User talk:MZMcBride/Attacks

Deletion
I may request a deletion of this page because it does nothing but teach people how to do harm to Wikipedia.

Themaeeandhisfriend 19:41, 28 February 2009 (UTC)

Same here. NonvocalScream 16:37, 5 April 2009 (UTC)

It would be nice if you didn't deliberately drama-whore like this, MZMcBride. —Simetrical (talk • contribs) 16:39, 5 April 2009 (UTC)

Restored page
I just restored this page (and its talk page, obviously). I don't really remember the specifics of it being deleted (my deletion summary was "user request"). I don't believe I'm breaking any promises to anyone by restoring the page, but if I am, please let me know and I'll try to make it right.

Why the restore? I think the page is a good starting point on a broader page about how to attack a MediaWiki wiki. Most of the current content is going to be sub-sectioned into an "With an admin account" section. Plenty of damage is possible without an admin account. --MZMcBride (talk) 19:59, 18 March 2012 (UTC)

Page organization
I'm not sure if the page should be organized by account type or if it should be a flater list with a better table of contents/index (and maybe an infobox per section?). Dunno. Hmmm. --MZMcBride (talk) 21:02, 18 March 2012 (UTC)

Interesting
Most of these attacks are meh. (Sure mediawiki:Signature messing could make a mess, and is certainly cleaver. But why both with that if you can mess with mediawiki:Common.js. Privileged users can do damage, hence the reason we only give those rights to privileged folks), but some are interesting: Bawolff (talk) 23:50, 18 March 2012 (UTC)
 * Protip: sometimes the pages don't even end in .js, so you may not even need an admin account to exploit this. that's really scary to think about.
 * Merge page histories - That's quite creative. But if you have admin you can do things much worst that are much harder to cleanup.
 * there are comments that say that moving a page and then immediately trying to delete it will work Really? I don't understand how that could be (unless you hit a race condition of some sort, but i doubt people are that fast). When you move a page, the revisions do not get moved. Only the page title in the db gets changed (2 fields). Guess this is something I should try out on my own wiki to double check.
 * Increase server load - meh increasing the job queue load won't affect users that much (at least in wikipedia's set up). For the special:contribs point, I can think of things so much worst then that, but I won't mention.