14 Jun, 06
I just finished setting up a MediaWiki for WorldIRC. Page titles and user names should be fully case-sensitive (i.e., able to start with a lowercase letter). Unfortunately, MediaWiki doesn’t really support that out of the box. Googling didn’t yield any usable results. Finally, asking in the IRC channels got me on the right track: In your LocalSettings.php, add at the end:
$wgCapitalLinks = false;
To get case-sensitive usernames, but still allow case-insensitive logins, you need to patch the code.
Here’s my patch against the current stable 1.6 version (r14760):
Index: includes/User.php
===================================================================
--- includes/User.php (revision 14760)
+++ includes/User.php (working copy)
@@ -51,9 +51,11 @@
* @static
*/
function newFromName( $name ) {
+ /* don't
# Force usernames to capital
global $wgContLang;
$name = $wgContLang->ucfirst( $name );
+ */
# Clean up name according to title rules
$t = Title::newFromText( $name );
@@ -148,7 +150,7 @@
return null;
}
$dbr =& wfGetDB( DB_SLAVE );
- $s = $dbr->selectRow( 'user', array( 'user_id' ), array( 'user_name' => $nt->getText() ), $fname );
+ $s = $dbr->selectRow( 'user', array( 'user_id' ), 'LCASE(user_name) = LCASE(' . $dbr->addQuotes( $nt->getText() ) . ')', $fname );
if ( $s === false ) {
return 0;
@@ -200,7 +202,7 @@
|| User::isIP( $name )
|| strpos( $name, '/' ) !== false
|| strlen( $name ) > $wgMaxNameChars
- || $name != $wgContLang->ucfirst( $name ) )
+ /* || $name != $wgContLang->ucfirst( $name ) */ )
return false;
// Ensure that the name can't be misresolved as a different title,
Thanks to Pill- and spacebirdy of #wiktionary and PhilHarnish and Nikerabbit of #mediawiki!
11 Mar, 06
On a lighter note, the Mars Reconnaissance Orbiter has successfully entered the Mars orbit on 22:25 GMT. Besides doing an awful lot of surveying and analyzing missions, it will also serve as a test hub for the Interplanetary Internet (or InterPlaNet for short).
Obviously, Vint Cerf’s talk made quite an impression on me.
05 Dec, 05
Just got 26 requests from some bot or script looking for unprotected installations of phpMyAdmin. The requests, one per second, were made to the following URIs:
- /phpmyadmin/main.php
- /PMA/main.php
- /mysql/main.php
- /admin/main.php
- /db/main.php
- /dbadmin/main.php
- /web/phpMyAdmin/main.php
- /admin/pma/main.php
- /admin/phpmyadmin/main.php
- /admin/mysql/main.php
- /phpmyadmin2/main.php
- /mysqladmin/main.php
- /mysql-admin/main.php
- /main.php
- /phpMyAdmin-2.5.6/main.php
- /phpMyAdmin-2.5.4/main.php
- /phpMyAdmin-2.5.1/main.php
- /phpMyAdmin-2.2.3/main.php
- /phpMyAdmin-2.2.6/main.php
- /myadmin/main.php
- /phpMyAdmin-2.6.0/main.php
- /phpMyAdmin-2.6.0-pl1/main.php
- /phpMyAdmin-2.6.3-pl1/main.php
- /phpMyAdmin-2.6.3/main.php
- /phpMyAdmin-2.6.3-rc1/main.php
- /phpMyAdmin-2.6.2-rc1/main.php
The requests all originated from 66.235.201.231 (ds201-231.ipowerweb.com, which doesn’t forward resolve). A portscan shows ports 21 (ftp: ‘Microsoft FTP Service’), 25 (smtp: ‘Microsoft ESMTP MAIL Service, Version: 6.0.3790.1830’), 54 (ftp: ‘Serv-U FTP Server v5.2 for WinSock’), 80 (http: ‘Microsoft-IIS/6.0’), 135, 139, 445, and 1433 open. Some ports just above 1024 are sporadically open. The host is probably a zombie.
I’ve mailed {abuse,hostmaster}@ipowerweb.com at 01:17 CET.
If you’re running any management software without proper protection (IP-based where possible, HTTP Authentication with a strong password at least), this is your last warning call.
Even for protected directories, you should change the default directory name, e.g. by appending a random string to make ‘phpMyAdmin_Irogah2A’ (pwgen is great for this), just to make it harder to find and thus (somewhat) protect from brute force attacks. (Yes, this is obscurity at work. Security by obscurity is only bad if it’s the only line of defense, but it’s great as an additional safety measure.)
PS: If you’re running phpMyAdmin <= 2.6.4, upgrade to the latest version.
Update 2005-05-12 22:09
Response (Angel P.) 12/05/2005 01:06 PM
Thank you for contacting the iPowerWeb Abuse Department.
We apologize for any inconvenience this may have caused you. We have taken action regarding the network scan originating from our network.
Thank you for your time and patience.
