[Haskell-cafe] Re: The site has been exploited (again)
Mike Dillon
mike at embody.org
Sun Jul 11 14:16:44 EDT 2010
begin Gour quotation:
> On Sun, 11 Jul 2010 14:40:03 -0300
> >>>>>> "Felipe" == Felipe Lessa <felipe.lessa at gmail.com> wrote:
>
> Felipe> As far as I know, haskell.org doesn't run on top of Haskell
> Felipe> software.
>
> That's the point. ;)
>
> haskell.org should work on Haskell software in order to prevent such
> things.
This change had nothing to do with Haskell versus not Haskell and was
not the result in an exploit in MediaWiki.
The haskell.org wiki is set up to only allow logged-in users to edit
pages. What appears to have happened is that someone created an account
named "Buycliamox" and used it to make the edit in question:
http://www.haskell.org/haskellwiki/?title=Special:Contributions&target=Buycilamox
Now, unless this was a bot-created account, there is nothing that a
newer version of Mediawiki would have helped. I believe newer versions
either have CAPTCHA/reCAPTCHA built-in or available via a plugin. That
could have helped prevent automated account creation, but you still have
the problems of hijacked accounts if haskell.org were really a target
for such things. I'd go with the most likely explanation in this case
and assume that a person created this account and decided to be cute.
Being that there is only one active admin on the Haskell.org wiki
(User:Ashley Y), I believe the fact that this page is editable by any
user is a policy decision to allow the community to contribute. The
page could be protected, but then only two administrators could edit it
(assuming John Peterson decided to become active again after two years
of not working on the wiki):
http://www.haskell.org/haskellwiki/?title=Special%3AListusers&group=sysop
As for whether or not moving this particular wiki to a Haskell-based
solution would be a good idea, I don't see it being a win. I don't know
of any Haskell-based wikis that support MediaWiki syntax, so the effort
would involve converting all the existing content to some other format.
Being that MediaWiki's syntax is the most widespread wiki syntax at the
moment, I don't see how that would do anything but make it harder for
people to contribute.
-md
More information about the Haskell-Cafe
mailing list