[Moin-user] Wiki Page corruption

Peter Watson Peter.Watson at mrc-cbu.cam.ac.uk
Tue Jul 10 11:27:58 EDT 2012 

Many thanks one and all. Some good news...As a result of our discussions this morning our superuser had a check at the config settings and this afternoon told me that he had found a typo putting the wrong letter in the authorisation code. It had actually been set up for anyone to edit the wiki pages which he inadvertently changed during an edit of the config file some weeks ago! By changing this one letter back to what it should be he now thinks secure editing rights have been restored.

So it looks like the spamming has been stopped. Phew! 

I have noted down all your wise words if help is needed again. It is most reassuring to know that if anything goes amiss there is help available out there,

With best wishes

Peter


---------------------------------------------------------------------

Peter Watson
MRC Cognition and Brain Sciences Unit
15 Chaucer Road
Cambridge
CB2 7EF

Direct line:  +44 (0)1223 273712 
Line (via reception): +44 (0)1223 355294 x801
Fax:  +44 (0)1223 359062


-----Original Message-----
From: Reimar Bauer [mailto:rb.proj at gmail.com] 
Sent: 10 July 2012 14:38
To: moin-user at lists.sourceforge.net
Subject: Re: [Moin-user] Wiki Page corruption

Hi

you can get the Wikis Version by reading the page SystemInfo on your wiki.

The history of all Security Fixes to the MoinMoin Wiki Software can be looked up from http://moinmo.in/SecurityFixes

If you have a very old version you should hand that page also to your IT department and of course ask for upgrade then,

We provide a migration script for all wiki content to a newer version.
But if you have own code added in your wiki which is not yet updated, see http://moinmo.in/CategoryMarket that will need modifications too.

Also we offer lots of different possibilities for Support http://moinmo.in/Support and try to help whenever possible.

You are welcome

cheers
Reimar

Am 10.07.2012 14:41, schrieb Paul Boddie:
> On Tuesday 10 July 2012 13:49:52 Peter Watson wrote:
>> Many thanks Reimar. I should point out I am not a developer but a 
>> moinmoin wiki user so am not familiar with the behind the scenes 
>> python workings but do do a lot of editing of pages! There is no 
>> common user sending the spam (the spamming users are identified by 
>> different numbers and a lot seem to come from USA). The word http is 
>> in all the spamming but we do add http links to some of our pages so 
>> wouldn't want to disable that so I am not sure BadContent would work 
>> but the TextChas sound interesting which as I understand it prompt 
>> the user with a one-answer question to authorise page saving.
> 
> TextChas only affect users who are not regarded as trusted, so you can 
> avoid annoying your regular users by putting them in a special group. 
> Meanwhile, the BadContent mechanism blacklists URLs used by spammers. 
> Although it isn't completely effective, it will stop widely observed 
> spam messages provided that the master list is kept up-to-date. 
> Otherwise, you can use LocalBadContent to identify spam URLs, but this can be exhausting work.
> 
> If your Wiki isn't meant to be publicly editable or has a restricted 
> editing group, you may wish to enforce restrictions on registration 
> and editing. Some people deploy Wikis thinking that it is somehow 
> "against the Wiki way" to impose restrictions on editing: this is 
> nonsense and rather irresponsible, too, given the nature of the Internet today.
> 
>> I have passed your suggestion onto the IT and wiki superuser here for 
>> their thoughts. I am not sure of the moinmoin version we have but we 
>> have had this since at least 2006 and it uses valid HTML 4.01 and the 
>> moinmoin link we have links to an out-of-date URL 
>> http://moinmoin.wikiwikiweb.de/ so I am guessing it is quite an old one.
> 
> I'm sure people on this list will be happy to offer any advice to you 
> or your IT administration about securing your Wiki. I feel that 
> MoinMoin should probably be deployed in a "hardened" state by default, 
> which I don't think it currently is, so no-one should feel bad about 
> asking for advice on the matter.
> 
> Paul
> 
> ----------------------------------------------------------------------
> --------
> Live Security Virtual Conference
> Exclusive live event will cover all the ways today's security and 
> threat landscape has changed and how IT managers can respond. 
> Discussions will include endpoint security, mobile security and the 
> latest in malware threats. 
> http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
> 




------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Moin-user mailing list
Moin-user at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/moin-user

More information about the Moin-user mailing list