Infrastructure
  1. Infrastructure
  2. INFRA-5548

Access to modify mysql tables and php scripts for wiki.openoffice.org

    Details

    • Type: Task Task
    • Status: Closed
    • Priority: Critical Critical
    • Resolution: Fixed
    • Fix Version/s: Initial Clearing
    • Component/s: Website
    • Labels:
      None
    • Environment:
      Ubuntu / mysql / apache (wiki.openoffice.org)

      Description

      we (apache open office) need to maintain our media wiki site (wiki.openoffice.org) because:
      - we are under heavy spam attach
      - the version is no longer supported from mediawiki.

      The tasks to be done are:
      - upgrade to new version (requires access to change php files)
      - remove old inactive users and user created by spam attachers (requires mysql root access)
      - modify localSettings.php to disable spam attachers from creating accounts.
      - restart apache server (to activate the php changes)

      I will do these tasks, and afterwards to regular maintenance. If possible I would prefer to have my user granted access to the items needed, and not have root access.

        Activity

        Hide
        Andrea Pescetti added a comment -
        This proposal has been discussed on the ooo-dev mailing list, in the thread "Re: [Mwiki] New accounts by invitation only?" and has consensus.

        Note that the first step will just be to change one line in LocalSettings.php and it won't involve other changes or httpd restarts.

        However, committer Jan Iversen (jani) should be given the privileges needed to perform all tasks he described. More or less, they should be equivalent to the privileges that imacat has on that machine.
        Show
        Andrea Pescetti added a comment - This proposal has been discussed on the ooo-dev mailing list, in the thread "Re: [Mwiki] New accounts by invitation only?" and has consensus. Note that the first step will just be to change one line in LocalSettings.php and it won't involve other changes or httpd restarts. However, committer Jan Iversen (jani) should be given the privileges needed to perform all tasks he described. More or less, they should be equivalent to the privileges that imacat has on that machine.
        Hide
        Gavin added a comment -
        so why isnt imacat or rbircher doing the changes required? The main reason for their access was to perform maintenance and upgrades, this sounds like a perfect match for their access.
        Show
        Gavin added a comment - so why isnt imacat or rbircher doing the changes required? The main reason for their access was to perform maintenance and upgrades, this sounds like a perfect match for their access.
        Hide
        jan iversen added a comment -
        Thanks for your help, it will for sure expedite the issue, and once I am
        granted access I will act swiftly.

        I imacat also doing wiki work, so that is a place of information for me, or
        does the machine do lots of other tasks ?

        thanks again.
        Jan.



        Show
        jan iversen added a comment - Thanks for your help, it will for sure expedite the issue, and once I am granted access I will act swiftly. I imacat also doing wiki work, so that is a place of information for me, or does the machine do lots of other tasks ? thanks again. Jan.
        Hide
        Andrea Pescetti added a comment -
        In this particular moment, both rbircher and imacat are unresponsive. Thousands of new spam accounts have been created in the last few days and we need to address the problem soon and enlarge the admin team to have better coverage in future. So jani will be joining the admin team and also help in long-term maintenance, coordinating with existing admins.
        Show
        Andrea Pescetti added a comment - In this particular moment, both rbircher and imacat are unresponsive. Thousands of new spam accounts have been created in the last few days and we need to address the problem soon and enlarge the admin team to have better coverage in future. So jani will be joining the admin team and also help in long-term maintenance, coordinating with existing admins.
        Hide
        Gavin added a comment -
        ok will egt on it shortly, what is Jans apache ID ?
        Show
        Gavin added a comment - ok will egt on it shortly, what is Jans apache ID ?
        Hide
        jan iversen added a comment -
        my apache id is "jani" (jani@apache.org).

        Can you please also provide me with details machine etc, so I can get to it
        from my ssh terminal.

        thanks in advance.
        jan I.



        Show
        jan iversen added a comment - my apache id is "jani" ( jani@apache.org ). Can you please also provide me with details machine etc, so I can get to it from my ssh terminal. thanks in advance. jan I.
        Hide
        #asfinfra IRC Bot added a comment -
        <danielsh> The VM is called ooo-wiki.apache.org , can you add your ssh public key to id.apache.org
        Show
        #asfinfra IRC Bot added a comment - <danielsh> The VM is called ooo-wiki.apache.org , can you add your ssh public key to id.apache.org
        Hide
        jan iversen added a comment -
        It is uploaded now.

        Do you also have the mysql root password ?

        jan


        Show
        jan iversen added a comment - It is uploaded now. Do you also have the mysql root password ? jan
        Hide
        jan iversen added a comment -
        while I wait for ssh access, I installed winkey on my system to deal with opie.

        We have around 15.000 - 20.000 spam accounts and an unknown number of contributions (typically 1 pr account) in our wiki that needs urgently to be deleted (before they create even more problems). If nothing else it eats resources that could be used for more productive things.

        jani.
        Show
        jan iversen added a comment - while I wait for ssh access, I installed winkey on my system to deal with opie. We have around 15.000 - 20.000 spam accounts and an unknown number of contributions (typically 1 pr account) in our wiki that needs urgently to be deleted (before they create even more problems). If nothing else it eats resources that could be used for more productive things. jani.
        Hide
        Gavin added a comment -
        you should try logging in to ooo-wiki.apache.org now that your key is uploaded.
        Show
        Gavin added a comment - you should try logging in to ooo-wiki.apache.org now that your key is uploaded.
        Hide
        jan iversen added a comment -
        Thanks, however I feel quite stupid this morning, and do make a big apology.

        Windows mixed up (linefeeds) my ssh key !!

        I have now updated my ssh key in id.apache.org, copied it back to a file
        and done a diff with authorized_keys on people.apache.org.

        Can you please do it again...very sorry.

        Big thanks in advance.
        Jan I.


        Ps. Do you want to be kept in the loop, if any configuration changes are
        done to ooo-wiki at a later time ?



        Show
        jan iversen added a comment - Thanks, however I feel quite stupid this morning, and do make a big apology. Windows mixed up (linefeeds) my ssh key !! I have now updated my ssh key in id.apache.org, copied it back to a file and done a diff with authorized_keys on people.apache.org. Can you please do it again...very sorry. Big thanks in advance. Jan I. Ps. Do you want to be kept in the loop, if any configuration changes are done to ooo-wiki at a later time ?
        Hide
        #asfinfra IRC Bot added a comment -
        <danielsh> You have access to ooo-wiki.apache.org (you can get the SSH fingerprint via 'ssh-keyscan' from people.a.o). Re config changes you should inform either us or the PMC depending on the change
        Show
        #asfinfra IRC Bot added a comment - <danielsh> You have access to ooo-wiki.apache.org (you can get the SSH fingerprint via 'ssh-keyscan' from people.a.o). Re config changes you should inform either us or the PMC depending on the change
        Hide
        #asfinfra IRC Bot added a comment -
        <danielsh> In case it's not clear... the new key you've uploaded should be recognised by ooo-wiki now.
        Show
        #asfinfra IRC Bot added a comment - <danielsh> In case it's not clear... the new key you've uploaded should be recognised by ooo-wiki now.
        Hide
        jan iversen added a comment -
        THANKS...It works.

        Jan.


        Show
        jan iversen added a comment - THANKS...It works. Jan.
        Hide
        jan iversen added a comment -
        Thanks again for your help.
        Show
        jan iversen added a comment - Thanks again for your help.
        Hide
        #asfinfra IRC Bot added a comment -
        <danielsh> Run opiepasswd/ortpasswd
        Show
        #asfinfra IRC Bot added a comment - <danielsh> Run opiepasswd/ortpasswd
        Hide
        #asfinfra IRC Bot added a comment -
        <danielsh> Run opiepasswd/ortpasswd
        Show
        #asfinfra IRC Bot added a comment - <danielsh> Run opiepasswd/ortpasswd
        Hide
        jan iversen added a comment -
        I have connection now, works perfect.

        but when I run "opiepasswd" copy the challenge e.g. "otp-md5 498 oo8407 ext" to winkey, supply my password, compute...and paste the response e.g. SAFE ICY CAM JIBE FOAL DIED back. opiepasswd responds with:
         Error verifying response.

        I have tried with different passwords ? It worked once, replying with the response I pased in.

        Have I done something wrong, or has opie caught a bad password in one of my trials..

        Can you reset opie, or tell me what I do wrong, thanks in advance.

        Jan.
        Show
        jan iversen added a comment - I have connection now, works perfect. but when I run "opiepasswd" copy the challenge e.g. "otp-md5 498 oo8407 ext" to winkey, supply my password, compute...and paste the response e.g. SAFE ICY CAM JIBE FOAL DIED back. opiepasswd responds with:  Error verifying response. I have tried with different passwords ? It worked once, replying with the response I pased in. Have I done something wrong, or has opie caught a bad password in one of my trials.. Can you reset opie, or tell me what I do wrong, thanks in advance. Jan.
        Hide
        #asfinfra IRC Bot added a comment -
        <danielsh> Jan, never post the OPIE response anywhere, it's equivalent to your password. So we'll have to reset your opie state, and you must now pick a new opie secret.
        Show
        #asfinfra IRC Bot added a comment - <danielsh> Jan, never post the OPIE response anywhere, it's equivalent to your password. So we'll have to reset your opie state, and you must now pick a new opie secret.
        Hide
        jan iversen added a comment -
        Sorry...I thought opie was a one time password.

        But yes, I think something happened during me trying to get opipasswd to
        work, so a reset will be fine, and this time I will let winkey generate the
        response several times, to make sure I used the correct password.

        Sorry for the inconvenience, but these are new things to me.

        Jan I.


        Show
        jan iversen added a comment - Sorry...I thought opie was a one time password. But yes, I think something happened during me trying to get opipasswd to work, so a reset will be fine, and this time I will let winkey generate the response several times, to make sure I used the correct password. Sorry for the inconvenience, but these are new things to me. Jan I.
        Hide
        jan iversen added a comment -
        Did you reset opie ??

        It is still not working for me, same error...and the challenge has sequence 498 (I would expect 499 for the first time).

        Jan.
        Show
        jan iversen added a comment - Did you reset opie ?? It is still not working for me, same error...and the challenge has sequence 498 (I would expect 499 for the first time). Jan.
        Hide
        Gavin added a comment -
        opie reset
        Show
        Gavin added a comment - opie reset
        Hide
        jan iversen added a comment -
        I have made myself a new key phrase, and made a response to opiepasswd. The 6 words was accepted on sequence 499

        the I do a "sudo ls" and it comes with challenge sequence 498. I take that challenge and paste it into winkey, write my key phrase and computes a response. The response is pasted into sudo...and all I get is "sorry, try again"

        To check I have taken the original (sequence 499) from opiepasswd, write in in winkey, write my key phrase og look at the response...it matches what the original response to opiepasswd. So my key phrase is ok.

        Can it be that I am not in /etc/sudoers or am I doing something wrong ?

        Jan.
        Show
        jan iversen added a comment - I have made myself a new key phrase, and made a response to opiepasswd. The 6 words was accepted on sequence 499 the I do a "sudo ls" and it comes with challenge sequence 498. I take that challenge and paste it into winkey, write my key phrase and computes a response. The response is pasted into sudo...and all I get is "sorry, try again" To check I have taken the original (sequence 499) from opiepasswd, write in in winkey, write my key phrase og look at the response...it matches what the original response to opiepasswd. So my key phrase is ok. Can it be that I am not in /etc/sudoers or am I doing something wrong ? Jan.
        Hide
        Gavin added a comment -
        correct, once opie was set up, then we grant you sudo. I'll do that shortly.
        Show
        Gavin added a comment - correct, once opie was set up, then we grant you sudo. I'll do that shortly.
        Hide
        #asfinfra IRC Bot added a comment -
        <danielsh> Re your earlier comment, yes "opie" means "one-time passwords", but given that you reported opie errors that particular six-word-tuple that you posted might not have been "used up" yet.
        Show
        #asfinfra IRC Bot added a comment - <danielsh> Re your earlier comment, yes "opie" means "one-time passwords", but given that you reported opie errors that particular six-word-tuple that you posted might not have been "used up" yet.

          People

          • Assignee:
            Unassigned
            Reporter:
            jan iversen
          • Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development