Ogre Wiki hacked???

Anything and everything that's related to OGRE or the wider graphics field that doesn't fit into the other forums.
Post Reply
User avatar
scarpelius
Halfling
Posts: 50
Joined: Sun Aug 29, 2004 8:17 am
Location: Romania, Bucharest
Contact:

Ogre Wiki hacked???

Post by scarpelius »

I tried to acces the wiki page http://www.ogre3d.org/wiki/index.php and i get a very strage result with chinese characters and the the adress look like thishttp://www.ogre3d.org/wiki/index.php/Main_Page
Is there any other place where I can read the tutorials?

User avatar
haffax
OGRE Retired Moderator
OGRE Retired Moderator
Posts: 4823
Joined: Fri Jun 18, 2004 1:40 pm
Location: Berlin, Germany
x 6
Contact:

Post by haffax »

Na. Not hacked. Just spammed. Spam is removed now.

@team: Are there any script blockers for the account creation available for Wikipedia? I mean such a validation field where one has to read some distorted text and insert it into a box. I know there is a nifty name for it, but I can't remember it. ;)
team-pantheon programmer
creators of Rastullahs Lockenpracht

User avatar
scarpelius
Halfling
Posts: 50
Joined: Sun Aug 29, 2004 8:17 am
Location: Romania, Bucharest
Contact:

Post by scarpelius »

That was fast :)
Man this is one of the thing i love at Ogre. Besides the engine.
Thanks.

User avatar
DWORD
OGRE Retired Moderator
OGRE Retired Moderator
Posts: 1365
Joined: Tue Sep 07, 2004 12:43 pm
Location: Aalborg, Denmark
Contact:

Post by DWORD »

That's the second spam attack today!

What the hell is happening to people?! :evil:

User avatar
temas
OGRE Retired Team Member
OGRE Retired Team Member
Posts: 390
Joined: Sun Oct 06, 2002 11:19 pm
Location: The Woodlands, TX
Contact:

Post by temas »

Sinbad just installed a spam blocker. We'll see how it does.

User avatar
Antiarc
Greenskin
Posts: 120
Joined: Thu Jan 23, 2003 8:40 am
Contact:

Post by Antiarc »

Yay for googlebombs.

*sigh*

User avatar
Phantom
Greenskin
Posts: 106
Joined: Mon Aug 02, 2004 10:28 pm
Location: Helsinki, Finland

Post by Phantom »

scarpelius wrote:That was fast :)
Man this is one of the thing i love at Ogre. Besides the engine.
Thanks.
Indeed. I just mentioned that it would be nice if my forum nick would be changed, and BAM! temas was there and it was changed ;) Took like 2 minutes.

lesbaker
Gnoblar
Posts: 1
Joined: Thu May 05, 2005 1:43 am
Location: Upstate, SC

Post by lesbaker »

tanis: it's called a CAPTCHA.

User avatar
temas
OGRE Retired Team Member
OGRE Retired Team Member
Posts: 390
Joined: Sun Oct 06, 2002 11:19 pm
Location: The Woodlands, TX
Contact:

Post by temas »

I can't stand captcha's! Man, I can't distinguish them half the time. Whine over. :)

User avatar
:wumpus:
OGRE Retired Team Member
OGRE Retired Team Member
Posts: 3067
Joined: Tue Feb 10, 2004 12:53 pm
Location: The Netherlands
x 1

Post by :wumpus: »

I'm against them as well (everything that slows down the registration process for new users); let's at least first see if the antispam tool Sinbad installed works. If not, we can always go for captcha's. Who thought of that name anyay :)

Kai-Peter
Greenskin
Posts: 133
Joined: Tue Oct 15, 2002 10:14 am
Location: Helsinki, Finland
x 1
Contact:

Post by Kai-Peter »

One option would be to add a custom AuthPlugin to MediaWiki. For my own wiki I wrote a vBulletin plugin that uses the vBulletin MySQL database to authenticate users. You need to have a valid forum login to be able to create and log in to your Wiki account. Setting separate passwords in the Wiki is disabled so everthing goes through the forum system. It even checks for bans so if someone is banned from vBulletin they are also banned from the Wiki.

This is great as it makes creating a Wiki account Real Simple (TM), just enter your forum stuff. It also make Wiki management easier as you only have a single point (the forum) to take care of.

Here is my code for it:

Code: Select all



/**
 * Authentication plugin interface. Instantiate a subclass of AuthPlugin
 * and set $wgAuth to it to authenticate against some external tool.
 *
 * The default behavior is not to do anything, and use the local user
 * database for all authentication. A subclass can require that all
 * accounts authenticate externally, or use it only as a fallback; also
 * you can transparently create internal wiki accounts the first time
 * someone logs in who can be authenticated externally.
 *
 * This interface is new, and might change a bit before 1.4.0 final is
 * done...
 *
 * @package MediaWiki
 */
require_once("includes/AuthPlugin.php");

class AuthPlugin_vBulletin extends AuthPlugin {

  // Persistent DB connection
  var $vb_database;

  function AuthPlugin_vBulletin($host, $username, $password, $dbname)
  {
    $this->vb_database = mysql_pconnect($host, $username, $password);
    mysql_select_db($dbname, $this->vb_database);
  }  


  /**
   * Check whether there exists a user account with the given name.
   * The name will be normalized to MediaWiki's requirements, so
   * you might need to munge it (for instance, for lowercase initial
   * letters).
   *
   * @param string $username
   * @return bool
   * @access public
   */
  function userExists( $username ) {
    $username = addslashes($username);
    $vb_find_user_query = "SELECT usergroupid FROM user WHERE LOWER(username)=LOWER('" . $username . "')";
    $vb_find_result = mysql_query($vb_find_user_query, $this->vb_database);
    if(mysql_num_rows($vb_find_result) == 1) {
      $vb_user_info = mysql_fetch_array($vb_find_result);
      $usergroupid = $vb_user_info['usergroupid'];
      // Only registered and admins. Banned and unregistered don't belong here.
      if($usergroupid == "2" || $usergroupid == "5" || $usergroupid == "6" || $usergroupid == "7")
        return true;
    }
    else
      return false;
  }
	
  /**
   * Check if a username+password pair is a valid login.
   * The name will be normalized to MediaWiki's requirements, so
   * you might need to munge it (for instance, for lowercase initial
   * letters).
   *
   * @param string $username
   * @param string $password
   * @return bool
   * @access public
   */
  function authenticate( $username, $password ) {
    $username = addslashes($username);
    $vb_find_user_query = "SELECT password, salt, usergroupid FROM user WHERE LOWER(username)=LOWER('" . $username . "')";
    $vb_find_result = mysql_query($vb_find_user_query, $this->vb_database);
    if(mysql_num_rows($vb_find_result) == 1) {
      $vb_user_info = mysql_fetch_array($vb_find_result);
      $usergroupid = $vb_user_info['usergroupid'];
      
      // Only registered and admins. Banned and unregistered don't belong here.
      if($usergroupid == "2" || $usergroupid == "5" || $usergroupid == "6" || $usergroupid == "7")
        if(md5(md5($password) .  $vb_user_info['salt']) == $vb_user_info['password'])
          return true;
    }
    return false;
  }
	
  /**
   * Return true if the wiki should create a new local account automatically
   * when asked to login a user who doesn't exist locally but does in the
   * external auth database.
   *
   * If you don't automatically create accounts, you must still create
   * accounts in some way. It's not possible to authenticate without
   * a local account.
   *
   * This is just a question, and shouldn't perform any actions.
   *
   * @return bool
   * @access public
   */
  function autoCreate() {
    return true;
  }
	
  /**
   * Return true to prevent logins that don't authenticate here from being
   * checked against the local database's password fields.
   *
   * This is just a question, and shouldn't perform any actions.
   *
   * @return bool
   * @access public
   */
  function strict() {
    return true;
  }
	
  /**
   * When creating a user account, optionally fill in preferences and such.
   * For instance, you might pull the email address or real name from the
   * external user database.
   *
   * The User object is passed by reference so it can be modified; don't
   * forget the & on your function declaration.
   *
   * @param User $user
   * @access public
   */
  function initUser( &$user ) { 
    $vb_find_user_query = "SELECT password, salt FROM user WHERE LOWER(username)=LOWER('" . addslashes($user->mName) . "')";
    $vb_find_result = mysql_query($vb_find_user_query, $this->vb_database);
    if(mysql_num_rows($vb_find_result) == 1) {
      $vb_user_info = mysql_fetch_array($vb_find_result);
      $user->mEmail = $vb_user_info['email'];
    }
    else {
      // ERROR?
    }
  }
}
It took me just an hour to write it, very simple hacking. You could easily adapt this to phpBB. Then in the LocalSettings.php file I have a line:

Code: Select all

$wgAuth = new AuthPlugin_vBulletin('localhost', 'username', 'password', 'dbName');
Kai Backman, programmer (Blog)
ShortHike - Space Station Game

User avatar
sinbad
OGRE Retired Team Member
OGRE Retired Team Member
Posts: 19265
Joined: Sun Oct 06, 2002 11:19 pm
Location: Guernsey, Channel Islands
x 66
Contact:

Post by sinbad »

Any posts which link to patterns in a known spam listing (which is updated regularly automatically) will be rejected now, from any user. I'm hoping this will be enough to stop most future abuses.

User avatar
SuprChikn
Bugbear
Posts: 863
Joined: Tue Apr 19, 2005 6:10 am
Location: Melbourne, Aus
Contact:

Post by SuprChikn »

It's pretty sad that spam-protection has to be instated here. :cry:

User avatar
Project5
Goblin
Posts: 245
Joined: Mon Nov 22, 2004 11:56 pm
Location: New York, NY, USA
Contact:

Post by Project5 »

It's pretty sad that spam-protection has to be instated here.
That just means that Ogre's popular :-)

Post Reply