• Which the release of FS2020 we see an explosition of activity on the forun and of course we are very happy to see this. But having all questions about FS2020 in one forum becomes a bit messy. So therefore we would like to ask you all to use the following guidelines when posting your questions:

    • Tag FS2020 specific questions with the MSFS2020 tag.
    • Questions about making 3D assets can be posted in the 3D asset design forum. Either post them in the subforum of the modelling tool you use or in the general forum if they are general.
    • Questions about aircraft design can be posted in the Aircraft design forum
    • Questions about airport design can be posted in the FS2020 airport design forum. Once airport development tools have been updated for FS2020 you can post tool speciifc questions in the subforums of those tools as well of course.
    • Questions about terrain design can be posted in the FS2020 terrain design forum.
    • Questions about SimConnect can be posted in the SimConnect forum.

    Any other question that is not specific to an aspect of development or tool can be posted in the General chat forum.

    By following these guidelines we make sure that the forums remain easy to read for everybody and also that the right people can find your post to answer it.

FSDeveloper Wiki

Do you use the FSDeveloper wiki?

  • Yes, and please keep the option for community members to contribute content

    Votes: 5 35.7%
  • Yes, but I'm fine with a readonly wiki

    Votes: 7 50.0%
  • No, it is out dated

    Votes: 1 7.1%
  • Other, please specify in a reply

    Votes: 1 7.1%

  • Total voters
    14

arno

Administrator
Staff member
FSDevConf team
Resource contributor
Messages
33,553
Country
netherlands
Today we had a spam attack on our Wiki again, so I have just cleaned many spam pages. These spam pages are posted by existing user accounts, probably with credentials leaked from other websites (reused passwords). I don't really fancy to do this kind of cleanup work often, as it is quite boring. So I am considering to make some changes to the wiki, for example by making it readonly. But before I do that I would like to know how many of you use the wiki and how you use it. So that we can find a good balance between what the users want and the admin load for keeping it clean and running.

Ideally a Wiki is open for edits, so that the entire community can contribute and the knowledge on it will grow. But the reality is that in all those years that we have the FSDeveloper Wiki (that must be over 15 years now), that only a dozen of users have made active contributions to the content of the Wiki. So the concept of the Wiki has never really taken off as I hoped initially.

But on the other hand closing the Wiki also does not feel right and at least the knowledge that is on it should be preserved somehow. So please let me know how you use it and what you think,
 
Perhaps it could be moderated and the entries/edits submitted to you instead? Since it appears there are not a lot of submissions this might not be too much work?
 
I'm voting for read only at this point. The spamming is increasing, and apparently coming from more than one source. Read only preserves the knowledge.
 
Does Read only mean that we can't make any new entries or changes to the current content? I do this from time to time with items I'm working on (BGL file format is one of them)
If this happens, I would have to find another way to share knowledge with developers. Let me know
 
Let me just apologize in advance in case it's me and not to admit I'm sleazy with FSDeveloper credentials, I just use my easy to remember passwords on sites that don't include financials. But couldn't you ask members who's login has been shared on the dark web to make a new password? Members who don't reply could get redirected to instructions on how to re enable posting.

If you set all posting including wiki editing to two factor verification, it would effectively kill shared password generated spam.
 
I would ask everyone to change their password now and to change it again every six months or so. I'm going to change mine now as I realize that I've have been using the same one for about 15 years.
 
Making the wiki read-only would indeed prevent changes being made (edits to pages or new pages). I'm not really in favour of that, since the idea of the wiki is we can all contribute.

Many years ago we had a link between the forum and wiki, so that the same login worked for both. That was broken when we switched to this forum software a while ago, but has left many wiki accounts with the forum logins from that moment. I'm tempted to see if I can remove all these old accounts or at least force a password reset on them all.

Maybe I should do the same for the forum, force a password reset on old accounts so that previous credentials don't work anymore.

Two factor authentication might be interesting to look at as well, but I'm not sure if that's supported.
 
Couldn't you simply set it so any modification or new post has to be approved by you? that way, if you get multiple bogus requests from the same users.. remove their accounts or force password reset..
 
I don't think the wiki software has moderation, that will require all kind of plugins again. Also some of the spam we have seen is from genuine and well known users. I think I will check the two factor authentication for the wiki, that should keep spammers out I hope.
 
Hi Arno,

I'm with edphipps on this.
Perhaps, before you try to implement 2FA, you may want to reset all PW of registered users, requiring them to enter new ones. It may well be enough.
 
Password reset initially, then read-only if that fails. I'd be disappointed if it needs to come to that because I still throw odd bits up there every now and again.
 
I have started to upgrade the wiki software to the latest version this morning. Unfortunately I can't directly go to the last one, so I need to install an intermediate version. This means the wiki will be down a bit longer.
 
Hi Folks

Arno -
How about just -
- Setting all accounts to BLOCKED, (use Mediawiki's PhpMyAdmin MySQL to set).
- Disabling new automatic signups

Whilst still in PhpMyAdmin, UNBLOCK your admin's accounts. ;-)

Then if any forum member wishes to contribute to the Mediawiki
have the user email a request to UNBLOCK their account.

Similarly for new account creation.

HTH
ATB
Paul
 
Last edited:
Hi Paul,

I plan to remove all old account that never posted anything on the wiki. And new account registration is already disabled. But first I need to finish that update
 
Might also be necessary to use a captcha for the login, because login/password/cookie can be done by an automated process.
 
Hi,

I have finished upgrading the wiki to a current version of the Mediawiki software now, so the wiki is back online.

Like I mentioned before we had a bridge between the forum and the wiki in the past. That meant that every forum account also became a wiki account. I have now removed all wiki accounts that never posted any content and that got rid of 98% of the accounts. So that is also 98% less change of a spammer getting in with some leaked credentials.

Of the remaining users who did make changes, I'll see if I can force a password reset on them. And hopefully we should be more safe then. If not we can always check things like two factor authentication (which is available by default on the new version of the wiki software).
 
Oh, and while logging in on the wiki after the update myself, I also found out that the new wiki version requires passwords to be at least 10 characters. So I was forced to change my password directly since it was shorter.
 
Back
Top