[aprssig] APRS Wiki vandalism

scott at opentrac.org scott at opentrac.org
Tue May 1 19:43:55 EDT 2007


I'd be happy with a captcha or something if it'd keep out the bots and avoid manual validation.  How about a .wav file with a CW QSO that you've got to copy?  =]  Of course, I'd probably have to keep it down to about 5 wpm if I wanted to pass it myself!

Scott
N1VG
  _____  

From: Tom Russo [mailto:russo at bogodyn.org]
To: TAPR APRS Mailing List [mailto:aprssig at lists.tapr.org]
Sent: Tue, 01 May 2007 16:29:40 -0700
Subject: Re: [aprssig] APRS Wiki vandalism

On Mon, Apr 30, 2007 at 01:32:21PM -0700, we recorded a bogon-computron collision of the <scott at opentrac.org> flavor, containing:
> What would everyone think of migrating to MediaWiki if I can get it up and running?  I don't know if there's any automated content migration utility - it might take a lot of cut-and-paste.

I do prefer MediaWiki to the one we've got, but the real issue is that the
editing privileges need to be locked down so that bots can't vandalize it.  As
Tapio points out, once they find us, eventually it'll be a non-stop thing.  

MediaWiki does have a mode that requires email confirmation before allowing
editing, and can have a time-delay of hours or days before an account gets
those privileges.  It is also possible to have a set of permissions managed
by a sysop, and never automatically grant edit privileges.  That latter one
is where we went with the Xastir wiki, but perhaps the less drastic 
confirm-by-email-then-wait approach would be enough for the APRS wiki.

Seems to me that if we can do any of those things with Wikka Wakka Wiki then
changing the wiki software would not be necessary.  But moving without 
implementing user controls is pointless, too.

In the meantime, I've taken the liberty of adding links to the documentation
that explains how to revert bad edits in Wikka, so at least the instructions
are readily available.

> From: Tom Russo [mailto:russo at bogodyn.org]
> To: aprssig at lists.tapr.org
> Sent: Mon, 30 Apr 2007 13:23:23 -0700
> Subject: [aprssig] APRS Wiki vandalism
> 
> The APRS wiki at http://info.aprs.net/ appears to have been the victim of
> some hit-and-run script vandalism on 19 April 2007.
> 
> I've corrected a few of the utterly trivial changes (random removal of plus
> signs), but some pages have had almost all of their content removed, often
> everything following the first ampersand in the text:
> 
>   Thu, 19 Apr 2007:
>     (22:08 Pacific Daylight Time) [history] -  APRS  Rj3J0r
>     (21:54 Pacific Daylight Time) [history] -  Frequencies  Zn9P7y
>     (21:53 Pacific Daylight Time) [history] -  Paths  JbfXab
>     (11:35 Pacific Daylight Time) [history] -  ARHAB  GzhQjb
>     (10:59 Pacific Daylight Time) [history] -  APRS2ATM  JecJge
> 
> Unfortunately, the software that's running the wiki doesn't provide a simple
> revert mechanism that I can see, so fixing these pages to contain the useful
> information that used to be on them is tedious.
> 
> The Xastir wiki at http://www.xastir.org/ was also vandalized in April a few 
> days earlier in much the same way (random missing plus signs and all text 
> deleted after an ampersand) albeit more aggressively with dozens of vandalism 
> events over the span of a few days --- leading me to suspect some kind of 
> automated script by some folks with too much time on their hands.  We had to 
> lock down that wiki to restrict edit privileges.  
> 
> If anyone has the energy to fix up the broken pages, or point out a way that 
> "Wikka Wakka Wiki" can be told to revert to previous versions of a page to 
> undo these edits, have at it.


-- 
Tom Russo    KM5VY   SAR502   DM64ux          http://www.swcp.com/~russo/
Tijeras, NM  QRPL#1592 K2#398  SOC#236 AHTB#1 http://kevan.org/brain.cgi?DDTNM
"And, isn't sanity really just a one-trick pony anyway? I mean all you get is
 one trick, rational thinking, but when you're good and crazy, oooh, oooh,
 oooh, the sky is the limit!"  --- The Tick

_______________________________________________
aprssig mailing list
aprssig at lists.tapr.org
https://lists.tapr.org/cgi-bin/mailman/listinfo/aprssig
  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.tapr.org/pipermail/aprssig_lists.tapr.org/attachments/20070501/8dc50e4a/attachment.html>


More information about the aprssig mailing list