Someone spamming actualism wiki

Wow someone made a gajillion users on the actualism wiki:

Any thoughts how to mitigate this?

Extension:ConfirmAccount - MediaWiki something like this might help …

Perhaps disabling user account creation for the time being?

Yes! Done, ty for idea

It’s bizarre someone bothered to do that, even knowing it exists is pretty rare, let alone running whatever program they needed to vandalize the account creation.

That’s why I find it somewhat amusing despite the work it forces to do… Get a life! :grinning:

@claudiu: now I have time again, I downloaded the ConfirmAccount-REL1_39-72a0de9.tar.gz file but I can’t upload it to /var/www/mediawiki/extensions.

I’ve tried with Filezila (but I can’t find the right path surely because of docker); with the scp command; with and without “docker exec -it wiki-actualism-online-prod bash”; etc.

I must be combining some commands/expressions wrong. I remember having already gone through this and solved it, but I prefer to save time and effort so: If I had the file in c: on my PC, what would be a proper command?

I use Git for Windows, my name-PC is Miguel@PC-Miguel MINGW64 and I am logging in to

Ah yes so step 1 is to scp or filezilla it to the server, to e.g. to /home/wiki/ConfirmAccount.tar.gz

Then from the server shell you copy it into docker, e.g.:

docker cp /home/wiki/ConfirmAccount.tar.gz wiki-actualism-online-prod:/var/www/mediawiki/extensions/ConfirmAccount.tar.gz

Now when you do docker exec -it ... bash , the ConfirmAccount.tar.gz will be on the docker container’s file system, and you can unzip it install it etc…

1 Like

Also if you are able to have the time, we probably want to purge all the spam users — and instead of deleting each manually or even in an automated way, maybe the best way is to restore wiki to a backup from before they were made? I think they started ~Dec 23rd or so, and I don’t think any genuine wiki pages were edited since…

My guess is this may be a work of a bot, no?

My guess is someone made a bot to spam wiki pages to promote stuff on google search (each user’s talk page has some auto generated text), and they’re always hunting for more sites …

But I’m having problems with step 1! That’s why I asked: if I had the file in c: on my PC, what would be the proper (I mean, complete) command to upload it? Could you write it here to compare with my attempts?

From your computer:

scp c:/path/on/your/computer/ConfirmAccount.tar.gz

The problem is:

that you tried to upload it to this path ^

Instead you have to upload to /home/wiki/... first (and then follow the remaining instructions to get it into the docker container)

Oh, I’ll try that


The command

scp c:/ConfirmAccount-REL1_39-72a0de9.tar.gz

returned the error

“Could not resolve hostname c: Temporary failure in name resolution”

Searching on Internet I tried

scp /ConfirmAccount-REL1_39-72a0de9.tar.gz

which gave

“The authenticity of host ‘ (’ can’t be established.
ECDSA key fingerprint is SHA256:9rqnHqjPUAi/t9PkE/nnPlT9WS18K5BQWgl2hqCn99E.
Are you sure you want to continue connecting (yes/no/[fingerprint])?”

But after “yes”:

“Warning: Permanently added ‘,’ (ECDSA) to the list of known hosts. Permission denied (publickey).
lost connection”

Trying to run the same from (using the DigitalOcean console)
gave the same results…

May be scp is expecting an SSH server running on Windows…? :thinking:

Ah you need to use your private key to scp – the same one you use to ssh. On linux scp the flag is -I path/to/private/key

But also note that FileZilla will work just as well for this initial step, if that’s something that works more easily for you.

I couldn’t get it to work. The same message appear with

scp -i /c/Users/Miguel/.ssh/id_rsa /c/ConfirmAccount-REL1_39-72a0de9.tar.gz

Notice that ‘/c/Users/Miguel/.ssh/id_rsa’ is exactly the path shown by Ubuntu when I log in.
I’ve tried without quotation marks, with c: instead of /c/ in both paths, etc.

So I completed this first step with FileZilla, but if you understand what it’s wrong with scp, I would like to make it work.

Now I’ll see how it goes with the rest.


Capital i on the flag :slight_smile: -I not -i

That’s how I wrote the command first, but this was/is the result:


Ah ok my mistake

Can you post the same screenshot but running the command from your local computer with the lowercase (-i ) flag? I’m not exactly sure what the error is

If it’s permission denied , are you sure it’s the same key as used with filezilla?