Re: wiki on linixtv.org locked

["H. Langos" <henrik-dvb@prak.org>]

hi johannes,

thank you for your quick reply.

On Mon, Apr 27, 2009 at 07:37:41PM +0200, Johannes Stezenbach wrote:
> On Mon, Apr 27, 2009 at 06:43:21PM +0200, H. Langos wrote:
> > 
> > Yesterday a stupid kid vandalized a bunch of pages on the linuxtv wiki and 
> > a sysop locked to database to undo the damage. 
> ...
> The damage was done by a bot script and it affected as many pages
> as the edit rate limiter would allow it to do until I noticed it.
> If you search for "GRAWP'S MASSIVE" you'll see this is not
> limited to linuxtv.org.

ah, ok ..  so it is a stupid kid with scripting knowledge. :-)

> > Anyway .. Now, after about 24h the wiki is still locked.
> > Any reason for that?
> 
> It is locked until I had time to take measures to prevent
> similar damage from happening again right away. I'm
> open to suggestions if someone has experience with this.

first of all. please, replace "sigh..." with a more informative locking
message. 

the next step would be to update the mediwiki software to 1.11.1 if you have
$wgEnableAPI = true, that is. (i know it is only a XSS that hits internet 
explorer users ..  but hey, they are people, too ;-)

if i remember right, the linuxtv wiki only allows editing to registered 
users. therefore you could simply temporarily disable new user registration
and enable editing again for registered users.

then i'd suggest installing the reCAPTCHA extention. not only will it
prevent bots from registering, you also help to digitize old books.

http://recaptcha.net/plugins/mediawiki/

with that in place you can re-enable new user registration. you can even 
make logins optional and require captcha solving for anonymous edits. this
would probably improve the wiki in general as new users would not jump through 
yet another loop just in order to help other users... i know, new users can
cost more time than they are worth but hope springs eternaly :-)

cheers
-henrik