WHO managed to take the WEB-Site down?

General discussion for topics related to the FreeBASIC project or its community.
fxm
Moderator
Posts: 12082
Joined: Apr 22, 2009 12:46
Location: Paris suburbs, FRANCE

Re: WHO managed to take the WEB-Site down?

Post by fxm »

SPAM on Wiki!
LeandraduBreinlwb ⇒ LeandraduBreinlwb [simply my profile webpage. Hope noone minds.]
TerriecgMcGuinnessdl ⇒ TerriecgMcGuinnessdl [simply a profile page.]
St_W
Posts: 1619
Joined: Feb 11, 2009 14:24
Location: Austria
Contact:

Re: WHO managed to take the WEB-Site down?

Post by St_W »

fxm wrote:SPAM on Wiki!
The development of the Wiki system has been nearly stopped years ago, so I guess there are quite a lot of open security issues with the system. (There is only a single developer since 2007 and the last commit was last year in August!) Furthermore registration to the second Wiki installation is open to anybody without captcha (or anything similar) or even without e-mail confirmation. It allows immediate edits by anyone. Clearly that alltogether makes it very easy for spammers.
fxm
Moderator
Posts: 12082
Joined: Apr 22, 2009 12:46
Location: Paris suburbs, FRANCE

Re: WHO managed to take the WEB-Site down?

Post by fxm »

fxm wrote:SPAM on Wiki!
LeandraduBreinlwb ⇒ LeandraduBreinlwb [simply my profile webpage. Hope noone minds.]
TerriecgMcGuinnessdl ⇒ TerriecgMcGuinnessdl [simply a profile page.]
This continues!
BebenrDentuq ⇒ BebenrDentuq [This is simply my profile page.]

[edit]
And now is the avalanche!
fxm
Moderator
Posts: 12082
Joined: Apr 22, 2009 12:46
Location: Paris suburbs, FRANCE

Re: WHO managed to take the WEB-Site down?

Post by fxm »

It gets worse (permanent "spamering" one page each minute: see at http://www.freebasic.net/wiki/wikka.php ... entChanges)!
I think one should do something to further restrict write access (allow reliable people only?).
v1ctor
Site Admin
Posts: 3804
Joined: May 27, 2005 8:08
Location: SP / Bra[s]il
Contact:

Re: WHO managed to take the WEB-Site down?

Post by v1ctor »

Should be fixed now (I hope).
fxm
Moderator
Posts: 12082
Joined: Apr 22, 2009 12:46
Location: Paris suburbs, FRANCE

Re: WHO managed to take the WEB-Site down?

Post by fxm »

It's seems that you have forbidden any new registration?
In any case, it works for now.
dkl
Site Admin
Posts: 3235
Joined: Jul 28, 2005 14:45
Location: Germany

Re: WHO managed to take the WEB-Site down?

Post by dkl »

Yesterday I've noticed (due to a PHP error) that the server was attacked again (obfuscated PHP injected into many php files of the forum and wiki2 at least). So yesterday and today I spent time cleaning this up again. I don't know how it happened [again]. Drupal is gone, phpBB forum was almost up-to-date. So I guess the old wiki is the problem.

So, I have:
- updated the phpBB forum to latest version (there was a new release in the last week)
- removed the old Wikka wiki version (I think it was from 2005)
- installed the latest Wikka wiki release

It required some debugging & adjusting to get the latest Wikka version working with FB-specific modifications, but I hope everything is basically working now. I remember there were some issues the first time we set it up as "wiki2" for testing, like broken table formatting, so we'll have to see how we can deal with that while keeping the fbdoc tool up-to-date for parsing the wakka files. Also, I've disabled user registration on the wiki, because it was quickly spammed by bots.

Besides that I suppose we'll just have to keep an eye on the server, to see whether something bad happens again.
MrSwiss
Posts: 3910
Joined: Jun 02, 2013 9:27
Location: Switzerland

Re: WHO managed to take the WEB-Site down?

Post by MrSwiss »

@dkl,

latest reviews on Wiki in Topic "the new look forum" ...
St_W
Posts: 1619
Joined: Feb 11, 2009 14:24
Location: Austria
Contact:

Re: WHO managed to take the WEB-Site down?

Post by St_W »

Hm, I hope that the old wiki was indeed the problem and future attacks won't be successful with the new software versions.Thank you dkl for keeping this websites clean and safe.

Are there server logs available to find out the problem? If the problems remain with the new Wiki and Forum versions, maybe the server software (PHP, webserver, OS, database, ...) is vulnerable?

Btw, what has happened to the FreeBasic Code Archive, once available at http://www.freebasic.net/arch ?
Is there some backup available? Are there plans to bring it / its contents back online at some time?
dkl
Site Admin
Posts: 3235
Joined: Jul 28, 2005 14:45
Location: Germany

Re: WHO managed to take the WEB-Site down?

Post by dkl »

I'm not sure, but from what I've seen, we only have access to our /home on the server - but the OS and server software is managed by the hoster.

The arch site was removed long ago with the original front page, I'm not even sure why. I have a backup, yes. But I don't know anyone having plans to bring it back and maintain it (or something similar). Afterall, not only do you have to keep the site up-to-date, the uploads must be checked/moderated and kept working too. We don't even have bug tracker and fbc downloads on this server.
fxm
Moderator
Posts: 12082
Joined: Apr 22, 2009 12:46
Location: Paris suburbs, FRANCE

Re: WHO managed to take the WEB-Site down?

Post by fxm »

In some code windows of the new wiki, the symbol ':' is displayed as '\:' (see for example KeyPgVisPrivate), but the internal code is correct.
(perhaps only for Public: or Protected: or Private:)
fxm
Moderator
Posts: 12082
Joined: Apr 22, 2009 12:46
Location: Paris suburbs, FRANCE

Re: WHO managed to take the WEB-Site down?

Post by fxm »

dkl wrote:Also, I've disabled user registration on the wiki, because it was quickly spammed by bots.
A few traces remain:
AdminUsers
St_W
Posts: 1619
Joined: Feb 11, 2009 14:24
Location: Austria
Contact:

Re: WHO managed to take the WEB-Site down?

Post by St_W »

dkl wrote:The arch site was removed long ago with the original front page, I'm not even sure why. I have a backup, yes. But I don't know anyone having plans to bring it back and maintain it (or something similar). Afterall, not only do you have to keep the site up-to-date, the uploads must be checked/moderated and kept working too. We don't even have bug tracker and fbc downloads on this server.
Probably there have been also security issues and/or it wasn't really actively used anymore? - but this is just speculation. I asked because I saw you removed links to it from the wiki and wondered whether there is some valuable content in the archive that would be worth to preserve?

The archive is somehow related to the problem of people using external hosters, which go down after a while and maybe valuable content is lost.


btw regarding spam on the wiki: the comment listed here (only visible when logged in) looks suspicious to me:
http://www.freebasic.net/wiki/wikka.php ... yCommented
fxm
Moderator
Posts: 12082
Joined: Apr 22, 2009 12:46
Location: Paris suburbs, FRANCE

Re: WHO managed to take the WEB-Site down?

Post by fxm »

fxm wrote:In some code windows of the new wiki, the symbol ':' is displayed as '\:' (see for example KeyPgVisPrivate), but the internal code is correct.
(perhaps only for Public: or Protected: or Private:)
@dkl:

- This display problem seems to only occur with the names of the member access rights (Public, Protected, Private).
- A workaround consisting to insert a space before ':' works both for the wiki display and any code compilation.

Many wiki pages are impacted:
- KeyPgOperator
- KeyPgOpLet
- KeyPgVisPrivate
- KeyPgVisProtected
- KeyPgVisPublic
- KeyPgStaticMember
- KeyPgExtends
- KeyPgOpStep
- ProPgProperties
- TutBeginnersGuideToTypesAsObjects
- TutBeginnersGuideToTypesAsObjects2
- TutSimPolymorphism
- TutIntroExtType

If the correction of this display problem is not immediate in wiki, is it better to add this space in the concerned wiki codes?
dkl
Site Admin
Posts: 3235
Joined: Jul 28, 2005 14:45
Location: Germany

Re: WHO managed to take the WEB-Site down?

Post by dkl »

That sounds like a problem with the code highlighting or similar, so it should be fixed in the wiki software. I might be able to take a look at it next weekend.

I've already noticed that the new wiki's formatting behaves a bit differently with regards to the indentation rules for paragraphs and lists and such (it was always a bit weird in the old version anyways). I think we'll have to fix those issues on the content side, not in the wiki software. Unless that would break the formatting with fbdoc of course (i.e. it needs to be tested).
Post Reply