[SATLUG] SPAM on wiki
Bruce Dubbs
bruce.dubbs at gmail.com
Wed Jan 3 21:46:14 CST 2007
I received a note from Frank Huddleston (thanks Frank) that the wiki was
not working. Upon investigation, I found that the main wiki page was
hacked so bad that php was running out of memory. The hacker had an ip
address of 81.177.14.26 or
dig -x 81.177.14.26
; <<>> DiG 9.2.4 <<>> -x 81.177.14.26
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 22482
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;26.14.177.81.in-addr.arpa. IN PTR
;; AUTHORITY SECTION:
177.81.in-addr.arpa. 10800 IN SOA ns.rt-comm.ru.
hostmaster.rtcomm.ru. 2006112100 28800 7200 1209600 86400
I have blocked the entire 81.177.0.0/16 address space which is assigned
by RIPE (http://www.ripe.net/perl/whois/) to a Moscow ISP.
According to the log, all the hacks (over 100 separate entries) are
coming from the same IP dating back to November 29.
I don't monitor the wiki every day, so *please* let me know if you see
any hacks (or fix them yourself).
Do we have any volunteers to research MediaWiki to see how protect pages
from unauthorized updates?
-- Bruce
More information about the SATLUG
mailing list