[Pmwiki-users] IP logging on UPLOADS

Fabio Reis Cecin frcecin
Wed May 5 16:04:15 CDT 2004


On 5 May 2004 at 15:27, Pmwiki-users-request at pmichaud.com wrote:

> Date: Wed, 5 May 2004 15:26:52 -0600
> From: "Patrick R. Michaud" <pmichaud at pobox.com>
> To: Kass Lloyd <raekwon at usa.net>
> 
> On Wed, May 05, 2004 at 04:59:04PM -0400, Kass Lloyd wrote:
> > Please explain to me where this is logged for every file uploaded? I
> > don't see it in RecentUploads and no file contains them for what I can
> > tell. This is VERY VERY VERY IMPORANT TO DO.
> 
> It's not logged.  Where should it be logged?
> 
> As far as importance of this feature, it's not that I disagree with you
> (I don't), but it hasn't come up as a priority before now.  Add this to
> http://www.pmwiki.com/wiki/Development/DevelopmentPriority and we'll
> see who agrees on the need for it (or we can see if these messages spark
> any similar comments/concerns from pmwiki-users).
> 
> Pm

I think it's more important to keep the uploads to virus-free file types 
and such (no ".doc"s, ".exe"s, etc.) which can be already configured
by wikiadmins. 

A megabyte quota (maximum of X megabytes uploaded from the same 
IP address in Y period of time) would difficult the work of scripts that 
tried to trash the wiki with uploads; that would be nice. A bit more work
than doing IP logging, but I think it would be a more definitive feature, 
and you would log only attempts to exceed the quota (possible attacks).

Then add a manual IP ban-list option for IPs that show frequently on 
the log, and that's it.

Buit actually, I was more concerned about mass page revision attacks. 
Does PmWiki protect against those? (somebody using a looping script 
to keep changing a page with garbage and trashing the restore feature).
I believe not many wikis bother with this, but anyway, here it is.

I believe that all of this is not critical - you should always save frequent 
backups of your entire wiki anyways :-) that solves all problems with
wiki trashing and you should do it anyway to prevent data loss from
"regular" failures...

Fabio



More information about the pmwiki-users mailing list