Be wary about this, it is common for crackers to break into a site and leave backdoors on the site to be sold/exploited later.
This could be an indication of that. On Nov 9, 2012 4:13 PM, "Chris Dennis" <cgden...@btinternet.com> wrote: > On 08/11/12 18:31, Chris Dennis wrote: > >> On 05/11/12 21:31, Alan Bell wrote: >> >>> On 05/11/12 15:46, Chris Dennis wrote: >>> >>>> >>>> Yes. Adam had to shut down most access to the wiki because of all the >>>> spam. And my very brief reading of the MoinMoin documentation >>>> suggests that the system wasn't designed to be secure: it's open to >>>> either everyone or no-one (except for 'superusers'). If I'm wrong >>>> about that, please let me know. >>>> >>> you can actually do quite a lot of access control stuff with moin >>> http://hants.lug.org.uk/wiki/**HelpOnAccessControlLists<http://hants.lug.org.uk/wiki/HelpOnAccessControlLists> >>> check out the various examples of ways you can configure a site for >>> different scenarios, basically you end up creating pages with bulleted >>> lists of people to make groups: >>> http://hants.lug.org.uk/wiki/**HelpOnGroups<http://hants.lug.org.uk/wiki/HelpOnGroups> >>> like this one but you can create more >>> http://hants.lug.org.uk/wiki/**AdminGroup<http://hants.lug.org.uk/wiki/AdminGroup> >>> then use the group names (that is their wiki page names) in ACLs >>> >> >> Aha! Thanks for those hints, Alan. I now understand a bit more about >> MoinMoin. >> >> So, this is the plan. I've re-enabled new accounts, which means that >> anyone can create an account. BUT, only users who are members of the >> 'editors' group can change things. If you want to be an editor, create >> an account, and let me know your user name by sending an email to >> webmas...@hantslug.org.uk. >> > > Hmmm... Less that 24 hours later, about 50 random user names have > appeared in the wiki's list of users. No pages have been hacked, but it's > a bit of a worry... > > -- > Chris Dennis cgden...@btinternet.com > Fordingbridge, Hampshire, UK > > -- > Please post to: Hampshire@mailman.lug.org.uk > Web Interface: > https://mailman.lug.org.uk/**mailman/listinfo/hampshire<https://mailman.lug.org.uk/mailman/listinfo/hampshire> > LUG URL: http://www.hantslug.org.uk > ------------------------------**------------------------------**-- >
-- Please post to: Hampshire@mailman.lug.org.uk Web Interface: https://mailman.lug.org.uk/mailman/listinfo/hampshire LUG URL: http://www.hantslug.org.uk --------------------------------------------------------------
