Wikipediocracy

Yesterday, someone tried to reset the root password on our host account.

It didn't succeed, of course, but then (using the same IP) they tried to register a second account on the forum here.

They already had an account here. That would be a [finger quotes] "sock."

It was a fumbling, awkward series of moves, like a drunk frat boy trying unsuccessfully to remove his first brassiere.



This sort of nonsense is fairly common.

It's just that this odd series of events was apparently performed by a sitting Wikipedia Arbcom member.

This is their notice that if they try such shenanigans again, I will inform the requisite authorities of the violation of law such intrusions represent.

The hosting company keeps accurate logs.

NYB should be ashamed of himself.

Zoloft wrote:Yesterday, someone tried to reset the root password on our host account. It didn't succeed, of course, but then (using the same IP) they tried to register a second account on the forum here. They already had an account here. That would be a [finger quotes] "sock." It was a fumbling, awkward series of moves, like a drunk frat boy trying unsuccessfully to remove his first brassiere.

This sort of nonsense is fairly common. It's just that this odd series of events was apparently performed by a sitting Wikipedia Arbcom member. This is their notice that if they try such shenanigans again, I will inform the requisite authorities of the violation of law such intrusions represent. The hosting company keeps accurate logs.

Wow. Socking is one thing but hacking is an unlawful activity, and depending on circumstances and practicality of prosecution can carry a term of imprisonment as penalty. I imagine you've triplechecked your data and assumptions, Zoloft. Tens of thousands of people can use a single IP, I think, but realistically at a moderately trafficked site like this, I'd suppose you can review logs and probe with your tools and get pretty solid level of confidence it's the same guy (and site member!) poking around. I can't believe whoever would've been stupid enough to hack from his regular home Internet connection?!

Humbly I'd suggest you challenge every assumption you have, triplecheck every datapoint, and invite the other sysops to review the incident. Times like these it'd be nice to have a checkuser on tap to run down the suspected Arbcom connection. It'd be indefensible for him or her to checkuser the Wikipedia account but perhaps fair game on the IP, given a tip-off that it's engaged in hacking and socking and believed to have a Wikipedia connection.

I'd like to see a front-page blog article on this, seems like it would get main-stream press attention, but I figure it'd be inherently difficult to get the high level of certainty needed. Again, wow.

PS: Nice work spotting and handling this event, Zoloft. It'd be a shame if someone got in and wiped out the database. I mean Wikipediocracy is not the Washington Post or Christian Science Monitor, but there've been some decent front page features, and even in the forum there's sometimes insightful and influential conversation amidst the chatter and routine.

Edited to insert postscript.

Zoloft wrote:Yesterday, someone tried to reset the root password on our host account.

It didn't succeed, of course, but then (using the same IP) they tried to register a second account on the forum here.

They already had an account here. That would be a [finger quotes] "sock."

It was a fumbling, awkward series of moves, like a drunk frat boy trying unsuccessfully to remove his first brassiere.



This sort of nonsense is fairly common.

It's just that this odd series of events was apparently performed by a sitting Wikipedia Arbcom member.

This is their notice that if they try such shenanigans again, I will inform the requisite authorities of the violation of law such intrusions represent.

The hosting company keeps accurate logs.

You should bring it up with the appropriate authorities now. I'd name who you think it is too - otherwise too easy to dismiss as pot-stirring.

I raised this at the Trustees' forum. I wanted to understand whether it was malicious or accidental. It doesn't seem as though it was accidental. I mean, I don't know really what a root password is for an internet server, and I wouldn't have the faintest idea where to look for one. This suggests that anyone actively looking to change it must have had some idea what they were doing. But I'm not an expert.

There is no doubt about the identity of the arbitrator, I'll say that much.

lilburne wrote:NYB should be ashamed of himself.

It wasn't NYB.

lilburne wrote:NYB should be ashamed of himself.

I don't think Newyorkbrad has the technical ability to perform such actions. Furthermore, he's a lawyer and would know what THAT would bring down on his head.

Peter Damian wrote:I wanted to understand whether it was malicious or accidental.

No way in hell it was accidental IMHO. Attempting to reset the password on another poster's account MIGHT be accidental due to auto-form-fill-screwups filling in the wrong account name. Attempted resetting of the host's password requires knowledge of where to look.

Zoloft wrote:It's just that this odd series of events was apparently performed by a sitting Wikipedia Arbcom member.

Are you sure? Pretty much anybody with the technical know-how to do it would know to use an open proxy, tor, or a VPN. Additionally, they'd know that resetting the password isn't going to work.

Zoloft wrote:It's just that this odd series of events was apparently performed by a sitting Wikipedia Arbcom member.

This is their notice that if they try such shenanigans again, I will inform the requisite authorities of the violation of law such intrusions represent.

Have you contacted ArbCom directly about your suspicions? There aren't any guarantees that the Arbitrators that visit this forum will bring the matter up on their mailing lists.

I sent Zoloft the following PM when I first saw this post. Based on the further comments in this thread, i'll say it again here.

Given that NYB and I are the only two (to the best of my knowledge) sitting arbcom members who use Wikipediocracy, and the respect that I have NYB - I'm going to guess that you're pointing the finger at me.

I have no knowledge of the events you are describing, I did not perform them. What's more, I do not know how or where you could try to reset the rooot password on your host account.

If it is indeed me that you believe is the culprit, I would ask that you not "hold off", but instead go ahead and take the action that you mention.

Dave

Just when you thought you were running short on ...

turnedworm wrote:I sent Zoloft the following PM when I first saw this post. Based on the further comments in this thread, i'll say it again here.

Given that NYB and I are the only two (to the best of my knowledge) sitting arbcom members who use Wikipediocracy, and the respect that I have NYB - I'm going to guess that you're pointing the finger at me.

I have no knowledge of the events you are describing, I did not perform them. What's more, I do not know how or where you could try to reset the rooot password on your host account.

If it is indeed me that you believe is the culprit, I would ask that you not "hold off", but instead go ahead and take the action that you mention.

Dave

Newyorkbrad and you aren't the only Arbitrators here. I recall AGK posting here in this forums' early days. There might be more, but I don't recall.

I'm not sure what evidence Zololf is basing his suspicions on (Email address from the account creation attempt?), but I find the idea that an Arbitrator would do this hard to believe.

HRIP7 wrote:

lilburne wrote:NYB should be ashamed of himself.

It wasn't NYB.

It was a fumbling, awkward series of moves, like a drunk frat boy trying unsuccessfully to remove his first brassiere.

Ah I misread.

Michaeldsuarez wrote:

turnedworm wrote:I sent Zoloft the following PM when I first saw this post. Based on the further comments in this thread, i'll say it again here.

Given that NYB and I are the only two (to the best of my knowledge) sitting arbcom members who use Wikipediocracy...

Newyorkbrad and you aren't the only Arbitrators here. I recall AGK posting here in this forums' early days. There might be more, but I don't recall. I'm not sure what evidence Zololf is basing his suspicions on (Email address from the account creation attempt?), but I find the idea that an Arbitrator would do this hard to believe.

I read AGK was in Hong Kong at Wikimania 2013 living the high life on the charity's dime with Sue Gardner and Oliver Keyes, breaking only to cast the final "save Oliver" vote in his and Kiefer's arbitration. Wikimania ended Sunday, and AGK couldn't really have returned by yesterday (Monday) could he? Lilburne's first comment re: NYB was so absurd a prospect that I took it as humor. Wormthatturned has just issued a public and unequivocal denial. There could be yet other arbs with accounts here.

I love a good whodunnit, and I think the thread is within the limits of propriety right now, but I caution the good people behind Wikipediocracy to avoid a direct statement of hacking against an other-than-merely-pseudonymous arbitrator, because I believe that would be an allegation of criminality. That is, unless you have a good faith and reasoned belief to do that.

Zoloft wrote:Yesterday, someone tried to reset the root password on our host account.

What do you mean by this, exactly? The root of your own (presumably some flavor of unix) server on which this resides? Or did they click the "Forgot password" link on the support site, i.e. this ?

If it's the latter, that may be on a bit shakier grounds irt "hacking", if the authorities get involved.

I take it that when Z says host account he's not talking about the phpBB or wordpress apps but fastdomain account.

Tarc wrote:

Zoloft wrote:Yesterday, someone tried to reset the root password on our host account.

What do you mean by this, exactly? The root of your own (presumably some flavor of unix) server on which this resides? Or did they click the "Forgot password" link on the support site, i.e. this ?

If it's the latter, that may be on a bit shakier grounds irt "hacking", if the authorities get involved.

As the speculation isn't helpful let's be clear what the events were.

1) We got the standard security email along the lines of "Someone has tried to change the password for the hosting package".
2) Zoloft was able to tie that via the IP address used to a new account request named obviously as related to the old account.
3) The old account was then able to log in at about the same time.

I am inclined to the thought that there was a confusion that led to trying to reset the password rather than a deliberate hacking attempt, as there wasn't any attempt at disguising the user. However, there are other possibilities (compromised account, stupidity, maliciousness). We were just surprised that if someone fell down the rabbit hole and found themselves at the door, trying to force the door is inappropriate (though I can understand rattling the door handle out of curiosity).

The point of Zoloft's post is that if someone was having some bright idea, they have been warned off, but as mentioned, it is not exactly clear and we should not put down to maliciousness what can easily be explained by beer or incompetence.

That sounds like massive technology skills failure to me, rather than an attempt at hacking. Particularly because of the "named obviously as related to the old account".

As someone who was hacked multiple times several years ago, and knew exactly who was doing it, I have to say it isn't very likely you'd be able to get the authorities to prosecute whoever was responsible for this. When I tried to do that in my own case, what I learned is that any offense that's committed across state lines falls under FBI jurisdiction, but the FBI doesn't have the resources to investigate any attack that causes less than $5000 worth of damage. That was in 2005, but I don't imagine this is likely to have changed since then.

Another thing you can do is report them to their ISP, but ISPs won't typically take action about things like this unless they have a string of complaints from multiple sources about a single customer.

If the perpetrator really is a member of ArbCom, and you determine that it really was an actual attempt at hacking, I think the best thing you can do is publicize the identity of who was responsible. It's going to be a major embarrassment for someone in a position of authority to have it revealed they were doing this.

Captain Occam wrote:If the perpetrator really is a member of ArbCom, and you determine that it really was an actual attempt at hacking, I think the best thing you can do is publicize the identity of who was responsible. It's going to be a major embarrassment for someone in a position of authority to have it revealed they were doing this.

As I said, it isn't really clear whether this was incompetence or otherwise, so we are awaiting an explanation. It might have been better to await the explanation (or failure to explain) before posting this thread in retrospect, consider it an irritated outburst for now.

Michaeldsuarez wrote:Newyorkbrad and you aren't the only Arbitrators here. I recall AGK posting here in this forums' early days. There might be more, but I don't recall.

Kirill also has an account here, though he hasn't used it. NuclearWarfare has an account and made one post.

Why do drunk frat boys put on brassieres in the first place if they have trouble getting them off? Is it a rite of passage?

Moonage Daydream wrote:Why do drunk frat boys put on brassieres in the first place if they have trouble getting them off? Is it a rite of passage?

It's mutual assurance of trust. The initiate puts on the brassiere to show that he trusts the other frat boys not to put video of him wearing the brassiere on Youtube. Likewise, the other frat boys know they can trust him, because he's demonstrated his trust in them, and of course they wouldn't hesitate to put the video on Youtube if the initiate were to betray the frat in any way whatsoever. As for being unable to get the brassiere off, that's mostly due to the fact that frat boys are idiots.

Triptych wrote:

Michaeldsuarez wrote:

turnedworm wrote:I sent Zoloft the following PM when I first saw this post. Based on the further comments in this thread, i'll say it again here.

Given that NYB and I are the only two (to the best of my knowledge) sitting arbcom members who use Wikipediocracy...

Newyorkbrad and you aren't the only Arbitrators here. I recall AGK posting here in this forums' early days. There might be more, but I don't recall. I'm not sure what evidence Zololf is basing his suspicions on (Email address from the account creation attempt?), but I find the idea that an Arbitrator would do this hard to believe.

I read AGK was in Hong Kong at Wikimania 2013 living the high life on the charity's dime with Sue Gardner and Oliver Keyes, breaking only to cast the final "save Oliver" vote in his and Kiefer's arbitration. Wikimania ended Sunday, and AGK couldn't really have returned by yesterday (Monday) could he?

I wasn't saying that it was AGK. I was just telling turnedworm that he or she and Newyorkbrad aren't the only two Arbitrators who have posted here in the past.

The person involved has contacted us via our support email.
I will report more details here in a little while.

Midsize Jake wrote:... that's mostly due to the fact that frat boys are idiots.

Hahaha ... true for most young men, not just frat boys.

TungstenCarbide wrote:

Midsize Jake wrote:... that's mostly due to the fact that frat boys are idiots.

Hahaha ... true for most young men, not just frat boys.

Young?

Hex wrote:That sounds like massive technology skills failure to me, rather than an attempt at hacking. Particularly because of the "named obviously as related to the old account".

The Arbitrator (no need to smudge him further) admitted to going to our server host, entering the domain name, and clicking on 'change password.'

The password change confirmation was sent to our admin email.

I can't see any reason to do that, but he claims he thought that was how you changed your forum password. He expected another dialog box asking for his account name.



Why didn't he just ask for help? Because he doesn't trust us.

I have given the member a new password and details on how to use the reset and password recovery features in the forum.

Because I do trust him.

Changing the topic title a bit to reflect reality.

Zoloft wrote: I have given the member a new password and details on how to use the reset and password recovery features in the forum.

Because I do trust him.

Did you read him his Carmen Miranda rights first?

Seriously, though, it's another example with Wikipedia where you can't decide whether they are idiots first and douchebags second, or the other way around.

Zoloft wrote: The Arbitrator (no need to smudge him further) admitted to going to our server host, entering the domain name, and clicking on 'change password.' The password change confirmation was sent to our admin email. I can't see any reason to do that, but he claims he thought that was how you changed your forum password. He expected another dialog box asking for his account name.

Bravo to the arb for addressing this alarming matter head on. I don't know what the particular screen looked like, or how he happened to get there, but when one has sixteen windows open or whatever, and one's attention is distracted, it seems plausible enough to me.

Because he wasn't named, the arbitrator was not "smudged." Perhaps Arbcom generally was smudged, but how could one tell? It's a smudgery already.

Zoloft wrote:

Hex wrote:That sounds like massive technology skills failure to me, rather than an attempt at hacking. Particularly because of the "named obviously as related to the old account".

The Arbitrator (no need to smudge him further) admitted to going to our server host, entering the domain name, and clicking on 'change password.'

The password change confirmation was sent to our admin email.

I can't see any reason to do that, but he claims he thought that was how you changed your forum password. He expected another dialog box asking for his account name.



Why didn't he just ask for help? Because he doesn't trust us.

I have given the member a new password and details on how to use the reset and password recovery features in the forum.

Because I do trust him.

Changing the topic title a bit to reflect reality.

Sounds plausible. Glad this got sorted out before it became messy.

Even now that we've learned this apparently wasn't malicious, I still think it might be beneficial for the Wikipedia community to know who it was, because not knowing how to reset one's password on a forum shows a lot of naivety about web-based software. By being trusted with the checkuser tool, and being given the responsibility to determine which account are and aren't sockpuppets, arbitrators are expected to have a certain level of technical knowledge. From what I've heard, making correct judgements using checkuser requires considerably more technical skill than resetting a forum password. If a member of ArbCom honestly didn't know how to do the latter, I think maybe the Wikipedia community should have the opportunity to make a judgement about whether the same person should be trusted to do the former.

It takes a certain amount of technical nouse to track down a websites hosting service.

Bollocks.

No way anyone even halfway competant gets to the server host domain password reset page by accident. It would be difficult for a non techie to do it in ignorance. How did they find the page? Its hardly easy to find. There is no way anyone trusted with the technical tools and access to restricted info on enwp would make that mistake.

So yes, bollocks. Report it to the relevant authorities, forget about it after that. AGF does not mean you are blind and dumb.

-edit- I see lilburne pipped me to it. Remember quite a few people on this forum are far more than tech-literate, as an ex sysadmin, attacks on the server where you can identify the culprits are not tolerated. Seriously, they went with they thought they were changing their forum password? Pah!

lilburne wrote:It takes a certain amount of technical nounce to track down a websites hosting service.

Not if you've been getting lots of e-mails from other Wikipedians that "helpfully suggest" who to contact when you want to file a spurious legal complaint...?

Anroth wrote:Bollocks.

No way anyone even halfway competant gets to the server host domain password reset page by accident. It would be difficult for a non techie to do it in ignorance. How did they find the page? Its hardly easy to find. There is no way anyone trusted with the technical tools and access to restricted info on enwp would make that mistake.

So yes, bollocks. Report it to the relevant authorities, forget about it after that. AGF does not mean you are blind and dumb.

-edit- I see lilburne pipped me to it. Remember quite a few people on this forum are far more than tech-literate, as an ex sysadmin, attacks on the server where you can identify the culprits are not tolerated. Seriously, they went with they thought they were changing their forum password? Pah!

The explanation was plausible to me at least. Putting in http://wikipediocracy.com/controlpanel redirects you here https://my.bluehost.com/cgi/account/cpanel?goto_uri=/ . The subdirectory 'controlpanel' is apparently standard on some other boards.

Perhaps it should have been clear at this point that they had reached the page of the host, not of the website, but perhaps they failed to notice due to stress at having lost the password.

If you then click ‘forgot password’ it takes you to this https://my.bluehost.com/cgi/forgot , which also identifies the page as belonging to the host, not the website. If you go any further (please don't as the moderators will be cross with me) it emails the administrator account at Wikipediocracy.

Midsize Jake wrote:

lilburne wrote:It takes a certain amount of technical nounce to track down a websites hosting service.

Not if you've been getting lots of e-mails from other Wikipedians that "helpfully suggest" who to contact when you want to file a spurious legal complaint...?

Hmmm cant see a reset password link next to login I'm trying to make. Search emails for hosting site, navigate through that to find link to reset another password. We should be glad he didn't go of and try to reset the root password for the internet.

Peter Damian wrote:The explanation was plausible to me at least. Putting in http://wikipediocracy.com/controlpanel redirects you here https://my.bluehost.com/cgi/account/cpanel?goto_uri=/ . The subdirectory 'controlpanel' is apparently standard on some other boards.

Still not buying it. Controlpanel is standard yes, but its standard for admin tools. Not user level. Also this is basically a stock forum, half the people here who have admin'd on similar forums could navigate it blindfolded.

Anroth wrote:

Peter Damian wrote:The explanation was plausible to me at least. Putting in http://wikipediocracy.com/controlpanel redirects you here https://my.bluehost.com/cgi/account/cpanel?goto_uri=/ . The subdirectory 'controlpanel' is apparently standard on some other boards.

Still not buying it. Controlpanel is standard yes, but its standard for admin tools. Not user level. Also this is basically a stock forum, half the people here who have admin'd on similar forums could navigate it blindfolded.

So they are technically competent enough to know that it was the hosting control panel but at the same time they are so technically incompetent they thought that they could "hack" the server by clicking a link? There was no harm done. They've offered a plausible explanation. Let's leave it there instead of making into something that it isn't.

Once again, for people who need help with the forum or the blog or the wiki, our support is available at:

support @ wikipediocracy . com

Just remove the spaces.

Moonage Daydream wrote:They've offered a plausible explanation.

Yes, agreed. They forgot their password on a site where they are too afraid of contacting the hosts to get the password reset. Typical hare-brained, clumsy, doddering muckety-muck who is perfectly suited to arbitrate Wikipedia's most difficult user cases.

I think we're pretty much done here.

If you believe you need to add more, PM me.