[OpenStack-Infra] Wiki.o.o sustaining spam attack

Paul Belanger pabelanger at redhat.com
Fri Feb 26 15:15:22 UTC 2016


On Fri, Feb 26, 2016 at 10:34:56AM +0000, Marton Kiss wrote:
> I've deployed the mediawiki using our puppet modules to my dev machine, and
> we have more problems here:
> [image: The MediaWiki logo] MediaWiki 1.27 internal error
> 
> MediaWiki 1.27 requires at least PHP version 5.5.9, you are using PHP
> 5.3.10-1ubuntu3.21.
> Supported PHP versions
> 
> Please consider upgrading your copy of PHP
> <http://www.php.net/downloads.php>. PHP versions less than 5.5.0 are no
> longer supported by the PHP Group and will not receive security or bugfix
> updates.
> 
> If for some reason you are unable to upgrade your PHP version, you will
> need to download <https://www.mediawiki.org/wiki/Download> an older version
> of MediaWiki from our website. See our compatibility page
> <https://www.mediawiki.org/wiki/Compatibility#PHP> for details of which
> versions are compatible with prior versions of PHP.
> 
> The wiki.o.o seems to be running on precise, meanwhile the git consumed
> repo simply not supporting the PHP version provided there.
> 
So, wiki.o.o is running precise and already on my radar to upgrade. I can do the
leg work to stand up wiki-dev.o.o on trusty, if others would like to tackle the
migration plan for the database (mediawiki).  Ideally we should have the latest
stable release trusty support.

> M.
> 
> On Fri, Feb 26, 2016 at 5:19 AM JP Maxwell <jp at tipit.net> wrote:
> 
> > Is it an option to put the question back to an impossible answer for even
> > a little while? I think it would be very telling if the spam continues then
> > there may be an exploit possibly tied to the launchpad SSO.  It would at
> > least give a clue where to focus.
> >
> > J.P. Maxwell | tipit.net | fibercove.com
> > On Feb 25, 2016 10:10 PM, "Elizabeth K. Joseph" <lyz at princessleia.com>
> > wrote:
> >
> >> On Thu, Feb 25, 2016 at 6:35 AM, Jeremy Stanley <fungi at yuggoth.org>
> >> wrote:
> >> > On 2016-02-25 02:46:13 -0600 (-0600), JP Maxwell wrote:
> >> >> Please be aware that you can now create accounts under the mobile
> >> >> view in the wiki native user table. I just created an account for
> >> >> JpMaxMan.  Not sure if this matters but wanted to make sure you
> >> >> were aware.
> >> >
> >> > Oh, yes I think having a random garbage question/answer was in fact
> >> > previously preventing account creation under the mobile view. We
> >> > probably need a way to disable mobile view account creation as it
> >> > bypasses OpenID authentication entirely.
> >>
> >> So that's what it was doing! We'll have to tackle the mobile view issue.
> >>
> >> Otherwise, quick update here:
> >>
> >> The captcha didn't appear to help stem the spam tide. We'll want to
> >> explore and start implementing some of the other solutions.
> >>
> >> I did some database poking around today and it does seem like all the
> >> users do have launchpad accounts and email addresses.
> >>
> >> --
> >> Elizabeth Krumbach Joseph || Lyz || pleia2
> >>
> > _______________________________________________
> > OpenStack-Infra mailing list
> > OpenStack-Infra at lists.openstack.org
> > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-infra
> >

> _______________________________________________
> OpenStack-Infra mailing list
> OpenStack-Infra at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-infra




More information about the OpenStack-Infra mailing list