On 12/16/2015 08:24 PM, Stefan Kaltenbrunner wrote:
> On 12/16/2015 07:53 PM, Tom Lane wrote:
>> Stefan Kaltenbrunner <stefan@kaltenbrunner.cc> writes:
>>>> we are currently working on reverting the entire wiki back to a state
>>>> before the attack from system backups because it does not seem sensible
>>>> to try to revert this in piece meal style.
>>
>>> we have now restored a backup from ~2015-12-15 05:00:37 UTC (later
>>> backups already had spam traces in it) - th wiki is live again, user
>>> account signup for the entire community account system is still disabled
>>> until we have a better plan to deal with this crap.
>>
>> "Recent changes" log says there's still at least one active spammer
>> account.
>
> yeah thanks for letting us know - the problem is that it looks like the
> spammers have pre-created (but not "used" until very recently) a lot of
> accounts in the community account system over the last few days (if not
> for much longer) and it is not really obvious which ones are "bad" and
> which ones are not - we keep working on it :(
I think we have it under control now - we have disabled ~200
"suspicious" community accounts, restored a backup of the wiki from ~36h
ago and nuked all the session data from the community auth system and
the wiki to prevent users from reusing existing sessions.
That seems to stablized the situation for now but community auth account
creation is still disabled.
We are currently discussion further actions which will likely involve
adding additional verification for community auth signup and maybe for
posting to the wiki. We are also looking into restoring the handful of
"valid" changes to the wiki between the time of the backup and the time
we restored it.
Stefan