Wiki: A disaster waiting to happen?
Wiki's allow collaborative editing of web-sites.
Most wikis like the original c2 wiki allow anonymous users to modify the web pages, including complete deletion of contents or insertion of external links. Most of them do maintain backups, few don't.
A targeted script based attack can very easily modify/delete a large number of these pages by crawling through the wiki web. I am sure the admin's will try to recover, however they are pretty much helpless against a dedicated hacker, who can not only use the anonymizer services to post from different IP's, but may also use the drones normally used for DDOS attacks.
This is at least equivalent to denial of service attack in that it prevents people from viewing these web sites contents, which often host useful product & services related information. It is actually worse as it can replace the content with objectionable/inappropriate contents. It also obviously has the capability to surreptiously post links to adult/casino/mortgage sites. Link spamming can take on a whole new dimension - wiki spamming.
One solution is to allow modification to members who go through a registration process.
The process must employ some way to prevent automatic registration like letter recognition from an image etc. (like Hotmail email registration)
That way the problem can be contained and manageable as scripts cannot be used to affect the sites. Also protective actions can be taken like removing errant members, email verification etc.
Once the scripts are removed from the equation, the rest is easy.
A simpler solution which doesn't require registration is to ask the modifier to do letter recognition from an image. This simple measure retains the anonymous modifibility of wiki, yet locks out automatic scripts. It is still possible for humans to spread spamlove through wiki, however the effect will be manageable. And there is always option 1 which requires modifiers to register.
Filed under Technology, Web | 
| 
RSS 2.0 |
Trackback this Article
| 
Email this Article
You may also like to read |
November 28th, 2004 at 5:31 am
the disaster is already happening, there are lots of scripts attacking widely used software such as usemod.
If you’re considering a captcha system please notice that image recognition will cut out blind people and such.
November 28th, 2004 at 8:07 am
Wiki is really no substitute for a properly designed content authoring system such as WebDAV, which can make use of standard authentication and authorisation to provide content security. Given the low cost of ownership of modern DAV servers, I’m amazed that people are still using Wiki.
November 28th, 2004 at 11:48 am
I’ll preface this post with the fact that I’m the founder of Atlassian, and team lead of Confluence - the professional wiki
I think you raise a valid point, but one that should be dealt with sensibly rather than irrationally.
Locking everyone out of your wiki raises the barrier to contribute content, hence losing the beauty of the wiki in the first place (anyone can contribute content!).
In the wilds of the public internet, these things can be scary - giving up control always is.
In a corporate or organisational environment, your wiki is usually behind your firewall of some description so you don’t really need to worry about these sort of attacks.
Enforcing registration for users is one solution, but surely only a temporary one - if someone wants to scribble on your wiki badly enough, they can easily script the user registration.
Other solutions include having rollback features so that if someone does abuse it, you can simply roll back and having notification features so that you know when someone abuses your wiki.
As for the “disaster waiting to happen” - c2 gets attacked, wiped, deleted etc regularly, yet it is still around and still full of useful content - that is the best indication to me that it works
Cheers,
Mike
November 28th, 2004 at 2:30 pm
Mike,
Good to have your input. I have tried to address your points below.
> Locking everyone out of your wiki raises the barrier to contribute content, hence losing the beauty of the wiki in the first place (anyone can contribute content!).
I am definitely not suggesting to lockout people from wiki. All I am saying is that they register and identify that they are humans by image recognition, a technique wildly used by free email providers like hotmail etc.
And the process/approval is automatic and requires no intervention from wiki administrators.
Another option which I added to the post is that they do image recognition before each modification. That way they still don’t have to register.
> In a corporate or organisational environment, your wiki is usually behind your firewall of some description so you don’t really need to worry about these sort of attacks.
That is a common misconception. Corporate networks can be equally subjected to insider attacks, which can be equally damaging, if not more.
In fact I think the greatest challenge is with corporations who have decided to use it internally. Even simple changes to a wiki system which is viewed widely by employees can be disastrous. Imagine someone falsely posting about resignation of a key official on a “trusted” wiki, while the stock market is still open!
> if someone wants to scribble on your wiki badly enough, they can easily script the user registration.
Not with image recognition. It is very hard for todays image recognition systems to recgnize a scrambled image as is presented in many of such tests. Only a human being can properly identify them. To prove it to your satisfaction you can try using a script/program to recognize the yahoo/hotmail image which is presented for verification.
> Other solutions include having rollback features so that if someone does abuse it, you can simply roll back and having notification features so that you know when someone abuses your wiki.
The problem with the system is that it will overflood when extensive modifications to multiple pages are being made on a continuous basis to thousands of pages at a time by thousads of drones from different parts of the internet.
The key point of the post is that such system is clearly inadequate for handling the sophisticated spammers of today.
> As for the “disaster waiting to happen” - c2 gets attacked, wiped, deleted etc regularly, yet it is still around and still full of useful content - that is the best indication to me that it works
As I said its waiting to happen
It would be interesting to see how it copes against a script based distributed attack instead of few pain-in-the-neck humans.
The fact that it is safe today doesn’t in the least ensure that it will be safe tomorrow. In fact the same logic could’ve been used to say WTC is safe on 8/11.
Angsuman
November 28th, 2004 at 2:41 pm
Gad,
Thanks for your input. You have raised a valid point:
> If you’re considering a captcha system please notice that image recognition will cut out blind people and such.
I have to admit I wasn’t thinking about them in this post. What would be your solution to a challenge which can be solved by a blind person, yet not by an automated script?
Angsuman
November 28th, 2004 at 8:42 pm
One possible solution is to use a system similar to Google’s Gmail member invitations. Where people would request an invitation from a current member. It’s still not all that difficult to get a membership and use it for spamming but it probably makes it just difficult enough that it’s not worth it for the spammers. Plus you have the added capability of cutting of a member’s invitations if they give invitations to a threshold number of people who turn out to be spammers.
And it wouldn’t affect blind people. Only people with social anxiety disorders.
November 29th, 2004 at 4:16 am
In regard to Mike’s comment that “c2 gets attacked, wiped, deleted etc regularly, yet it is still around and still full of useful content” I would note that c2 has a lot of users who can (and will) clean up the spam. When a wiki has only a few active users, the ongoing effort to keep the wiki clean can easily erase the value that the wiki provides.
On a somewhat related topic, the TWiki people have been trying to publicize a nasty security bug in which “an attacker is able to execute arbitrary shell commands with the privileges of the web server process.” One of my friends has already been bitten by this, with his webhosting account having been frozen by the provider… apparently the attacker was using the wiki to send spam.
November 29th, 2004 at 5:37 am
dunno. I’m on the side of “ask a little dumb question”. something like “enter 2 + 2″ “last letter in foo” and so on. not a real solution anyway. It seems that paypal ask you if you want to listen to a sound.
Anyway, two interesting ideas coming from a loooong multiple thread on comp.lang.ruby (rubygarden.org’s wiki used to get spammed a lot).
- changing /slightly/ an interface seem to lock out most bots (in this case not allowing lowercase HTTP in links)
- make the wiki not appetible by killing direct external references (i.e. via google redirect or xrl.us or qurl.net) seem to lock out most humans
November 30th, 2004 at 2:33 am
Having an alternate challenge which is audio based is usually used for visually impaired users.
Regarding the image recognition of “captcha”, there are a few softwares that do indeed work most of the time: http://www.cs.berkeley.edu/~mori/gimpy/gimpy.html is one.
http://www.captcha.net/ has links to current state of the art in both fields (captcha and captcha solvers).
November 30th, 2004 at 4:44 am
Thanks for the informative comments everone.
Subject: Image based captcha’s
I did look at captcha. As you all probably know gimpy & its enhanced version are currently solvable with a high degree of accuracy. And when you have scripts, even a 10% accuracy is fine! I am sure there are enhanced version of captcha’s which have/will raise the bar significantly to make it unfeasible. In fact the site had references to some, haven’t checked them yet. Also if you look at Yahoo, they seem to be using an enhanced version themselves.
To improve captcha’s I think we should use a combination of techniques and use a subset for each image generated. That way even with existing techniques we make the probability for guessing.
Interestingly we are promoting the use of spammers money to create really innovative image recognition algorithms
November 30th, 2004 at 4:57 am
Brady,
Thanks for your input. I have tried to voice my concern below. Let me know what are your thoughts.
> One possible solution is to use a system similar to Google’s Gmail member invitations. Where people would request an invitation from a current member. I
> And it wouldn’t affect blind people. Only people with social anxiety disorders.
What concerns me is that this is severely limiting the accessibility of a Wiki and hampers its free flow nature. How many people do you think will go through all the trouble to get a referral so he can post for free
In fact I think the Orkut and Gmail is a failure, if their objective was to use it as catcha. Having said that I am not really sure what their objective was other than to reduce the user pool.
Also as many of my friends in valley said that they had problems getting access to either of them even with their extensive network.
Imagine how difficult would it be for blind people!
How many blind people, who browses internet, do we know? Personally I know none.
I wonder if it would be even more limiting than using image based captcha’s…What are your thoughts?
As JM has kindly pointed out:
> Having an alternate challenge which is audio based is usually used for visually impaired users.
That is definitely the most appealing alternative which is used by PayPal. The key concern is that soon voice recognition software will be used by spammers to overcome that challenge. And it is harder to distort voice much, considering that even the monotone robotic voice is hard to understand for some human’s
However this may be the best we got at this time…
November 30th, 2004 at 5:29 am
Doug has further validated my concerns in his post above.
Gab has provided some exciting options:
Thanks Gab.
> I’m on the side of “ask a little dumb question”. something like “enter 2 + 2″ “last letter in foo” and so on. not a real solution anyway. It seems that paypal ask you if you want to listen to a sound.
I think its an excellent idea!
I was also thinking along the same lines. Could be simple mathemetical puzzles or relationship puzzles like - A is father of C and B is sister of C, so….
In essence simple puzzles which can be solved by any humans and requires too much to do to make it iinfeasible for computers. The set of question should be randomly selected from a large evolving set to make it effective. Also automcatic non-structural modifiers may be used like adjectives to prevent simple pattern matching.
The success of this set is however limited by how much variety we can produce in creating these questions. Looks like an automated generator could be the way to go. A program to beat programs
> - changing /slightly/ an interface seem to lock out most bots (in this case not allowing lowercase HTTP in links)
But then it will work only for sometime till they wise up.
> - make the wiki not appetible by killing direct external references (i.e. via google redirect or xrl.us or qurl.net) seem to lock out most humans
That is an interesting proposition. However that still doesn’t prevent them from posting inappropriate content on site and create textual references. However this is something that might be useful in conjuction with other meaasures.
What do you all think?
March 11th, 2005 at 5:45 pm
[...] deleted after say 30 days. However word filtering is just the tip of the iceberg. We need image and/or audio recognition to weed out scipted comment postings. And an automated way to add the off [...]
March 31st, 2005 at 4:03 am
Just a thought.. if a program only gets 10% accuracy trying to guess an image, it’d be trivial to ban the script from the wiki (get the picture wrong 5 times? IP ban for an hour)
March 31st, 2005 at 5:11 pm
@Tim True, unless they use list of (anonymous) proxies to access the website.
July 5th, 2005 at 4:30 pm
It needs to be recognized that many in the wiki community do not see this as a problem. They believe in SoftSecurity and are unwilling to violate wikiness by implementing authorization schemes. Wiki is more of a philosophy than a mechanism to these people, they are not looking for a security system. It is a good idea to become acquainted with the ideas of soft security, why they believe hard security is a losing game and why they choose to leave their system open, depending on a group of dedicated gardeners to restore the site. Some may say that it is the nature of wiki for information to be created and destroyed and that is what it is. That does not make for a reliable information system in the quality of service sense “always on” but that may not be the purpose of wiki to them.
July 5th, 2005 at 8:00 pm
@Steve
> They believe in SoftSecurity and are unwilling to violate wikiness by implementing authorization schemes.
That doesn’t seem to be working anymore.
Ward’s Wiki has caved in to comment spamming and closed the doors to everyone but a select few (so I have been told as I am not one of the select few). In fact Ward’s wiki has a CAPTCHA, only the code to write is nowhere visible.
> why they believe hard security is a losing game
I disagree. With the advent of comment spamming “soft security” cannot survive, not in the face of continuous assault by thousands of bots from bot farms using compromised windows machines.
> That does not make for a reliable information system in the quality of service sense “always on” but that may not be the purpose of wiki to them.
Whatever may be the purpose if it is not available to the users then how can it serve it?
November 28th, 2005 at 12:25 am
[...] Neil found ethical spammers in his wiki (read about wiki spamming) who left a note after they spammed: < !– We leave content intact . We allow you to easily remove the additions . –> < !– We respect your pages and appologize for the spam . –> < !– We are the Ethical Spammers group . (this is an oximoron - two terms that are put together but are opposed meaning) . –> [...]