More Swiki damage by socp-b.scsnet.com

Kevin Fisher kgf at golden.net
Wed Jul 24 23:08:09 UTC 2002


Ignoring him won't stop the swiki from being damaged/locked/defaced.

Do you want to spend every day rolling it back and fixing it?  This is what's
been going on and not surprisingly, it hasn't stopped the vandal one whit.
I've seen things like Winamp.exe attached to pages on there for no reason..
it's not much of a stretch to see pirated software appearing there as well.
Then gatech (presumably) might have to deal with a visit from the BSA or 
worse.

I don't see how applying a little security is playing "his game".  Seems to
me he's the one playing with US, right now, since there is no security.  We
can play whack-a-mole by banning IP addresses, but experience has shown they
just pop up again under a different one without much effort. 

It's true that locking things down is counter to the open-access spirit
of a Wiki...but what about abuse?  We're on the internet, after all...we're
far from a nice, safe network.  Is there some happy medium we can come to?
Heck, on the wiki I set up at work I use rudimentary passwords, and this
is on a corporate LAN!

[putting on dusty sysadmin hat]

Once the kiddies and bozos discover something that's wide open, word tends
to spread.  Nothing attracts flies like an open server..script kiddies
and their ilk just LOVE finding 'drop zones' for their warez.

[takes off hat, throws it back in the corner]

That said, I'm certain this must be a problem that other Wiki-using groups
have encountered (squeak, python or otherwise).  Perhaps we should
scout around and see if an adequate solution has already been found?


On Wed, Jul 24, 2002 at 07:28:40PM -0300, Diego Coronel wrote:
> Why not ignore him?
> IMHO, solutions to this kind of problems are out of scope. If you care about
> security, IP, etc.. you are playing his game.
> Anyway, it's a shame
> 
> Diego Coronel
> 
> 
> > Not to be a cynic here (well, I guess it's unavoidable having
> > been a sysadmin :)
> > but simply locking out the IP may not put an end to it.  After all, AOL
> > throwaway accounts are pretty much free in every cereal box these days.
> >
> > It doesn't seem to me that the vandal in question is going to stop anytime
> > soon, either...someone fixes the swiki, and he wrecks it the next day.
> >
> > Is there any realistic way to allow swiki access based upon membership
> > to this mailing list?  Ideally, we'd be the ones changing it the most.
> >
> >
> > On Wed, Jul 24, 2002 at 01:27:34PM -0700, Ned Konz wrote:
> > > This time it locked the page after damaging it:
> > > http://minnow.cc.gatech.edu/squeak/393
> > >
> > > Isn't there some way to lock out this IP?
> > >
> > > --
> > > Ned Konz
> > > http://bike-nomad.com
> > > GPG key ID: BEEA7EFE
> > >
> > >
> >
> 
> 



More information about the Squeak-dev mailing list