RichardBerg:Wikka

Hi, I'm Richard Berg. While I'm using (stuck with?) 'Tavi for my biggest wiki-site, I use Wikka for my personal site. I post on far too many internet forums, so you might recognize me from one of the websites on my bookmarks. If not, I'm just that random guy who contributes a snippet of code now & then and complains a lot ;-)

Local pages I'm interested in:
WikkaTables
ImportUBB
DeleteSpam

email: arsmod@rb.net [spell out the domain]

1/22/05 - Spam help! I have apparently been attacked by an army of spam bots. Has this happened to anyone else? For now, I am asking for your help with:

a SQL command that will delete all of these edits

a SQL command that will change all of my ACLs to '+' for writing and commenting (I've modified the config file but that only affects new pages AFAIK)

A small clarification: setting the ACL defaults in the config file applies to all existing pages -- that you have not set ACLs on. In other words, if you have not set any page ACLs, and then you change the default values, all pages will use the new default values. -- JsnX

Whatever script they used (on multiple machines, no less) could certainly be used against any Wakka-like site with minimal modifications, so something has to be done...I will do what I can to help you guys combat future attacks as well as implement the new HTML attribute you've probably all heard about.

1/23/05 - with much quick assistance, the immediate threat is gone :) The DeleteSpam tool that was graciously ported over has real potential...I'll see if I have the ability or time to make it more widely useful.

See also WikkaSpamFighting where I've now gathered all spam-related issues. --JavaWoman

1/05/08 - hi again. I was hit by a veritable flood of spam recently, much worse than before. I installed the experimental 1.1.6.4 branch in hopes of using the new AdminPages tool, but found it would only revert the most recent attack on each given page. Plus, it was really slow ;-) Since I had hundreds of pages that had each been hit dozens of times, I decided to just purge things at a database level. With some help, I put together these SQL scripts:

-- delete most recent edits
DELETE FROM `wakka_pages` 
WHERE `ID` > 4000

-- cleanup: set Latest flag back where needed
UPDATE `wakka_pages` a INNER JOIN (SELECT max(`ID`) as `ID` 
							 FROM `wakka_pages`
						   GROUP BY `tag`) b
 		ON a.ID = b.ID
SET a.latest = 'Y'

You'll need to adjust the ID # of the most recent edits, and probably your table prefix too. Hope someone finds these useful.

CategoryUsers

Comments

Comment by JavaWoman

2005-01-23 20:52:41

Richard, I added your Spam help plea to the ProgrammingHelp page where it might attract more attention. I'm no SQL wiz myself...
Nasty problem ... We'll probably need some Admin tools along the lines you suggest though.

Any chance to take your site off-line for a bit and use a tool like PhpMysqlAdmin to directly repair the database?

Comment by MovieLady

2005-01-23 22:58:54

Richard - I added the sql to the ProgrammingHelp page to update your ACLs. Give me a few to look at the page table more closely and I should have a way to delete the actual page changes. :)

Comment by GmBowen

2005-01-23 23:15:58

I left this at CommunityNotes...."at Wikini there's an interesting attempt to write an action [link at Community Notes] (I think that it is admin-based....my French, & Google's French, is weak) that allows one to selectively remove edits by a particular IP/individual. Thought it might give us a different spin on how we could provide a tool to deal with spam (that will remove it selectively from the history features as well). Considering the discussions around stopping bots from indexing history pages, I thought this might be a useful thing to look at. Hope this helps. mike b

Comment by MovieLady

2005-01-24 08:17:32

Richard - I added a page called DeleteSpamAction with the translated version of the code from the French WikiNi site - I'd let one of the folks here test it first and make sure it works 100%, but it should at least help you right now, even if it's not a permanent solution as-is.

Comment by RichardBerg

2005-01-24 10:06:42

Thank you all for the amazingly quick response. Once I backed up the post-spam DB "just in case," I was able to apply your SQL & Wikka-Action fixes with no issues whatsoever.

For future reference (now that my RecentChanges lacks the horrific evidence), whatever spam script attacked me is capable of overwriting 100s of pages in under 5 minutes, with very good cooperation among multiple zombies -- the pages were changed in alphabetical order despite originating from 3 different ISPs.

Comment by MovieLady

2005-01-24 16:26:52

Yay! You're welcome. :)

My jaw dropped when I saw all the changes on your RecentChanges page. Yikes, what a nightmare!

Comment by MovieLady

2005-01-25 06:57:55

Hey, do you still have the backup you made of your database before getting rid of the defaced info? (I'm going to set up a test wikka for myself and work on making modifications to that script, and that would be a great test subject.)

Wikka : RichardBerg