I deactivate (i supose) all users privileges except "read" (with "false" indication). I eliminate "autoconfirmed" in the $wgRestrictionLevels, and $wgImplicitGroups... but it continues the massive editing os spammers (http://instantaneo.es/wiki/index.php?title=Especial:P%C3%A0gines_noves) even of the non-users. I modified DefaultSettings and LocalSettings, but.... no longer that I can more do!
MediaWiki 1.6, Apache 2.2.22 PHP 5.2.17 MySQL 5.1.66-cll
Oops, yes MediaWiki 1.16.0
2010-07-28
And now 1.16 is no longer supported at all.
You should do an update to 1.19 or 1.20.
I Upgrade to 1.9... but continuous the Spam!!. There isn't any form possible to obtain that NOBODY can create new pages until it can fix this problem of security?
You do not mean MW 1.9, but 1.19.
MW 1.19.4 should be secure currently. If you still get IPs spamming, although editing is disabled for IPs, then there obviously is a way to hack your wiki. I just had a look at your Special:Version page and it e.g. lists the extension "Maintenance Shell".
The version, which you use, has known security vulnerabilities. There are newer versions, in which several security issues have been fixed.
Apart from that, as the wiki page states, no matter if you use the newest version or not: This extension per se is a security risk. You should uninstall this extension.
If you continue having spam problems afterwards, see combating spam.
I delete Maintenance Shell, inted install AbuseFilter but this caused an error (IndexPager::reallyDoQuery (AbuseFilterPager) - 1146: Table 'xtzpjxni_wiki.abuse_filter' doesn't exist (localhost))... previously i instaled (recommended by the instruccions page of AbuseFilter extension) "AntiSpoof" extension and run update.php (in web: mw-config directory) ...The thing is worse even: some of “Special Pages” have stopped working...
I don't understand... there are any way for disabled the edition of new pages?
I have obtained that more users are not created without sysop permission… but it is not necessary to be usuary (not even to use the pages of wiki) for creates new pages is exasperating!. It doesn't exist any page nor code that can block that?
That's really strange. I don't see how those bots are still editing the wiki o_O. Sure, it must be a backdoor there. But where?
To stop more spam you can simply turn the wiki "readonly", setting Manual:$wgReadOnly.
To see how people still can edit the wiki, you can turn on debugging, enabling a debug log. See Manual:How_to_debug#Logging. This can give you/us hints about what page/parameters/process are using to edit the wiki.
Be careful, since it will log even pageviews, so turn it on in a short period of time until you catch someone creating a page.
>That's really strange. I don't see how those bots are still editing the wiki o_O. Sure, it must be a backdoor there. But where? This is my great enigma!!!
>To stop more spam you can simply turn the wiki "readonly", setting Manual:$wgReadOnly. Ooops...Then either!. I have placed the instruction ($wgReadOnly) in the LocalSettings… and they continue publishing spam! >To see how people still can edit the wiki, you can turn on debugging, enabling a debug log. See Manual:How_to_debug#Logging. I can't write in Apache program... it's a public server
Finally there am code a backup copy of two years ago and… I prefer to rewrite what there am lost that to hopelessly continue erasing spamm "sine die" Thanks anyway for your aid.
PS: Still I have not erased the damaged BD, in case somebody wants to experiment with her to find out where this the security hole, I activate in another directory so that whatever manipulates it wants.
I am not sure that using a backup will help you: If you have security issues, which are being exploited, in your code, these won't be fixed by installing a backup. Even when you directly update the outdated source code from the backup with new code again, you will still have to find the place of the security breach and fix it.
Agreed with 88.130. Restoring a backup without finding and fixing the security hole will give you the same problems again.
Just a note: you can export specific pages from the wiki before restoring the backup to import them when restoring so you don't lose the work. See the Special:Export page on your wiki and Special:Import.
I have only recovered the copy of the data base. P But previously he took to one week trying thousand adjustments (Localsettings, Dafaultsettings) and i've upgraded MW to 1.19.4, closing the edit to users and restricting the subscription to the Sysop So far nobody has entered to leave sweepings… we touch wood! By all means that I had liked to find the security hole! but no longer could more: the DB MySQL reached 9Gb! … and it continued growing. Anyway I will be watching!
You replace the database and not a single file and the spam stops. Interesting constellation. That seems to mean that the "hack" was somewhere in the DB. Maybe - in the time where you used outdated software - someone found a way to manipulate the DB so that every user (also IPs) got special privileges?
