Re: Spam on the wiki

Le 16 déc. 2015 9:24 PM, "Stefan Kaltenbrunner" <stefan(at)kaltenbrunner(dot)cc> a
écrit :
>
> On 12/16/2015 08:24 PM, Stefan Kaltenbrunner wrote:
> > On 12/16/2015 07:53 PM, Tom Lane wrote:
> >> Stefan Kaltenbrunner <stefan(at)kaltenbrunner(dot)cc> writes:
> >>>> we are currently working on reverting the entire wiki back to a state
> >>>> before the attack from system backups because it does not seem
sensible
> >>>> to try to revert this in piece meal style.
> >>
> >>> we have now restored a backup from ~2015-12-15 05:00:37 UTC (later
> >>> backups already had spam traces in it) - th wiki is live again, user
> >>> account signup for the entire community account system is still
disabled
> >>> until we have a better plan to deal with this crap.
> >>
> >> "Recent changes" log says there's still at least one active spammer
> >> account.
> >
> > yeah thanks for letting us know - the problem is that it looks like the
> > spammers have pre-created (but not "used" until very recently) a lot of
> > accounts in the community account system over the last few days (if not
> > for much longer) and it is not really obvious which ones are "bad" and
> > which ones are not - we keep working on it :(
>
> I think we have it under control now - we have disabled ~200
> "suspicious" community accounts, restored a backup of the wiki from ~36h
> ago and nuked all the session data from the community auth system and
> the wiki to prevent users from reusing existing sessions.
> That seems to stablized the situation for now but community auth account
> creation is still disabled.
>
> We are currently discussion further actions which will likely involve
> adding additional verification for community auth signup and maybe for
> posting to the wiki. We are also looking into restoring the handful of
> "valid" changes to the wiki between the time of the backup and the time
> we restored it.
>

Thanks Stefan for all the hard work.