Hello, Am Sonntag, 28. Februar 2016, 20:11:38 CET schrieb Sarah Julia Kriesch:
Von: "Christian Boltz" <opensuse@cboltz.de>
At least the spam attack slowed down, so I didn't re-add the IP block and hope the best ;-)
They have to learn, that they can't do so much in the read-only mode.
Except if those blocks expire, and it seems they do.
We have to wait now.
Yes, the real solution needs some help from the server admins - I don't have write access to the config files.
Oh, and the spammers managed to completely kill the history of Help:Editing (by moving it around and then overwriting it with another move?), so I just "enjoyed" restoring it from google cache :-/ If they can damage something, we should ask our admins, whether they can use a dump and backup of the time before this attack. We can look, how many normal contributions were added in the last days. If it wouldn't be so much (or anything), we can use all the data of the time before spaming.
I know there were some "good" contributions between the spam flood - but I wouldn't be surprised if it's faster to manually redo those on top of the backup than reverting all spam changes. Going back to a backup would have another advantage - no spam traces in the delete log. (The spam is even in the page titles, and the titles will stay in the delete log if we "just" delete them.) The interesting[tm] part is to filter Special:RecentChanges for the "good" changes - that will be like searching the needle in a *big* haystack. At least the spam uses a pattern (US phone numbers) that we can use to filter Special:RecentChanges automatically.
You saied, it would be read-only now. So we can use backups, if something would be damaged.
It seems the "same IP" blocking [1] expires after a day, so the wiki went out of read-only mode again. I re-added two blocks and they seem to work - but they'll probably expire again. The "real" read-only mode ($wgReadOnly) can only be set in the config file, so that's something for the server admins. Regards, Christian Boltz [1] All wiki traffic is routed through a set of authentification proxies - for the wiki it looks like all visitors come from a handful of IPs (= the authentification proxies), and that allows to abuse the "same IP" blocking to block all edits. At least if I hit all proxy IPs ;-) --
Wer kennt eine gute Beschreibung, am besten in deutsch die die Installion und Einrichtung von mysql und php beschreibt? Bitte mehr als nur die Anwort: "Ich" ok, kein problem. google. [>Marcel Stein u. Michael Meyer in suse-linux]
-- To unsubscribe, e-mail: opensuse-wiki+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-wiki+owner@opensuse.org