WHO managed to take the WEB-Site down?
Re: WHO managed to take the WEB-Site down?
SPAM on Wiki!
LeandraduBreinlwb ⇒ LeandraduBreinlwb [simply my profile webpage. Hope noone minds.]
TerriecgMcGuinnessdl ⇒ TerriecgMcGuinnessdl [simply a profile page.]
LeandraduBreinlwb ⇒ LeandraduBreinlwb [simply my profile webpage. Hope noone minds.]
TerriecgMcGuinnessdl ⇒ TerriecgMcGuinnessdl [simply a profile page.]
Re: WHO managed to take the WEB-Site down?
The development of the Wiki system has been nearly stopped years ago, so I guess there are quite a lot of open security issues with the system. (There is only a single developer since 2007 and the last commit was last year in August!) Furthermore registration to the second Wiki installation is open to anybody without captcha (or anything similar) or even without e-mail confirmation. It allows immediate edits by anyone. Clearly that alltogether makes it very easy for spammers.fxm wrote:SPAM on Wiki!
Re: WHO managed to take the WEB-Site down?
This continues!fxm wrote:SPAM on Wiki!
LeandraduBreinlwb ⇒ LeandraduBreinlwb [simply my profile webpage. Hope noone minds.]
TerriecgMcGuinnessdl ⇒ TerriecgMcGuinnessdl [simply a profile page.]
BebenrDentuq ⇒ BebenrDentuq [This is simply my profile page.]
[edit]
And now is the avalanche!
Re: WHO managed to take the WEB-Site down?
It gets worse (permanent "spamering" one page each minute: see at http://www.freebasic.net/wiki/wikka.php ... entChanges)!
I think one should do something to further restrict write access (allow reliable people only?).
I think one should do something to further restrict write access (allow reliable people only?).
Re: WHO managed to take the WEB-Site down?
Should be fixed now (I hope).
Re: WHO managed to take the WEB-Site down?
It's seems that you have forbidden any new registration?
In any case, it works for now.
In any case, it works for now.
Re: WHO managed to take the WEB-Site down?
Yesterday I've noticed (due to a PHP error) that the server was attacked again (obfuscated PHP injected into many php files of the forum and wiki2 at least). So yesterday and today I spent time cleaning this up again. I don't know how it happened [again]. Drupal is gone, phpBB forum was almost up-to-date. So I guess the old wiki is the problem.
So, I have:
- updated the phpBB forum to latest version (there was a new release in the last week)
- removed the old Wikka wiki version (I think it was from 2005)
- installed the latest Wikka wiki release
It required some debugging & adjusting to get the latest Wikka version working with FB-specific modifications, but I hope everything is basically working now. I remember there were some issues the first time we set it up as "wiki2" for testing, like broken table formatting, so we'll have to see how we can deal with that while keeping the fbdoc tool up-to-date for parsing the wakka files. Also, I've disabled user registration on the wiki, because it was quickly spammed by bots.
Besides that I suppose we'll just have to keep an eye on the server, to see whether something bad happens again.
So, I have:
- updated the phpBB forum to latest version (there was a new release in the last week)
- removed the old Wikka wiki version (I think it was from 2005)
- installed the latest Wikka wiki release
It required some debugging & adjusting to get the latest Wikka version working with FB-specific modifications, but I hope everything is basically working now. I remember there were some issues the first time we set it up as "wiki2" for testing, like broken table formatting, so we'll have to see how we can deal with that while keeping the fbdoc tool up-to-date for parsing the wakka files. Also, I've disabled user registration on the wiki, because it was quickly spammed by bots.
Besides that I suppose we'll just have to keep an eye on the server, to see whether something bad happens again.
Re: WHO managed to take the WEB-Site down?
Hm, I hope that the old wiki was indeed the problem and future attacks won't be successful with the new software versions.Thank you dkl for keeping this websites clean and safe.
Are there server logs available to find out the problem? If the problems remain with the new Wiki and Forum versions, maybe the server software (PHP, webserver, OS, database, ...) is vulnerable?
Btw, what has happened to the FreeBasic Code Archive, once available at http://www.freebasic.net/arch ?
Is there some backup available? Are there plans to bring it / its contents back online at some time?
Are there server logs available to find out the problem? If the problems remain with the new Wiki and Forum versions, maybe the server software (PHP, webserver, OS, database, ...) is vulnerable?
Btw, what has happened to the FreeBasic Code Archive, once available at http://www.freebasic.net/arch ?
Is there some backup available? Are there plans to bring it / its contents back online at some time?
Re: WHO managed to take the WEB-Site down?
I'm not sure, but from what I've seen, we only have access to our /home on the server - but the OS and server software is managed by the hoster.
The arch site was removed long ago with the original front page, I'm not even sure why. I have a backup, yes. But I don't know anyone having plans to bring it back and maintain it (or something similar). Afterall, not only do you have to keep the site up-to-date, the uploads must be checked/moderated and kept working too. We don't even have bug tracker and fbc downloads on this server.
The arch site was removed long ago with the original front page, I'm not even sure why. I have a backup, yes. But I don't know anyone having plans to bring it back and maintain it (or something similar). Afterall, not only do you have to keep the site up-to-date, the uploads must be checked/moderated and kept working too. We don't even have bug tracker and fbc downloads on this server.
Re: WHO managed to take the WEB-Site down?
In some code windows of the new wiki, the symbol ':' is displayed as '\:' (see for example KeyPgVisPrivate), but the internal code is correct.
(perhaps only for Public: or Protected: or Private:)
(perhaps only for Public: or Protected: or Private:)
Re: WHO managed to take the WEB-Site down?
A few traces remain:dkl wrote:Also, I've disabled user registration on the wiki, because it was quickly spammed by bots.
AdminUsers
Re: WHO managed to take the WEB-Site down?
Probably there have been also security issues and/or it wasn't really actively used anymore? - but this is just speculation. I asked because I saw you removed links to it from the wiki and wondered whether there is some valuable content in the archive that would be worth to preserve?dkl wrote:The arch site was removed long ago with the original front page, I'm not even sure why. I have a backup, yes. But I don't know anyone having plans to bring it back and maintain it (or something similar). Afterall, not only do you have to keep the site up-to-date, the uploads must be checked/moderated and kept working too. We don't even have bug tracker and fbc downloads on this server.
The archive is somehow related to the problem of people using external hosters, which go down after a while and maybe valuable content is lost.
btw regarding spam on the wiki: the comment listed here (only visible when logged in) looks suspicious to me:
http://www.freebasic.net/wiki/wikka.php ... yCommented
Re: WHO managed to take the WEB-Site down?
@dkl:fxm wrote:In some code windows of the new wiki, the symbol ':' is displayed as '\:' (see for example KeyPgVisPrivate), but the internal code is correct.
(perhaps only for Public: or Protected: or Private:)
- This display problem seems to only occur with the names of the member access rights (Public, Protected, Private).
- A workaround consisting to insert a space before ':' works both for the wiki display and any code compilation.
Many wiki pages are impacted:
- KeyPgOperator
- KeyPgOpLet
- KeyPgVisPrivate
- KeyPgVisProtected
- KeyPgVisPublic
- KeyPgStaticMember
- KeyPgExtends
- KeyPgOpStep
- ProPgProperties
- TutBeginnersGuideToTypesAsObjects
- TutBeginnersGuideToTypesAsObjects2
- TutSimPolymorphism
- TutIntroExtType
If the correction of this display problem is not immediate in wiki, is it better to add this space in the concerned wiki codes?
Re: WHO managed to take the WEB-Site down?
That sounds like a problem with the code highlighting or similar, so it should be fixed in the wiki software. I might be able to take a look at it next weekend.
I've already noticed that the new wiki's formatting behaves a bit differently with regards to the indentation rules for paragraphs and lists and such (it was always a bit weird in the old version anyways). I think we'll have to fix those issues on the content side, not in the wiki software. Unless that would break the formatting with fbdoc of course (i.e. it needs to be tested).
I've already noticed that the new wiki's formatting behaves a bit differently with regards to the indentation rules for paragraphs and lists and such (it was always a bit weird in the old version anyways). I think we'll have to fix those issues on the content side, not in the wiki software. Unless that would break the formatting with fbdoc of course (i.e. it needs to be tested).