hi johannes, thank you for your quick reply. On Mon, Apr 27, 2009 at 07:37:41PM +0200, Johannes Stezenbach wrote: > On Mon, Apr 27, 2009 at 06:43:21PM +0200, H. Langos wrote: > > > > Yesterday a stupid kid vandalized a bunch of pages on the linuxtv wiki and > > a sysop locked to database to undo the damage. > ... > The damage was done by a bot script and it affected as many pages > as the edit rate limiter would allow it to do until I noticed it. > If you search for "GRAWP'S MASSIVE" you'll see this is not > limited to linuxtv.org. ah, ok .. so it is a stupid kid with scripting knowledge. :-) > > Anyway .. Now, after about 24h the wiki is still locked. > > Any reason for that? > > It is locked until I had time to take measures to prevent > similar damage from happening again right away. I'm > open to suggestions if someone has experience with this. first of all. please, replace "sigh..." with a more informative locking message. the next step would be to update the mediwiki software to 1.11.1 if you have $wgEnableAPI = true, that is. (i know it is only a XSS that hits internet explorer users .. but hey, they are people, too ;-) if i remember right, the linuxtv wiki only allows editing to registered users. therefore you could simply temporarily disable new user registration and enable editing again for registered users. then i'd suggest installing the reCAPTCHA extention. not only will it prevent bots from registering, you also help to digitize old books. http://recaptcha.net/plugins/mediawiki/ with that in place you can re-enable new user registration. you can even make logins optional and require captcha solving for anonymous edits. this would probably improve the wiki in general as new users would not jump through yet another loop just in order to help other users... i know, new users can cost more time than they are worth but hope springs eternaly :-) cheers -henrik -- To unsubscribe from this list: send the line "unsubscribe linux-media" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
