On Wed, Jul 28, 2010 at 12:11 PM, Hiram Clawson <[email protected]> wrote:
> Good Morning MediaWiki Fans: > Our wiki site suffered a spam attack this weekend. (version 1.13.0) The > attack evidently had some method to work-around the new account Captcha barrier, and the authorized user email allowed to edit setting. I'm curious if anyone else has encountered such attacks and if there are new ways to block bogus account creation. > --Hiram We suffered such an attack and fortunately had OpenID login installed and so decided to disable native wiki account creation with this in LocalSettings.php # Prevent new user registrations except by sysops $wgGroupPermissions['*']['createaccount'] = false; Then updated http://wiki.sugarlabs.org/go/MediaWiki:Loginprompt to suggest that new users create accounts with an OpenID. This has prevented the spam, but the server and database may still be under attack. --Fred _______________________________________________ MediaWiki-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
