Re: Spam on the wiki

Hi,

There's something wrong over here:
https://wiki.postgresql.org/wiki/Talk:What's_new_in_PostgreSQL_9.1/fr

And to many more pages. See:
https://wiki.postgresql.org/index.php?title=Special%3ALog&type=&user=Singhuma893

Not sure what's the best way to deal with this, but wanted you guys to know
about it.

--
Guillaume.
http://blog.guillaume.lelarge.info
http://www.dalibo.com

On Wed, Dec 16, 2015 at 05:32:19PM +0100, Guillaume Lelarge wrote:
> Hi,
>
> There's something wrong over here: https://wiki.postgresql.org/wiki/
> Talk:What's_new_in_PostgreSQL_9.1/fr
>
> And to many more pages. See: https://wiki.postgresql.org/index.php?title=
> Special%3ALog&type=&user=Singhuma893
>
> Not sure what's the best way to deal with this, but wanted you guys to know
> about it.

Yes, I am trying to fix it but the spam users are creating new pages
faster than I can fix it. I am concerned we are going to need to revert
the entire wiki to an earlier state.

I see problem users Johnthe and Sanjaypatel but the fixes are geting
re-spammed so quickly I am afraid it is some automated attack that will
be difficult to clean up. The other problem is that they are _moving_
pages, meaning we have to move them back as well as undo the edits.

I am going to give up trying to undo this until we can get a better
handle on a process of cleanup.

--
Bruce Momjian <bruce(at)momjian(dot)us> http://momjian.us
EnterpriseDB http://enterprisedb.com

+ As you are, so once was I. As I am, so you will be. +
+ Roman grave inscription +

2015-12-16 18:02 GMT+01:00 Bruce Momjian <bruce(at)momjian(dot)us>:

> On Wed, Dec 16, 2015 at 05:32:19PM +0100, Guillaume Lelarge wrote:
> > Hi,
> >
> > There's something wrong over here: https://wiki.postgresql.org/wiki/
> > Talk:What's_new_in_PostgreSQL_9.1/fr
> >
> > And to many more pages. See:
> https://wiki.postgresql.org/index.php?title=
> > Special%3ALog&type=&user=Singhuma893
> >
> > Not sure what's the best way to deal with this, but wanted you guys to
> know
> > about it.
>
> Yes, I am trying to fix it but the spam users are creating new pages
> faster than I can fix it. I am concerned we are going to need to revert
> the entire wiki to an earlier state.
>
> I see problem users Johnthe and Sanjaypatel but the fixes are geting
> re-spammed so quickly I am afraid it is some automated attack that will
> be difficult to clean up. The other problem is that they are _moving_
> pages, meaning we have to move them back as well as undo the edits.
>
> I am going to give up trying to undo this until we can get a better
> handle on a process of cleanup.
>
>
Maybe there's a way to pu the wiki on a read-only mode for everyone except
some of us. That would help stopping them while we fix it. But I don't know
if such a mode exists. +

--
Guillaume.
http://blog.guillaume.lelarge.info
http://www.dalibo.com

On Wed, Dec 16, 2015 at 06:06:52PM +0100, Guillaume Lelarge wrote:
> I am going to give up trying to undo this until we can get a better
> handle on a process of cleanup.
>
>
>
> Maybe there's a way to pu the wiki on a read-only mode for everyone except some
> of us. That would help stopping them while we fix it. But I don't know if such
> a mode exists.                             +

Agreed. I cleaned up the page
https://wiki.postgresql.org/wiki/Parallel_Query_Execution and renamed it
back to its original name, but within two minutes it was spammed again.

--
Bruce Momjian <bruce(at)momjian(dot)us> http://momjian.us
EnterpriseDB http://enterprisedb.com

+ As you are, so once was I. As I am, so you will be. +
+ Roman grave inscription +

Looking at the Wiki's change log, it appears to be logging about 10
changes per second.

Kevin Grittner

On Wed, Dec 16, 2015 at 11:08 AM, Bruce Momjian <bruce(at)momjian(dot)us> wrote:
> On Wed, Dec 16, 2015 at 06:06:52PM +0100, Guillaume Lelarge wrote:
>> I am going to give up trying to undo this until we can get a better
>> handle on a process of cleanup.
>>
>>
>>
>> Maybe there's a way to pu the wiki on a read-only mode for everyone except some
>> of us. That would help stopping them while we fix it. But I don't know if such
>> a mode exists. +
>
> Agreed. I cleaned up the page
> https://wiki.postgresql.org/wiki/Parallel_Query_Execution and renamed it
> back to its original name, but within two minutes it was spammed again.
>
> --
> Bruce Momjian <bruce(at)momjian(dot)us> http://momjian.us
> EnterpriseDB http://enterprisedb.com
>
> + As you are, so once was I. As I am, so you will be. +
> + Roman grave inscription +
>
>
> --
> Sent via pgsql-www mailing list (pgsql-www(at)postgresql(dot)org)
> To make changes to your subscription:
> http://www.postgresql.org/mailpref/pgsql-www

--
Kevin Grittner
EDB: http://www.enterprisedb.com
The Enterprise PostgreSQL Company

On Wed, Dec 16, 2015 at 11:09:38AM -0600, Kevin Grittner wrote:
> Looking at the Wiki's change log, it appears to be logging about 10
> changes per second.

Yikes!

--
Bruce Momjian <bruce(at)momjian(dot)us> http://momjian.us
EnterpriseDB http://enterprisedb.com

+ As you are, so once was I. As I am, so you will be. +
+ Roman grave inscription +

On Wed, Dec 16, 2015 at 11:09 AM, Kevin Grittner <kgrittn(at)gmail(dot)com> wrote:
> Looking at the Wiki's change log, it appears to be logging about 10
> changes per second.

Sorry, 10 changes per minute.

Still...

Kevin Grittner

2015-12-16 18:11 GMT+01:00 Kevin Grittner <kgrittn(at)gmail(dot)com>:

> On Wed, Dec 16, 2015 at 11:09 AM, Kevin Grittner <kgrittn(at)gmail(dot)com>
> wrote:
> > Looking at the Wiki's change log, it appears to be logging about 10
> > changes per second.
>
> Sorry, 10 changes per minute.
>
> Still...
>
>
Still worse than our fix time :-/

--
Guillaume.
http://blog.guillaume.lelarge.info
http://www.dalibo.com

On Wed, Dec 16, 2015 at 5:02 PM, Bruce Momjian <bruce(at)momjian(dot)us> wrote:
> On Wed, Dec 16, 2015 at 05:32:19PM +0100, Guillaume Lelarge wrote:
>> Hi,
>>
>> There's something wrong over here: https://wiki.postgresql.org/wiki/
>> Talk:What's_new_in_PostgreSQL_9.1/fr
>>
>> And to many more pages. See: https://wiki.postgresql.org/index.php?title=
>> Special%3ALog&type=&user=Singhuma893
>>
>> Not sure what's the best way to deal with this, but wanted you guys to know
>> about it.
>
> Yes, I am trying to fix it but the spam users are creating new pages
> faster than I can fix it. I am concerned we are going to need to revert
> the entire wiki to an earlier state.
>
> I see problem users Johnthe and Sanjaypatel but the fixes are geting
> re-spammed so quickly I am afraid it is some automated attack that will
> be difficult to clean up. The other problem is that they are _moving_
> pages, meaning we have to move them back as well as undo the edits.
>
> I am going to give up trying to undo this until we can get a better
> handle on a process of cleanup.

I've blocked those two users, and it looks like Alvarro has done a few more.

--
Dave Page
Blog: http://pgsnake.blogspot.com
Twitter: @pgsnake

EnterpriseDB UK: http://www.enterprisedb.com
The Enterprise PostgreSQL Company

On Wed, Dec 16, 2015 at 11:16 AM, Dave Page <dpage(at)pgadmin(dot)org> wrote:

> I've blocked those two users, and it looks like Alvarro has done
> a few more.

There seem to be a lot of user IDs involved. Do we know whether
there are new user registrations happening, or were all these set
up before the attack?

--
Kevin Grittner
EDB: http://www.enterprisedb.com
The Enterprise PostgreSQL Company

On Wed, Dec 16, 2015 at 6:19 PM, Kevin Grittner <kgrittn(at)gmail(dot)com> wrote:

> On Wed, Dec 16, 2015 at 11:16 AM, Dave Page <dpage(at)pgadmin(dot)org> wrote:
>
> > I've blocked those two users, and it looks like Alvarro has done
> > a few more.
>
> There seem to be a lot of user IDs involved. Do we know whether
> there are new user registrations happening, or were all these set
> up before the attack?
>
> --
> Kevin Grittner
> EDB: http://www.enterprisedb.com
> The Enterprise PostgreSQL Company
>
>
> --
> Sent via pgsql-www mailing list (pgsql-www(at)postgresql(dot)org)
> To make changes to your subscription:
> http://www.postgresql.org/mailpref/pgsql-www
>

--
Magnus Hagander
Me: http://www.hagander.net/
Work: http://www.redpill-linpro.com/

On Wed, Dec 16, 2015 at 6:19 PM, Kevin Grittner <kgrittn(at)gmail(dot)com> wrote:

> On Wed, Dec 16, 2015 at 11:16 AM, Dave Page <dpage(at)pgadmin(dot)org> wrote:
>
> > I've blocked those two users, and it looks like Alvarro has done
> > a few more.
>
> There seem to be a lot of user IDs involved. Do we know whether
> there are new user registrations happening, or were all these set
> up before the attack?
>

There are new user registrations happening. Not sure if those are the ones
used, but there definitely are.

Either they've found a way to script-generate gmail addresses, or they have
found a way to break the django hashes.

--
Magnus Hagander
Me: http://www.hagander.net/
Work: http://www.redpill-linpro.com/

On 2015-12-16 18:21:47 +0100, Magnus Hagander wrote:
> Either they've found a way to script-generate gmail addresses, or they have
> found a way to break the django hashes.

Or they just hired somebody to do that kind of thing manually. There's
sites for that...

On 12/16/2015 09:22 AM, Andres Freund wrote:
> On 2015-12-16 18:21:47 +0100, Magnus Hagander wrote:
>> Either they've found a way to script-generate gmail addresses, or they have
>> found a way to break the django hashes.
>
> Or they just hired somebody to do that kind of thing manually. There's
> sites for that...
>
>

In the interim, let's just disable edits.

--
Command Prompt, Inc. - http://www.commandprompt.com/ 503-667-4564
PostgreSQL Centered full stack support, consulting and development.
Announcing "I'm offended" is basically telling the world you can't
control your own emotions, so everyone else should do it for you.

On Wed, Dec 16, 2015 at 6:27 PM, Joshua D. Drake <jd(at)commandprompt(dot)com>
wrote:

> On 12/16/2015 09:22 AM, Andres Freund wrote:
>
>> On 2015-12-16 18:21:47 +0100, Magnus Hagander wrote:
>>
>>> Either they've found a way to script-generate gmail addresses, or they
>>> have
>>> found a way to break the django hashes.
>>>
>>
>> Or they just hired somebody to do that kind of thing manually. There's
>> sites for that...
>>
>>
>>
> In the interim, let's just disable edits.

New account signups have been temporarily disabled at least. But yes, they
still have all those accounts against the wiki as well.

--
Magnus Hagander
Me: http://www.hagander.net/
Work: http://www.redpill-linpro.com/

On Wed, Dec 16, 2015 at 06:28:18PM +0100, Magnus Hagander wrote:
> On Wed, Dec 16, 2015 at 6:27 PM, Joshua D. Drake <jd(at)commandprompt(dot)com> wrote:
>
> On 12/16/2015 09:22 AM, Andres Freund wrote:
>
> On 2015-12-16 18:21:47 +0100, Magnus Hagander wrote:
>
> Either they've found a way to script-generate gmail addresses, or
> they have
> found a way to break the django hashes.
>
>
> Or they just hired somebody to do that kind of thing manually. There's
> sites for that...
>
>
>
>
> In the interim, let's just disable edits.
>
>
> New account signups have been temporarily disabled at least. But yes, they
> still have all those accounts against the wiki as well. 

What is the plan for undoing the spam edits?

--
Bruce Momjian <bruce(at)momjian(dot)us> http://momjian.us
EnterpriseDB http://enterprisedb.com

+ As you are, so once was I. As I am, so you will be. +
+ Roman grave inscription +

On 12/16/2015 06:29 PM, Bruce Momjian wrote:
> On Wed, Dec 16, 2015 at 06:28:18PM +0100, Magnus Hagander wrote:
>> On Wed, Dec 16, 2015 at 6:27 PM, Joshua D. Drake <jd(at)commandprompt(dot)com> wrote:
>>
>> On 12/16/2015 09:22 AM, Andres Freund wrote:
>>
>> On 2015-12-16 18:21:47 +0100, Magnus Hagander wrote:
>>
>> Either they've found a way to script-generate gmail addresses, or
>> they have
>> found a way to break the django hashes.
>>
>>
>> Or they just hired somebody to do that kind of thing manually. There's
>> sites for that...
>>
>>
>>
>>
>> In the interim, let's just disable edits.
>>
>>
>> New account signups have been temporarily disabled at least. But yes, they
>> still have all those accounts against the wiki as well.
>
> What is the plan for undoing the spam edits?

we are working on that, but we have no final answer yet...

Stefan

On 12/16/2015 07:12 PM, Stefan Kaltenbrunner wrote:
> On 12/16/2015 06:29 PM, Bruce Momjian wrote:
>> On Wed, Dec 16, 2015 at 06:28:18PM +0100, Magnus Hagander wrote:
>>> On Wed, Dec 16, 2015 at 6:27 PM, Joshua D. Drake <jd(at)commandprompt(dot)com> wrote:
>>>
>>> On 12/16/2015 09:22 AM, Andres Freund wrote:
>>>
>>> On 2015-12-16 18:21:47 +0100, Magnus Hagander wrote:
>>>
>>> Either they've found a way to script-generate gmail addresses, or
>>> they have
>>> found a way to break the django hashes.
>>>
>>>
>>> Or they just hired somebody to do that kind of thing manually. There's
>>> sites for that...
>>>
>>>
>>>
>>>
>>> In the interim, let's just disable edits.
>>>
>>>
>>> New account signups have been temporarily disabled at least. But yes, they
>>> still have all those accounts against the wiki as well.
>>
>> What is the plan for undoing the spam edits?
>
> we are working on that, but we have no final answer yet...

we are currently working on reverting the entire wiki back to a state
before the attack from system backups because it does not seem sensible
to try to revert this in piece meal style.

Stefan

On Wed, Dec 16, 2015 at 07:38:01PM +0100, Stefan Kaltenbrunner wrote:
> >>> New account signups have been temporarily disabled at least. But yes, they
> >>> still have all those accounts against the wiki as well.
> >>
> >> What is the plan for undoing the spam edits?
> >
> > we are working on that, but we have no final answer yet...
>
> we are currently working on reverting the entire wiki back to a state
> before the attack from system backups because it does not seem sensible
> to try to revert this in piece meal style.

Agreed.

--
Bruce Momjian <bruce(at)momjian(dot)us> http://momjian.us
EnterpriseDB http://enterprisedb.com

+ As you are, so once was I. As I am, so you will be. +
+ Roman grave inscription +

On 12/16/2015 07:38 PM, Stefan Kaltenbrunner wrote:
> On 12/16/2015 07:12 PM, Stefan Kaltenbrunner wrote:
>> On 12/16/2015 06:29 PM, Bruce Momjian wrote:
>>> On Wed, Dec 16, 2015 at 06:28:18PM +0100, Magnus Hagander wrote:
>>>> On Wed, Dec 16, 2015 at 6:27 PM, Joshua D. Drake <jd(at)commandprompt(dot)com> wrote:
>>>>
>>>> On 12/16/2015 09:22 AM, Andres Freund wrote:
>>>>
>>>> On 2015-12-16 18:21:47 +0100, Magnus Hagander wrote:
>>>>
>>>> Either they've found a way to script-generate gmail addresses, or
>>>> they have
>>>> found a way to break the django hashes.
>>>>
>>>>
>>>> Or they just hired somebody to do that kind of thing manually. There's
>>>> sites for that...
>>>>
>>>>
>>>>
>>>>
>>>> In the interim, let's just disable edits.
>>>>
>>>>
>>>> New account signups have been temporarily disabled at least. But yes, they
>>>> still have all those accounts against the wiki as well.
>>>
>>> What is the plan for undoing the spam edits?
>>
>> we are working on that, but we have no final answer yet...
>
> we are currently working on reverting the entire wiki back to a state
> before the attack from system backups because it does not seem sensible
> to try to revert this in piece meal style.

we have now restored a backup from ~2015-12-15 05:00:37 UTC (later
backups already had spam traces in it) - th wiki is live again, user
account signup for the entire community account system is still disabled
until we have a better plan to deal with this crap.

Stefan

Stefan Kaltenbrunner <stefan(at)kaltenbrunner(dot)cc> writes:
>> we are currently working on reverting the entire wiki back to a state
>> before the attack from system backups because it does not seem sensible
>> to try to revert this in piece meal style.

> we have now restored a backup from ~2015-12-15 05:00:37 UTC (later
> backups already had spam traces in it) - th wiki is live again, user
> account signup for the entire community account system is still disabled
> until we have a better plan to deal with this crap.

"Recent changes" log says there's still at least one active spammer
account.

regards, tom lane

On 12/16/2015 07:53 PM, Tom Lane wrote:
> Stefan Kaltenbrunner <stefan(at)kaltenbrunner(dot)cc> writes:
>>> we are currently working on reverting the entire wiki back to a state
>>> before the attack from system backups because it does not seem sensible
>>> to try to revert this in piece meal style.
>
>> we have now restored a backup from ~2015-12-15 05:00:37 UTC (later
>> backups already had spam traces in it) - th wiki is live again, user
>> account signup for the entire community account system is still disabled
>> until we have a better plan to deal with this crap.
>
> "Recent changes" log says there's still at least one active spammer
> account.

yeah thanks for letting us know - the problem is that it looks like the
spammers have pre-created (but not "used" until very recently) a lot of
accounts in the community account system over the last few days (if not
for much longer) and it is not really obvious which ones are "bad" and
which ones are not - we keep working on it :(

Stefan

On 12/16/2015 08:24 PM, Stefan Kaltenbrunner wrote:
> On 12/16/2015 07:53 PM, Tom Lane wrote:
>> Stefan Kaltenbrunner <stefan(at)kaltenbrunner(dot)cc> writes:
>>>> we are currently working on reverting the entire wiki back to a state
>>>> before the attack from system backups because it does not seem sensible
>>>> to try to revert this in piece meal style.
>>
>>> we have now restored a backup from ~2015-12-15 05:00:37 UTC (later
>>> backups already had spam traces in it) - th wiki is live again, user
>>> account signup for the entire community account system is still disabled
>>> until we have a better plan to deal with this crap.
>>
>> "Recent changes" log says there's still at least one active spammer
>> account.
>
> yeah thanks for letting us know - the problem is that it looks like the
> spammers have pre-created (but not "used" until very recently) a lot of
> accounts in the community account system over the last few days (if not
> for much longer) and it is not really obvious which ones are "bad" and
> which ones are not - we keep working on it :(

I think we have it under control now - we have disabled ~200
"suspicious" community accounts, restored a backup of the wiki from ~36h
ago and nuked all the session data from the community auth system and
the wiki to prevent users from reusing existing sessions.
That seems to stablized the situation for now but community auth account
creation is still disabled.

We are currently discussion further actions which will likely involve
adding additional verification for community auth signup and maybe for
posting to the wiki. We are also looking into restoring the handful of
"valid" changes to the wiki between the time of the backup and the time
we restored it.

Stefan

Le 16 déc. 2015 9:24 PM, "Stefan Kaltenbrunner" <stefan(at)kaltenbrunner(dot)cc> a
écrit :
>
> On 12/16/2015 08:24 PM, Stefan Kaltenbrunner wrote:
> > On 12/16/2015 07:53 PM, Tom Lane wrote:
> >> Stefan Kaltenbrunner <stefan(at)kaltenbrunner(dot)cc> writes:
> >>>> we are currently working on reverting the entire wiki back to a state
> >>>> before the attack from system backups because it does not seem
sensible
> >>>> to try to revert this in piece meal style.
> >>
> >>> we have now restored a backup from ~2015-12-15 05:00:37 UTC (later
> >>> backups already had spam traces in it) - th wiki is live again, user
> >>> account signup for the entire community account system is still
disabled
> >>> until we have a better plan to deal with this crap.
> >>
> >> "Recent changes" log says there's still at least one active spammer
> >> account.
> >
> > yeah thanks for letting us know - the problem is that it looks like the
> > spammers have pre-created (but not "used" until very recently) a lot of
> > accounts in the community account system over the last few days (if not
> > for much longer) and it is not really obvious which ones are "bad" and
> > which ones are not - we keep working on it :(
>
> I think we have it under control now - we have disabled ~200
> "suspicious" community accounts, restored a backup of the wiki from ~36h
> ago and nuked all the session data from the community auth system and
> the wiki to prevent users from reusing existing sessions.
> That seems to stablized the situation for now but community auth account
> creation is still disabled.
>
> We are currently discussion further actions which will likely involve
> adding additional verification for community auth signup and maybe for
> posting to the wiki. We are also looking into restoring the handful of
> "valid" changes to the wiki between the time of the backup and the time
> we restored it.
>

Thanks Stefan for all the hard work.

Guillaume Lelarge <guillaume(at)lelarge(dot)info> writes:
> Le 16 dc. 2015 9:24 PM, "Stefan Kaltenbrunner" <stefan(at)kaltenbrunner(dot)cc> a
> crit :
>> I think we have it under control now - we have disabled ~200
>> "suspicious" community accounts, restored a backup of the wiki from ~36h
>> ago and nuked all the session data from the community auth system and
>> the wiki to prevent users from reusing existing sessions.
>> That seems to stablized the situation for now but community auth account
>> creation is still disabled.
>>
>> We are currently discussion further actions which will likely involve
>> adding additional verification for community auth signup and maybe for
>> posting to the wiki. We are also looking into restoring the handful of
>> "valid" changes to the wiki between the time of the backup and the time
>> we restored it.

> Thanks Stefan for all the hard work.

Indeed, and Alvaro too. I'm sure you guys had better things to be doing
today :-(

regards, tom lane

On 12/16/2015 09:58 PM, Tom Lane wrote:
> Guillaume Lelarge <guillaume(at)lelarge(dot)info> writes:
>> Le 16 déc. 2015 9:24 PM, "Stefan Kaltenbrunner" <stefan(at)kaltenbrunner(dot)cc> a
>> écrit :
>>> I think we have it under control now - we have disabled ~200
>>> "suspicious" community accounts, restored a backup of the wiki from ~36h
>>> ago and nuked all the session data from the community auth system and
>>> the wiki to prevent users from reusing existing sessions.
>>> That seems to stablized the situation for now but community auth account
>>> creation is still disabled.
>>>
>>> We are currently discussion further actions which will likely involve
>>> adding additional verification for community auth signup and maybe for
>>> posting to the wiki. We are also looking into restoring the handful of
>>> "valid" changes to the wiki between the time of the backup and the time
>>> we restored it.
>
>> Thanks Stefan for all the hard work.
>
> Indeed, and Alvaro too. I'm sure you guys had better things to be doing
> today :-(

thanks - but we actually had every single member of the sysadmin team
involved in this incident at some point...
The followup work of implementing additional verification and maybe
moderation steps are probably going to create even more work though.

Stefan

On Wed, Dec 16, 2015 at 12:48 PM, Guillaume Lelarge
<guillaume(at)lelarge(dot)info> wrote:
> Thanks Stefan for all the hard work.

Thanks, Stefan.

--
Peter Geoghegan

On 12/16/2015 01:17 PM, Peter Geoghegan wrote:
> On Wed, Dec 16, 2015 at 12:48 PM, Guillaume Lelarge
> <guillaume(at)lelarge(dot)info> wrote:
>> Thanks Stefan for all the hard work.
>
> Thanks, Stefan.
>
>

As someone who used to be on the infrastructure team, these guys are war
heroes. It is easy to forget the hard work they put in so that the rest
of us can enjoy this community.

Thanks folks!

JD

--
Command Prompt, Inc. - http://www.commandprompt.com/ 503-667-4564
PostgreSQL Centered full stack support, consulting and development.
Announcing "I'm offended" is basically telling the world you can't
control your own emotions, so everyone else should do it for you.

> As someone who used to be on the infrastructure team, these guys are war
> heroes. It is easy to forget the hard work they put in so that the rest
> of us can enjoy this community.
>
> Thanks folks!
>
> JD

++1

On Wed, Dec 16, 2015 at 6:28 PM, Magnus Hagander <magnus(at)hagander(dot)net>
wrote:

> On Wed, Dec 16, 2015 at 6:27 PM, Joshua D. Drake <jd(at)commandprompt(dot)com>
> wrote:
>
>> On 12/16/2015 09:22 AM, Andres Freund wrote:
>>
>>> On 2015-12-16 18:21:47 +0100, Magnus Hagander wrote:
>>>
>>>> Either they've found a way to script-generate gmail addresses, or they
>>>> have
>>>> found a way to break the django hashes.
>>>>
>>>
>>> Or they just hired somebody to do that kind of thing manually. There's
>>> sites for that...
>>>
>>>
>>>
>> In the interim, let's just disable edits.
>
>
> New account signups have been temporarily disabled at least. But yes, they
> still have all those accounts against the wiki as well.
>
>
New account signups have been re-enabled, now requiring a captcha.
Hopefully that will be enough to stop the new spam signups. We'll keep an
eye on it and disable them again if it seems to happen again.

--
Magnus Hagander
Me: http://www.hagander.net/
Work: http://www.redpill-linpro.com/

Magnus Hagander <magnus(at)hagander(dot)net> writes:
> New account signups have been re-enabled, now requiring a captcha.
> Hopefully that will be enough to stop the new spam signups. We'll keep an
> eye on it and disable them again if it seems to happen again.

You probably already noticed, but ... they're at it again.

regards, tom lane

On Thu, Dec 17, 2015 at 3:30 PM, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:

> Magnus Hagander <magnus(at)hagander(dot)net> writes:
> > New account signups have been re-enabled, now requiring a captcha.
> > Hopefully that will be enough to stop the new spam signups. We'll keep an
> > eye on it and disable them again if it seems to happen again.
>
> You probably already noticed, but ... they're at it again.
>

ARGH!

I was looking at a cached copy of the page :S

--
Magnus Hagander
Me: http://www.hagander.net/
Work: http://www.redpill-linpro.com/

On Thu, Dec 17, 2015 at 3:39 PM, Magnus Hagander <magnus(at)hagander(dot)net>
wrote:

>
>
> On Thu, Dec 17, 2015 at 3:30 PM, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
>
>> Magnus Hagander <magnus(at)hagander(dot)net> writes:
>> > New account signups have been re-enabled, now requiring a captcha.
>> > Hopefully that will be enough to stop the new spam signups. We'll keep
>> an
>> > eye on it and disable them again if it seems to happen again.
>>
>> You probably already noticed, but ... they're at it again.
>>
>
> ARGH!
>
> I was looking at a cached copy of the page :S
>
>
So they break the captcha in seconds. I'm more and more thinking andres'
idea that it's actually farmed out to people and not just bots...

I've shut the wiki down for the moment, pending that somebody who actually
knows anything about mediawiki shows up..

My suggestion is we make all edits on the wiki moderated, if that's at all
possible. It's AFAIK the only service where we allow people to post things
with no moderation on the content today, and clearly that's not working.
People will still be signing up accounts, but they can't do any damage with
them...

--
Magnus Hagander
Me: http://www.hagander.net/
Work: http://www.redpill-linpro.com/

Magnus Hagander <magnus(at)hagander(dot)net> writes:
> So they break the captcha in seconds. I'm more and more thinking andres'
> idea that it's actually farmed out to people and not just bots...

Yeah, it's sounding a lot like manual creation of the accounts and then
bots doing the actual spamming.

> My suggestion is we make all edits on the wiki moderated, if that's at all
> possible. It's AFAIK the only service where we allow people to post things
> with no moderation on the content today, and clearly that's not working.

Sigh. That's pretty ugly, though maybe it will work if you can set it up
so that known members of the community can bypass the moderation. The
bulk of the legitimate edits probably come from a fairly small number of
people.

regards, tom lane

On Thu, Dec 17, 2015 at 4:11 PM, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:

> Magnus Hagander <magnus(at)hagander(dot)net> writes:
> > So they break the captcha in seconds. I'm more and more thinking andres'
> > idea that it's actually farmed out to people and not just bots...
>
> Yeah, it's sounding a lot like manual creation of the accounts and then
> bots doing the actual spamming.
>

Yup.

> > My suggestion is we make all edits on the wiki moderated, if that's at
> all
> > possible. It's AFAIK the only service where we allow people to post
> things
> > with no moderation on the content today, and clearly that's not working.
>
> Sigh. That's pretty ugly, though maybe it will work if you can set it up
> so that known members of the community can bypass the moderation. The
> bulk of the legitimate edits probably come from a fairly small number of
> people.
>

Yeah. I have no idea how mediawiki actually works with those things, but
I'm not sure what else we can do. It's been suggested to have a cooling-off
period for new accounts, but how long should that be... I guess we could
have a 2-4 week cooling off period and then some way to bypass it by
contacting someone manually, but who's going to deal with those approvals?

--
Magnus Hagander
Me: http://www.hagander.net/
Work: http://www.redpill-linpro.com/

On 17-12-2015 12:13, Magnus Hagander wrote:
> Yeah. I have no idea how mediawiki actually works with those things, but
> I'm not sure what else we can do. It's been suggested to have a
> cooling-off period for new accounts, but how long should that be... I
> guess we could have a 2-4 week cooling off period and then some way to
> bypass it by contacting someone manually, but who's going to deal with
> those approvals?
>
Why don't we create a group of known community members? This group can
edit without restriction but new accounts will be moderated.

--
Euler Taveira Timbira - http://www.timbira.com.br/
PostgreSQL: Consultoria, Desenvolvimento, Suporte 24x7 e Treinamento

On Thu, Dec 17, 2015 at 4:18 PM, Euler Taveira <euler(at)timbira(dot)com(dot)br> wrote:

> On 17-12-2015 12:13, Magnus Hagander wrote:
> > Yeah. I have no idea how mediawiki actually works with those things, but
> > I'm not sure what else we can do. It's been suggested to have a
> > cooling-off period for new accounts, but how long should that be... I
> > guess we could have a 2-4 week cooling off period and then some way to
> > bypass it by contacting someone manually, but who's going to deal with
> > those approvals?
> >
> Why don't we create a group of known community members? This group can
> edit without restriction but new accounts will be moderated.
>

Yeah, that might be the reasonable thing to do. We can probably cover 90+%
of all edits by such a solution. But somebody still has to clean up the
crap in the moderation queue.

--
Magnus Hagander
Me: http://www.hagander.net/
Work: http://www.redpill-linpro.com/

On 2015-12-17 16:01:52 +0100, Magnus Hagander wrote:
> I've shut the wiki down for the moment, pending that somebody who actually
> knows anything about mediawiki shows up..

I've not dealt with this in years, so I might be completely out of date
here. But I think adding something like
$wgGroupPermissions['*']['edit'] = false;
in the config ought to do the trick.

Then we can add a 'approved users' group, and give those edit
permissions. Not perfect, but ought to do as a first step.

Andres

On Thu, Dec 17, 2015 at 3:21 PM, Andres Freund <andres(at)anarazel(dot)de> wrote:
> On 2015-12-17 16:01:52 +0100, Magnus Hagander wrote:
>> I've shut the wiki down for the moment, pending that somebody who actually
>> knows anything about mediawiki shows up..
>
> I've not dealt with this in years, so I might be completely out of date
> here. But I think adding something like
> $wgGroupPermissions['*']['edit'] = false;
> in the config ought to do the trick.
>
> Then we can add a 'approved users' group, and give those edit
> permissions. Not perfect, but ought to do as a first step.

Thanks - I've done something along those lines, and we've added the
active users from the last 30 days to a new editor group. If anyone
else wants to be added, they'll need to send email to request it for
the time being.

--
Dave Page
Blog: http://pgsnake.blogspot.com
Twitter: @pgsnake

EnterpriseDB UK: http://www.enterprisedb.com
The Enterprise PostgreSQL Company

On Thu, Dec 17, 2015 at 9:16 AM, Dave Page <dpage(at)pgadmin(dot)org> wrote:
> Thanks - I've done something along those lines, and we've added the
> active users from the last 30 days to a new editor group. If anyone
> else wants to be added, they'll need to send email to request it for
> the time being.

Seems reasonable, at least as an interim measure. I doubt we benefit
too much from "drive by" wiki edits.

--
Peter Geoghegan

Peter Geoghegan <pg(at)heroku(dot)com> writes:
> On Thu, Dec 17, 2015 at 9:16 AM, Dave Page <dpage(at)pgadmin(dot)org> wrote:
>> Thanks - I've done something along those lines, and we've added the
>> active users from the last 30 days to a new editor group. If anyone
>> else wants to be added, they'll need to send email to request it for
>> the time being.

> Seems reasonable, at least as an interim measure. I doubt we benefit
> too much from "drive by" wiki edits.

Clarification please: is there a moderation queue in place now for edits
from non-editor users, or are they just summarily refused?

regards, tom lane

On Thu, Dec 17, 2015 at 11:32:56AM -0800, Peter Geoghegan wrote:
> On Thu, Dec 17, 2015 at 9:16 AM, Dave Page <dpage(at)pgadmin(dot)org> wrote:
> > Thanks - I've done something along those lines, and we've added the
> > active users from the last 30 days to a new editor group. If anyone
> > else wants to be added, they'll need to send email to request it for
> > the time being.
>
> Seems reasonable, at least as an interim measure. I doubt we benefit
> too much from "drive by" wiki edits.

We do get "drive by" wiki edits on the TODO page.

--
Bruce Momjian <bruce(at)momjian(dot)us> http://momjian.us
EnterpriseDB http://enterprisedb.com

+ As you are, so once was I. As I am, so you will be. +
+ Roman grave inscription +

On Thu, Dec 17, 2015 at 12:21 PM, Bruce Momjian <bruce(at)momjian(dot)us> wrote:
> We do get "drive by" wiki edits on the TODO page.

I thought that they had to be discussed on list, first?

--
Peter Geoghegan

On Thu, Dec 17, 2015 at 12:23:01PM -0800, Peter Geoghegan wrote:
> On Thu, Dec 17, 2015 at 12:21 PM, Bruce Momjian <bruce(at)momjian(dot)us> wrote:
> > We do get "drive by" wiki edits on the TODO page.
>
> I thought that they had to be discussed on list, first?

Yes, they are, but my point is that these are often new people who are
discussing these ideas. There is of course no rush for them to get on
to the TODO list permanently.

--
Bruce Momjian <bruce(at)momjian(dot)us> http://momjian.us
EnterpriseDB http://enterprisedb.com

+ As you are, so once was I. As I am, so you will be. +
+ Roman grave inscription +

> On 17 Dec 2015, at 19:38, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
>
> Peter Geoghegan <pg(at)heroku(dot)com> writes:
>>> On Thu, Dec 17, 2015 at 9:16 AM, Dave Page <dpage(at)pgadmin(dot)org> wrote:
>>> Thanks - I've done something along those lines, and we've added the
>>> active users from the last 30 days to a new editor group. If anyone
>>> else wants to be added, they'll need to send email to request it for
>>> the time being.
>
>> Seems reasonable, at least as an interim measure. I doubt we benefit
>> too much from "drive by" wiki edits.
>
> Clarification please: is there a moderation queue in place now for edits
> from non-editor users, or are they just summarily refused?

They are refused at present. I've yet to find a moderation facility.