom at openstack.org
>>>>> <mailto:tom at openstack.org>> wrote:
>>>>>
>>>>> For wiki.o.o, I believe this is at:
>>>>>
>>>>> https://wiki.openstack.org/wiki/Special:Version
>>>>>
>>>>> On 23/02/16 14:51, JP Maxwell wrote:
>>>>>
>>>>> I did setup a wiki and have a look at this briefly. Can you
>>>>> confirm
>>>>> what extensions you are loading? When you setup the wiki it
>>>>> generates a
>>>>> localsettings.php file that lists the extensions:
>>>>>
>>>>>
>>>>>
>>>>> Inline image 1
>>>>>
>>>>> # Enabled Extensions. Most extensions are enabled by including
>>>>> the base
>>>>> extension file here
>>>>> # but check specific extension documentation for more details
>>>>> # The following extensions were automatically enabled:
>>>>> wfLoadExtension( 'ConfirmEdit' );
>>>>> wfLoadExtension( 'InputBox' );
>>>>> wfLoadExtension( 'SpamBlacklist' );
>>>>> wfLoadExtension( 'TitleBlacklist' );
>>>>> wfLoadExtension( 'WikiEditor' );
>>>>>
>>>>> I think if you have that ConfirmEdit extension you can enable
>>>>> captcha
>>>>> when creating new pages / editing existing ones. In addition,
>>>>> there do
>>>>> seem to be some spam extensions that come built in.
>>>>>
>>>>>
>>>>>
>>>>
>>>
>> _______________________________________________
>> OpenStack-Infra mailing list
>> OpenStack-Infra at lists.openstack.org
>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-infra
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-infra/attachments/20160223/2ef26a79/attachment.html>
More information about the OpenStack-Infra
mailing list