The Flat Earth Society

The Flat Earth Society => Suggestions & Concerns => Topic started by: Tom Bishop on October 15, 2022, 05:06:06 PM

Title: Wiki Vandalism
Post by: Tom Bishop on October 15, 2022, 05:06:06 PM
There is an account which blanked out many of the pages on https://wiki.tfes.org, including the front page. Can we please restore and ban this account. It may be that they got in without authentication since the account name is an IP.
Title: Re: Wiki Vandalism
Post by: Pete Svarrior on October 15, 2022, 05:29:35 PM
Wow, that's emabrrassing.

For now, the edits have been reverted. However, considering that the Wiki is not supposed to be editable by unregistered users, this is indicative of a potential vulnerability in our MediaWiki instance.

I will temporarily disable editing altogether while we investigate.
Title: Re: Wiki Vandalism
Post by: Pete Svarrior on October 15, 2022, 05:55:02 PM
I think I've found and addressed the root cause. We'll need to dig in deeper before we consider this closed. If I'm right, then there is no need for us to keep edits on lockdown, but I'd like to play it safe for the moment.

We should be able to bring people's edit rights back tomorrow. straight away.
Title: Re: Wiki Vandalism
Post by: Pete Svarrior on October 15, 2022, 06:33:20 PM
OK; I'm reasonably confident that I've found and addressed the issue.

This was likely a script kiddie abusing https://www.mediawiki.org/wiki/2021-12_security_release/FAQ and us being idiots who don't update software in a timely manner. I've ported the relevant fixes into our installation for now; we'll look at bringing MediaWiki up to date soon.

Edit rights should be restored.
Title: Re: Wiki Vandalism
Post by: Pete Svarrior on October 16, 2022, 12:33:40 PM
My quick-and-dirty fix from yesterday has now been replaced with a proper MediaWiki update. Panic over.

As is usually the case with MediaWiki updates, it probably broke something somewhere. I've given it a once-over and everything seems fine, but if you notice any fires, let me know.