A couple of days ago I started noticing a lot of comments from the comment plugin putting in the ole spam to the wiki. Strippers strippers strippers! And vitamins too!
Then I noticed that if one wanted to add a new page, it would automatically put one to the AddCommentPlugin page - no new pages! It was a battle between my bot and their bot for deleting and adding comment pages. I have a suspicion they had it set up like that so their bot could simply add pages by hitting the site with any name and have an expected input box there.
I re-installed the old stuff I had tucked in the corner and it is working OK for now - as well firewalled the IPs that were spamming. I figure one of them were the trouble maker.
I am doing a more detailed forensic exam and hopefully will come up with something to what they are pulling off.
Heads up!
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I know, I know - it is plenty old.
A couple of days ago I started noticing a lot of comments from the comment plugin putting in the ole spam to the wiki. Strippers strippers strippers! And vitamins too!
Then I noticed that if one wanted to add a new page, it would automatically put one to the AddCommentPlugin page - no new pages! It was a battle between my bot and their bot for deleting and adding comment pages. I have a suspicion they had it set up like that so their bot could simply add pages by hitting the site with any name and have an expected input box there.
I re-installed the old stuff I had tucked in the corner and it is working OK for now - as well firewalled the IPs that were spamming. I figure one of them were the trouble maker.
I am doing a more detailed forensic exam and hopefully will come up with something to what they are pulling off.
Heads up!
Every wiki version has "security problems", because the default
settings is to allow anybody to post. AntiSpam measures have to
be enabled.
1.3.11 already has ENABLE_CAPTCHA and ENABLE_SPAMASSASSIN.
You can also simply disable RPC2.php, plugin/AddComment.php, plugin/WikiBlog.php.
Esp. when fighting against bots.
I removed AddComment WikiBlog scripts from the plugin directory, I assume that's how to disable?
How do you disable RPC2.php? Should I just remove it, code inside seems to indicate it's depreicated, do what exactly should be done here?