| Welcome Guest | Login |
Index
| Recent Threads
| Register
| Search
| Help
| 
| View Unanswered Threads
|
 |
Forums » List all forums » Forum: YPPedia Community » Thread: The Great 2020 Purge |
|
Thread Status: Normal Total posts in this thread: 7 |
[Add To My Favorites] [Watch this Thread] [Post new Thread] |
| Author |
|
LJAmethyst
 Joined: Jul 19, 2007 Posts: 4151 Status: Offline |
So a great purge has been effected across the YPPedia user base, removing administrator and bureaucrat and other rights from inactive and vanished users. Players and OMs and Developers alike were affected. Take a look. There are now zero, count 'em, zero player administrators; even Faulkston was de-sysopped. There are 6 Ocean Masters left active and 3 developers with the mop. Approximately 59 users were caught in the dragnet put out by administrator Rsugden. This seems drastic, but it's really a long-needed adjustment. The YPPedia is so quiet and slow that 9 admins can handle it with no problems. This is undoubtedly a measure to tighten security in the wake of the Ocean Master password compromise. Anyone taking over an administrator account could seriously damage the Wiki. ---------------------------------------- Retired as of August 2015. Sic transit gloria mundi. |
||
|
|
Stan5
|
 |
||
|
|
Thunderbird
Joined: Sep 4, 2003 Posts: 5771 Status: Offline |
Note that Faulkston's admin access has already been put back. ---------------------------------------- Pirate tells you, "my, that's one BIG wad o' chewing gum ye have mounted on yer bonce! oO'" Sungod officer chats, "I wonder if anyone's sailing the harpsichord" Pirate tells you, "ZOMG CANDYFLOSS!!! *munches*" |
||
|
|
LJAmethyst
Joined: Jul 19, 2007 Posts: 4151 Status: Offline |
Yep, but I doubt it has done him much good so far; the YPPedia server is giving me timeouts and HTTP server errors. The forums were down awhile too. Is there a DDOS bundled with this OM compromise? ---------------------------------------- Retired as of August 2015. Sic transit gloria mundi. |
|||
|
|
LJAmethyst
Joined: Jul 19, 2007 Posts: 4151 Status: Offline |
19:47, 18 October 2019 Callistan (Talk | contribs) changed group Callistan was a user who has not made a contribution since 2011. I suspect that his account was compromised last year, and someone has been logging in to abuse "Check user" privileges. What are "check user" privileges? CUs have special access to personal information on MediaWiki. They are enabled so that they can prevent sock puppetry. They do this by comparing account characteristics such as user agent, IP address and corresponding geolocation, HTTP headers, etc. These are bits of personal information not exposed to ordinary users or even administrators of MediaWiki. Given the fact that an ordinary bureaucrat can give themselves all the permissions they need, this is a dangerous userright for anyone to have when there is not an absolute need for it. As we can see, Callistan or whoever compromised his account was able to elevate privileges to that which Grey Havens did not intend. I would say that if you have edited YPPedia in the past 18 months, there is a good possibility that your personal information (as explained above) has been exposed. ---------------------------------------- Retired as of August 2015. Sic transit gloria mundi. ---------------------------------------- [Edit 2 times, last edit by LJAmethyst at Nov 9, 2020 1:01:27 AM] |
||
|
|
Phaerie2
Joined: May 4, 2010 Posts: 310 Status: Offline |
I'm not too good with internet technical stuff so please bear with me, and forgive me if my post is not relevant. Would the above apply to people who had uploaded to YPPedia? eg: as required for entry to the portrait background competition. ---------------------------------------- *********************************** Phaerie: Obsidian and Cerulean Phaeirie: Emerald ___________________________________ Fray Cray Phae at yer service! |
|||
|
|
Thunderbird
Joined: Sep 4, 2003 Posts: 5771 Status: Offline |
From reading about the CheckUser extension on MediaWiki's site ([url]https://www.mediawiki.org/wiki/Extension:CheckUser[/url]), getting geolocation information isn't mentioned at all, and the only header present is the identifying browser. There is a mention of Firefox users being able to add a snippet to a subpage of their User page to make lookups, but this was not done in Callistan's case (the subpage in question does not exist, even in a deleted form). Furthermore, all requests made through CheckUser are logged. However, this log is only accessible to other CheckUsers. Grey Havens is able to access the logs and determine if this was actually abused. ---------------------------------------- Pirate tells you, "my, that's one BIG wad o' chewing gum ye have mounted on yer bonce! oO'" Sungod officer chats, "I wonder if anyone's sailing the harpsichord" Pirate tells you, "ZOMG CANDYFLOSS!!! *munches*" |
|||
|
| [Show Printable Version of Thread] [Post new Thread] |
Powered by mvnForum
mvnForum copyright © 2002-2006 by MyVietnam.net