Re: Spam on the wiki - Mailing list pgsql-www
| From | Guillaume Lelarge |
|---|---|
| Subject | Re: Spam on the wiki |
| Date | |
| Msg-id | CAECtzeUN5QHW-P83fw-34yCbn9vMxR4Y79DAX21Gryt3HmcSZw@mail.gmail.com Whole thread Raw |
| In response to | Re: Spam on the wiki (Stefan Kaltenbrunner <stefan@kaltenbrunner.cc>) |
| Responses |
Re: Spam on the wiki
(Tom Lane <tgl@sss.pgh.pa.us>)
Re: Spam on the wiki (Peter Geoghegan <pg@heroku.com>) |
| List | pgsql-www |
<p dir="ltr">Le 16 déc. 2015 9:24 PM, "Stefan Kaltenbrunner" <stefan@kaltenbrunner.cc> a écrit :<br /> ><br /> >On 12/16/2015 08:24 PM, Stefan Kaltenbrunner wrote:<br /> > > On 12/16/2015 07:53 PM, Tom Lane wrote:<br /> >>> Stefan Kaltenbrunner <stefan@kaltenbrunner.cc> writes:<br /> > >>>> we are currently workingon reverting the entire wiki back to a state<br /> > >>>> before the attack from system backups becauseit does not seem sensible<br /> > >>>> to try to revert this in piece meal style.<br /> > >><br/> > >>> we have now restored a backup from ~2015-12-15 05:00:37 UTC (later<br /> > >>>backups already had spam traces in it) - th wiki is live again, user<br /> > >>> account signup forthe entire community account system is still disabled<br /> > >>> until we have a better plan to deal withthis crap.<br /> > >><br /> > >> "Recent changes" log says there's still at least one active spammer<br/> > >> account.<br /> > ><br /> > > yeah thanks for letting us know - the problem is thatit looks like the<br /> > > spammers have pre-created (but not "used" until very recently) a lot of<br /> >> accounts in the community account system over the last few days (if not<br /> > > for much longer) and itis not really obvious which ones are "bad" and<br /> > > which ones are not - we keep working on it :(<br /> ><br/> > I think we have it under control now - we have disabled ~200<br /> > "suspicious" community accounts, restoreda backup of the wiki from ~36h<br /> > ago and nuked all the session data from the community auth system and<br/> > the wiki to prevent users from reusing existing sessions.<br /> > That seems to stablized the situationfor now but community auth account<br /> > creation is still disabled.<br /> ><br /> > We are currentlydiscussion further actions which will likely involve<br /> > adding additional verification for community authsignup and maybe for<br /> > posting to the wiki. We are also looking into restoring the handful of<br /> > "valid"changes to the wiki between the time of the backup and the time<br /> > we restored it.<br /> ><p dir="ltr">ThanksStefan for all the hard work.