Skip to content

[Archive] Restricting Wiki editing to collaborators due to spam edits #16284

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
kbdharun opened this issue Apr 28, 2025 · 1 comment
Open

[Archive] Restricting Wiki editing to collaborators due to spam edits #16284

kbdharun opened this issue Apr 28, 2025 · 1 comment
Labels
archive Archive of changes made in tldr-pages, etc. security Issues/PRs related to security.

Comments

@kbdharun
Copy link
Member

kbdharun commented Apr 28, 2025
edited
Loading

Incident Report

Context

Till now, tldr wiki has been open to edits from the community where anyone with a GitHub account can make changes like adding their client, etc. We had a spam edit in the past, which led to me integrating the wiki's Atom feed with Element's Feeds add-on to notify maintainers in our chatroom about the Wiki edits. While this worked as intended most of the time, it missed a few edits, and it's easy to miss in the active chatroom (like it occurred in the current case).

Image

Incident

Coming back, on Saturday 26th of April 2025, a user edited our wiki, replacing its Home page with Crypto spam text.

Image

Image

This edit was discovered by @Managor (16 hours later) on 27th April, via the Feeds bot in the Chatroom, who brought it to my attention in the Chatroom.

Incident Response

I immediately restricted Wiki edits to collaborators only (something we have been discussing for a while across issues and in the chatroom) and reported the user to GitHub Trust & Safety team via a detailed write-up in GitHub support (and as of 28th the user's account has been taken down, will attach the email down below).

tldr-wiki-spam-report.pdf

Remediation

Then I cloned the repository and reverted the spam commit (along with Managor's test commit to see if collaborators can edit wiki) and force pushed it bringing it to the older state (since GitHub commit hashes are immutable the commit contents are still available at https://github.com/tldr-pages/tldr/wiki/Home/_compare/0636e7a65e6a598d5dfc7d67ef94d5aad1a9a1c9, even if the user got banned [Note: I have attached it here for reference purposes only, don't navigate to any links present there]).

Post-Remediation

Now that the Wiki edits are restricted to collaborators, I came back to discuss #12300 in the chatroom but using it will cause issues (if a collaborator edits the Wiki but not the file in repo and bidirectional actions aren't ideal from a security standpoint).

So for Wiki edits, I would like to propose creating an issue template and adding it to the header of Wiki pages to redirect client authors and users to the relevant place. What do you guys think of this?

Related Issues

Closes #12300
@kbdharun kbdharun added archive Archive of changes made in tldr-pages, etc. security Issues/PRs related to security. labels Apr 28, 2025
@tldr-pages tldr-pages locked and limited conversation to collaborators Apr 28, 2025
@jxu
Copy link
Collaborator

jxu commented Apr 28, 2025

For sure. There was no PR process for the wiki?

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
archive Archive of changes made in tldr-pages, etc. security Issues/PRs related to security.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jxu @kbdharun