Probably should mention that Jayg is cracking down on TOR nodes because of this; previously most of them were being softblocked, but he's hardblocking all of them. --
Gwern (contribs) 03:32
8 May2007 (GMT)
Maybe. On the other hand admin accounts are not subject to IP blocks, so can't someone use tor with an admin account?
Thatcher13103:36, 8 May 2007 (UTC)reply
I don't know. That sounds about right, but I don't know for sure. On the other hand, if that is true, that would suggest the hardblocks are even more pointless than I've been saying to Jayg. --
Gwern (contribs) 04:23
8 May2007 (GMT)
I think this would be good for an article next week after some time to digest. There are a lot of people who favor hard blocks for a number of reasons. Probably should not be shoehorned here at last minute.
Thatcher13103:40, 8 May 2007 (UTC)reply
It's no less last minute than the rest of the stuff, I'd say. But I do have an ulterior motive in suggesting it, as I've learned that you need to jump on these things early before 'consensus' and inertia build up. --
Gwern (contribs) 04:23
8 May2007 (GMT)
That's a big mistake. Tor is a necessity in places where Wikipedia is blocked. Blocking all tor access effectively prohibits a billion or so people from editing/reading the site. —
BRIAN0918 • 2007-05-09 15:39Z
"My password is password!"
I was lucky enough to see the first incident (the
User:AndyZ one) in progress, and saw that fateful edit summary shortly after creation. I naturally thought "Ah. A compromised account is running wild; and the hacker has set the password so anybody can join in. I wonder how many will?"
Obviously there's a lot of evidence that
User:BuickCenturyDriver did just that. But how many others did? I would imagine lots of others, no? During the minutes between "My password is password!" and the point where
User:Mark took control of the account, how many IP addresses all over the place logged on? This seems like a prime bit of news for the newspaper! Inquiring minds want to know.
Doops |
talk00:36, 9 May 2007 (UTC)reply
As far as I know from the checkuser evidence that has been described, BuickCentury was the only cat killed by curiosity. All the rest of the IP evidence points to one cracker behind all the attacks. Jiang's password was not revealed until later, by him, and Marine and Conscious' passwords have never beeb revealed.
Thatcher13103:13, 9 May 2007 (UTC)reply
I don't know. It could have been any time after the account was blocked and desysopped. Incidentally, I will be writing a followup article for next week to cover developements after this issue was finalized.
Thatcher13103:44, 9 May 2007 (UTC)reply
It took about a minute after I saw that to log out, log in and change the password. Apparently as soon as a password is changed, it logs out all other computers logged in on that account. Luckily it seems nobody got around to do any damage beyond what has been described. Chances are, not a whole lot of passing randoms know how to get to the deletion log to find out the deletion summary. -
Mark06:05, 9 May 2007 (UTC)reply
Oh, wait. I should have read the full thing before posting here. I just saw the "as of this writing" bit and jumped straight in here. --
Dreaded Walrustc13:20, 9 May 2007 (UTC)reply
Dire warnings in Wikipedia:Administrators no longer current
This is my first Signpost article so I don't know if its supposed to be like a newspaper that doesn't change once its printed or whether it should be updated, and for how long after publication. I'll look at WP:Admins and think about toning down the article.
Thatcher13112:23, 9 May 2007 (UTC)reply
Signpost articles are more like newspaper articles than mainstream wiki articles - they are rarely edited to reflect developments of substance after the date of publication (although minor amendments are often made - this is a wiki, after all). --
ALoan(Talk)10:14, 10 May 2007 (UTC)reply