Hello, Patrick! At 02:15 AM 10/10/2005, Patrick Gundlach wrote:
What, other than firefighting, is the right way to deal with this in the future?
When I woke up this morning, I thought that I can just reinstall a database backup from the day before the attack started. This would make any of our reverting lost, but also the spam. Was there any 'good' change in the wiki since the last few days? I guess, no.
That seems like a good idea, indeed. Here's what I found for "good" changes: I made a tiny typo correction on the Installation Hints page (a period after the 2004 in the "General Hints" section.) On Oct. 6, an anonymous user (80.117.100.56) changed the Typescripts page to add "[gentium]" to the first \typescripts line in the first example of each section, making them % load mapfile \starttypescript [map] [gentium] [\defaultencoding] \loadmapfile [\defaultencoding-sil-gentium.map] and % and then use that data within the typescript: \starttypescript [map] [gentium] [ec,texnansi,8r,t5,t2a,t2b,qx] \loadmapfile [\typescripttwo-sil-gentium.map] Other than those -- which will be easy to put back if needed -- the most recent "real" change was Taco's extra information on User:Taco/Bib on September 30th.
be to add invisible links to the end of the Wiki pages, and the text-deletion seems merely a side-effect of very badly-programmed bots.
Actually, I think that the page deletion is part of the game. I have no clue what to do with the spamming. So far it was quite ok to remove the spamming by hand. But this is beyond manual work that can be done in a minute or two. I could make only logged-in users change pages and validate the email address or approve new users by hand. But this, IMO, violates the principal that makes the wiki so efficient.
Indeed; I agree. I'm pretty sure that this could have been blocked after the fact if we had the ability to block on certain bits of text in the edit -- for instance, nearly all of these edits were adding a "<div>" tag, so blocking text containing "<div>" tags would probably have stopped it. (Ideally, we'd do the blocking after the text gets wikified, so that any "<div>" tags in code blocks get converted to "%lt;div>" and thus not blocked....) Incidentally, if you do a Google search on the bits of text that this spammer is including ("WTHPD1"), you'll find thousands of other Wikis that have identical additions. - Brooks