On 11/23/2012 04:20, jan iversen wrote:
I am happy for the help, Clayton has already giving me lot of information,
instead of me having to dig it out. It is also securing to have a helping
hand in the background who know our wiki very well.
Is there a gentle way, to make Infra do the last bit, so I can get access,
as far as I can see it is 2 simple things:
- Copy my ssh public key to the wiki server
- Provide the mysql root password
I am a bit afraid of this long US weekend, and hope we do not have to wait
until next week.
Jan.
Report from the trenches: the spam is getting no worse, but no better
either. The wonderful crew of volunteers (I play only a small part) is
getting it all. Max spam page lifetime is about an hour; typical is only
a few minutes. We may be humans fighting bots, but we're winning — or at
least not losing. ("John Henry said to the captain ...") I also fear the
long weekend.
The urgent items I see, first = most important:
1) "invitation only" fix to LocalSettings.php. This turns off the faucet.
2) SQL delete of all unused accounts (no contributions in any space).
This eliminates the spammers' backlog of new accounts, so we sysops
don't have to block them one at a time. This will hit a lot of old
accounts, too. Good; that's overdue. It is possible that a few
legitimate accounts could be hit, but contributors normally go right in
and fix something, and/or create their user pages, so those accounts
should be exempt.
Other items can be dealt with at leisure:
3) Deleting all blocked accounts, the blocks themselves, and any
associated deleted pages. This is a trash clean-up. It removes any
backscatter left over from the anti-spam effort, and recovers a minor
amount of space.
4) Upgrades, extensions, better spam prevention, &c.
/tj/
On 23 November 2012 09:00, C <smau...@gmail.com> wrote:
On Fri, Nov 23, 2012 at 1:16 AM, Andrea Pescetti <pesce...@apache.org>
wrote:
Thanks Clayton, you probably know the inner details of our Mediawiki
configuration better than most people here, so it is great that you are
going to coordinate with Jan to neutralize this attack.
Jan will be leading the defense. I'll be hanging around more in the
background trying to explain why things are wonky with historical
configuration :-)
The Spam problem can definitely be delt with... just takes a bit of
time to sort things out, do a few upgrades and a few configuration
tweaks.
Meanwhile anyone with current Wiki Admin rights is welcome to scan the
"Recent changes" on the Wiki once in a while and:
- Delete Spam pages (created 1 page every 2 minutes on average)
- Block the spam accounts (I would suggest that you do not block IP
address, a check box on the block page, because you risk blocking
legit users on dynamic IPs)
Clayton
