Hi, as can be seen by the recent changes page, this eastern we've had some heavy, most probably automated spam at jspwiki-wiki.a.o. Basically all of the dirt consisted on automated ways of seeking vulnerabilities (xss, database tampering, session hijacking, etc.). Luckily all of these vectors of attacks were previously reported and fixed, so nothing serious ended up happening.
However, there was a LOT of dirt that have to be manually removed. To avoid further situations like this, user account creation has been temporarily locked (userdatabase.xml has been made read only), and offending users removed, with the idea being to moderate user account creation, via workflow approval, and putting a policy to forbid page edition for anonymous users as well. Most defaced pages now have an ACL in place to allow edition only to users on Gardener or Admin groups, which will be applied as time permits to the documentation pages. Anyone wishing to improve the documentation is more than welcome, just please state on this list that you wish to be added to the Gardener group, or that you do want to improve our documentation and we'll gladly add you to this group. We'll note all of this on jspwiki-wiki.a.o and also here as soon as we're able to put in place the long-run solution. Of course, any other idea on how to proceed with this situation, and on how to balance it with regular users wishing to improve the wiki is more than welcome, please do answer back on list best regards, juan pablo
