Brooks Moses wrote:
So, the dust seems to have settled from that last batch of spamming. I've got everything recovered, I think.... (Except for the pages that need deleting.)
Thus, a few thoughts:
It occurs to me that the reason my "URGENT" emails haven't had any response from the Wiki administrators is that you're all in Europe, and probably in bed asleep right now! Thus: Would it be useful to give me administrative privileges on the Wiki, so that I could do damage control if something like this arises again at this sort of hour?
sounds ok to me
What, other than firefighting, is the right way to deal with this in the future? This particular attack consisted of (to date) three different waves of about 50 edits each; most of these came from a logged-in user, so I can't tell what IP addresses were being used, but a number of the edits weren't logged in. Those edits came, nearly simultaneously, from several dozen different IP addresses, with only one or two from each -- clearly, blocking by IP address is not going to solve the problem.
hm, a pitty
Incidentally, from that (and the actual character of the edits), I'm fairly sure that what's going on is not a real user making the edits, but a series of bots on a number of compromised computers. I seriously doubt the intent is sabotage as such; the intent appears to be to add invisible links to the end of the Wiki pages, and the text-deletion seems merely a side-effect of very badly-programmed bots.
maybe wiki's need some spam testing features; maybe an option is to use different internal tags (id in html pages) for the edit buttons and such so that bots cannot trigger the right sequences Hans ----------------------------------------------------------------- Hans Hagen | PRAGMA ADE Ridderstraat 27 | 8061 GH Hasselt | The Netherlands tel: 038 477 53 69 | fax: 038 477 53 74 | www.pragma-ade.com | www.pragma-pod.nl -----------------------------------------------------------------