[EM] wiki emergency: home page hacked (and maybe more)
Abd ul-Rahman Lomax
abd at lomaxdesign.com
Tue Aug 30 14:01:47 PDT 2005
At 02:38 PM 8/30/2005, Rob Lanphier wrote:
>It's fixed now, and the IP is blocked.
Wikis which enjoy a large number of technically sophisticated users
who can monitor and fix such problems (and perhaps pursue the
spammers) can afford, perhaps, to leave access completely open. Open
access *may* encourage more participation. But it is not clear;
registration is pretty simple, about as simple as subscribing to a
mailing list is nowadays, now that lists have required validations to
avoid abuse of the lists by spammers.
When I look at the access logs, I can see that the wiki is constantly
being scanned by bots. Most of these are probably benign, they are
scouts for the search engines. But that same technology is being used
by the spammers....
>Not sure what the sluggishness you saw was. It was pretty zippy for me.
It may have been a problem with the wireless network I'm using from here....
>I wouldn't refer to this as a "hack" (you had me worried for a sec). A
>"hack" would be a case where someone circumvented the security measures
>in place.
Technically, yes. But since there are few security measures in place....
> Since anyone can edit a wiki, they were doing something they
>were permitted to do under the security policy. "Vandalism" or "spam"
>are more appropriate descriptions.
Yes. Sorry if I gave you a fright.
Since I switched to required-registration mode, the only spammer
activity I've seen is on the Sandbox, which is open-access. (Not
configurable to close it, as far as I could tell, but relatively
harmless, compared to the hijacking of the home page....) And then
activity is also automatically "signed."
But I really don't know how many comments have not been posted
because users did not want to register....
Hmm.... maybe I could set up an account that users could use to log
in if they want to be anonymous or just want to post immediately,
don't want to register. They would still have to log in, which would
defeat the spammers, at least for now. There would still be IP access
records, the only risk would be from human vandals, which is not high.
More information about the Election-Methods
mailing list