Re: [Hampshire] Wiki broken?

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
MChris Dennis at <-
MTim Brocklehurst at ->

Reply to this message
Author: Michael James Daffin
Date:  
To: Hampshire LUG Discussion List
Subject: Re: [Hampshire] Wiki broken?
Be wary about this, it is common for crackers to break into a site and
leave backdoors on the site to be sold/exploited later.

This could be an indication of that.
On Nov 9, 2012 4:13 PM, "Chris Dennis" <cgdennis@???> wrote:

> On 08/11/12 18:31, Chris Dennis wrote:
>
>> On 05/11/12 21:31, Alan Bell wrote:
>>
>>> On 05/11/12 15:46, Chris Dennis wrote:
>>>
>>>>
>>>> Yes. Adam had to shut down most access to the wiki because of all the
>>>> spam. And my very brief reading of the MoinMoin documentation
>>>> suggests that the system wasn't designed to be secure: it's open to
>>>> either everyone or no-one (except for 'superusers'). If I'm wrong
>>>> about that, please let me know.
>>>>
>>> you can actually do quite a lot of access control stuff with moin
>>> http://hants.lug.org.uk/wiki/**HelpOnAccessControlLists<http://hants.lug.org.uk/wiki/HelpOnAccessControlLists>
>>> check out the various examples of ways you can configure a site for
>>> different scenarios, basically you end up creating pages with bulleted
>>> lists of people to make groups:
>>> http://hants.lug.org.uk/wiki/**HelpOnGroups<http://hants.lug.org.uk/wiki/HelpOnGroups>
>>> like this one but you can create more
>>> http://hants.lug.org.uk/wiki/**AdminGroup<http://hants.lug.org.uk/wiki/AdminGroup>
>>> then use the group names (that is their wiki page names) in ACLs
>>>
>>
>> Aha! Thanks for those hints, Alan. I now understand a bit more about
>> MoinMoin.
>>
>> So, this is the plan. I've re-enabled new accounts, which means that
>> anyone can create an account. BUT, only users who are members of the
>> 'editors' group can change things. If you want to be an editor, create
>> an account, and let me know your user name by sending an email to
>> webmaster@???.
>>
>
> Hmmm... Less that 24 hours later, about 50 random user names have
> appeared in the wiki's list of users. No pages have been hacked, but it's
> a bit of a worry...
>
> --
> Chris Dennis                                  cgdennis@???
> Fordingbridge, Hampshire, UK

>
> --
> Please post to: Hampshire@???
> Web Interface: https://mailman.lug.org.uk/**mailman/listinfo/hampshire<https://mailman.lug.org.uk/mailman/listinfo/hampshire>
> LUG URL: http://www.hantslug.org.uk
> ------------------------------**------------------------------**--
>
--
Please post to: Hampshire@???
Web Interface: https://mailman.lug.org.uk/mailman/listinfo/hampshire
LUG URL: http://www.hantslug.org.uk
--------------------------------------------------------------
This message was posted to the following mailing lists:
Hampshire LUG
Mailing List Info | Nearby Messages		<-Re: [Hampshire] Ubuntu UnityRe: [Hampshire] Ubuntu Unity->
Hampshire LUG Mailing List Archive administrated by WebmasterLurker (version 2.3)