*

Offline Tom Bishop

  • Zetetic Council Member
  • **
  • Posts: 10842
  • Flat Earth Believer
    • View Profile
Wiki Vandalism
« on: October 15, 2022, 05:06:06 PM »
There is an account which blanked out many of the pages on https://wiki.tfes.org, including the front page. Can we please restore and ban this account. It may be that they got in without authentication since the account name is an IP.
« Last Edit: October 15, 2022, 05:12:00 PM by Tom Bishop »

*

Offline Pete Svarrior

  • e
  • Planar Moderator
  • *****
  • Posts: 16321
  • (◕˽ ◕ ✿)
    • View Profile
Re: Wiki Vandalism
« Reply #1 on: October 15, 2022, 05:29:35 PM »
Wow, that's emabrrassing.

For now, the edits have been reverted. However, considering that the Wiki is not supposed to be editable by unregistered users, this is indicative of a potential vulnerability in our MediaWiki instance.

I will temporarily disable editing altogether while we investigate.
Read the FAQ before asking your question - chances are we already addressed it.
Follow the Flat Earth Society on Twitter and Facebook!

If we are not speculating then we must assume

*

Offline Pete Svarrior

  • e
  • Planar Moderator
  • *****
  • Posts: 16321
  • (◕˽ ◕ ✿)
    • View Profile
Re: Wiki Vandalism
« Reply #2 on: October 15, 2022, 05:55:02 PM »
I think I've found and addressed the root cause. We'll need to dig in deeper before we consider this closed. If I'm right, then there is no need for us to keep edits on lockdown, but I'd like to play it safe for the moment.

We should be able to bring people's edit rights back tomorrow. straight away.
« Last Edit: October 15, 2022, 06:30:18 PM by Pete Svarrior »
Read the FAQ before asking your question - chances are we already addressed it.
Follow the Flat Earth Society on Twitter and Facebook!

If we are not speculating then we must assume

*

Offline Pete Svarrior

  • e
  • Planar Moderator
  • *****
  • Posts: 16321
  • (◕˽ ◕ ✿)
    • View Profile
Re: Wiki Vandalism
« Reply #3 on: October 15, 2022, 06:33:20 PM »
OK; I'm reasonably confident that I've found and addressed the issue.

This was likely a script kiddie abusing https://www.mediawiki.org/wiki/2021-12_security_release/FAQ and us being idiots who don't update software in a timely manner. I've ported the relevant fixes into our installation for now; we'll look at bringing MediaWiki up to date soon.

Edit rights should be restored.
Read the FAQ before asking your question - chances are we already addressed it.
Follow the Flat Earth Society on Twitter and Facebook!

If we are not speculating then we must assume

*

Offline Pete Svarrior

  • e
  • Planar Moderator
  • *****
  • Posts: 16321
  • (◕˽ ◕ ✿)
    • View Profile
Re: Wiki Vandalism
« Reply #4 on: October 16, 2022, 12:33:40 PM »
My quick-and-dirty fix from yesterday has now been replaced with a proper MediaWiki update. Panic over.

As is usually the case with MediaWiki updates, it probably broke something somewhere. I've given it a once-over and everything seems fine, but if you notice any fires, let me know.
Read the FAQ before asking your question - chances are we already addressed it.
Follow the Flat Earth Society on Twitter and Facebook!

If we are not speculating then we must assume