[OpenStack-Infra] Wiki.o.o sustaining spam attack

JP Maxwell jp at tipit.net
Fri Feb 26 13:41:44 UTC 2016


Marton

Make sure you are using the right upstream repository. They are in version
1.25. Check out: https://wiki.openstack.org/wiki/Special:Version

Not that it shouldn't all be upgraded ;) be aware there seem to be config
file formatting differences in the latest version vs 1.25 as well.

J.P. Maxwell | tipit.net | fibercove.com
On Feb 26, 2016 4:35 AM, "Marton Kiss" <marton.kiss at gmail.com> wrote:

> I've deployed the mediawiki using our puppet modules to my dev machine,
> and we have more problems here:
> [image: The MediaWiki logo] MediaWiki 1.27 internal error
>
> MediaWiki 1.27 requires at least PHP version 5.5.9, you are using PHP
> 5.3.10-1ubuntu3.21.
> Supported PHP versions
>
> Please consider upgrading your copy of PHP
> <http://www.php.net/downloads.php>. PHP versions less than 5.5.0 are no
> longer supported by the PHP Group and will not receive security or bugfix
> updates.
>
> If for some reason you are unable to upgrade your PHP version, you will
> need to download <https://www.mediawiki.org/wiki/Download> an older
> version of MediaWiki from our website. See our compatibility page
> <https://www.mediawiki.org/wiki/Compatibility#PHP> for details of which
> versions are compatible with prior versions of PHP.
>
> The wiki.o.o seems to be running on precise, meanwhile the git consumed
> repo simply not supporting the PHP version provided there.
>
> M.
>
> On Fri, Feb 26, 2016 at 5:19 AM JP Maxwell <jp at tipit.net> wrote:
>
>> Is it an option to put the question back to an impossible answer for even
>> a little while? I think it would be very telling if the spam continues then
>> there may be an exploit possibly tied to the launchpad SSO.  It would at
>> least give a clue where to focus.
>>
>> J.P. Maxwell | tipit.net | fibercove.com
>> On Feb 25, 2016 10:10 PM, "Elizabeth K. Joseph" <lyz at princessleia.com>
>> wrote:
>>
>>> On Thu, Feb 25, 2016 at 6:35 AM, Jeremy Stanley <fungi at yuggoth.org>
>>> wrote:
>>> > On 2016-02-25 02:46:13 -0600 (-0600), JP Maxwell wrote:
>>> >> Please be aware that you can now create accounts under the mobile
>>> >> view in the wiki native user table. I just created an account for
>>> >> JpMaxMan.  Not sure if this matters but wanted to make sure you
>>> >> were aware.
>>> >
>>> > Oh, yes I think having a random garbage question/answer was in fact
>>> > previously preventing account creation under the mobile view. We
>>> > probably need a way to disable mobile view account creation as it
>>> > bypasses OpenID authentication entirely.
>>>
>>> So that's what it was doing! We'll have to tackle the mobile view issue.
>>>
>>> Otherwise, quick update here:
>>>
>>> The captcha didn't appear to help stem the spam tide. We'll want to
>>> explore and start implementing some of the other solutions.
>>>
>>> I did some database poking around today and it does seem like all the
>>> users do have launchpad accounts and email addresses.
>>>
>>> --
>>> Elizabeth Krumbach Joseph || Lyz || pleia2
>>>
>> _______________________________________________
>> OpenStack-Infra mailing list
>> OpenStack-Infra at lists.openstack.org
>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-infra
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-infra/attachments/20160226/694b4813/attachment.html>


More information about the OpenStack-Infra mailing list