Referata War

From Theresa's Wiki
Jump to navigation Jump to search

The Referata War was when KMF first showed off her chivalry against wiki vandals. It lasted from September 2018 to May 2019 on Referata, but the rivalry between KMF and Delicious didn't end until July of 2019, as it continued on Editthis.

Combatants

Anti-Delicious team

  • KMF (aka KATMAKROFAN or KamafaDelgato021469)
  • Yaron Koren (Referata founder)
  • Routhwick (Referata metawiki admin)
  • Nutshinou (RC patroller on Editthis metawiki(
  • Rob Kohr (Editthis founder)
  • Auggie (Encyc founder)
  • Alexander (Encyc admin)
  • AngryBirdsFan (ToxicFandoms Referata admin)
  • Void (Miraheze steward)

Delicious and allies

  • Matt Heinberg (alias "Delicious")
  • "Mao Zedong Thought" vandal (an Encyc vandal who helped Delicious with his vandalism spree on that wiki)
  • "Sallythecat" (actually KMF spying on Delicious using an old OC from Scratch as a persona: created "KMFki" on Editthis to expose what Delicious really wanted, which was all possible KMF-related personal info)

Wikis and sites involved

Major role

  • Referata metawiki (The main site of the battle.)
  • Editthis metawiki (Where the aftermath occurred.)
  • ToxicFandoms on Referata (Targeted by Delicious during his hacking spree, but KMF undid his hacking via SiteSettings. She later moved the wiki to Byethost due to Delicious.)

Minor role

  • Miraheze metawiki (Delicious created a few KMF imposter accounts, which were promptly banned.)
  • KMF's personal Miraheze site (Delicious attacked this wiki by using a security hole in the "Widget" extension to redirect the main page to info obtained via doxxing. KMF reverted his edits and disabled the extension.)
  • Scratch (Delicious bragged about spamming KMF's IP on this educational programming site, but he seems to have been banned.)
  • Encyc (Delicious tried to attack, but KMF noticed and reverted him. They were both banned, however. Due to Delicious and another vandal, Encyc was temporarily closed, but later reopened. However, account creation has been turned off, and only admins can view special pages.)
  • MediaWiki official site (Used by Referata users to communicate with Yaron during the hacking spree.)
  • ToxicFandoms on Byethost (Delicious attacked this wiki, but was quickly reverted and banned by KMF. This wiki was later locked by KMF, and eventually deleted, due to the limitations of Byethost.)
  • CSCreators on Referata (Targeted by Delicious during his hacking spree. Unlike other wikis, the admins never reverted his actions.)
  • "KMFki" on Editthis (Created by Kamafa under the "Sallythecat" persona to spy on Delicious. Shut down.)
  • Various wikis created by or for Delicious (ubuntu.referata.com, delicious.referata.com, dwd.referata.com)
  • Domains hacked by Delicious (janneteller.dk, ecobox.me, influence.in, usual.in)

Timeline

The beginning

It began in September 2018, when a troll and scriptkiddie known as Delicious started spamming commonly-used templates on the Referata metawiki with an "ad script" for Delicious, a defunct social-bookmarking website. Because KMF had edited one of these templates earlier, she received an automatic Referata email about this. She set out to stop the vandal. A revert war ensued.

IP-grabbing

Some time in late 2018, KMF wanted to shut down Referata to end the Delicious war. She fell for a social-engineering trick by Delicious and got her IP address grabbed. He proceeded to spam it everywhere he could.

The end - or is it?

In December 2018, Yaron Koren, the founder of Referata, came back to the Metawiki and saw the shitshow. He proceeded to block several of Delicious's accounts. To KMF, it seemed like the end. But Delicious came back later, and continued the war. KMF thought that there was no end in sight.

The hacking spree

In late April 2019, Delicious got root access to Referata servers through an exploit in the "SiteSettings" extension. He proceeded to mess with the MediaWiki installations, the .htaccess file, and pretty much everything on the server. Around the same time, KMF started talking to Delicious on the Editthis metawiki, in an attempt to get him to stop.

Routhwick's cleanup operation

In early May 2019, while the hacking spree was still ongoing, Routhwick, a Referata metawiki admin, started to clean up the mess left by Delicious by blocking his accounts and deleting flotsam left over from the revert war. Delicious was angry and, using the root access he still had, started messing with CSS, adding random redirects, and basically interfering with cleanup. Around this point, Yaron made KMF an admin of the Referata metawiki.

The exploit is patched

KMF quickly got fed up. She asked Yaron on MediaWikiWiki to "put Referata out of its misery". However, shortly after this request was made, Delicious admitted to her on EditThis that he had used an exploit in the SiteSettings extension. She proceeded to tell Yaron about this exploit:

"Actually, scratch that. Apparently, he only got access because sitesettings allows you to upload any file (including .php) as a site logo, not just .png, .jpg, .jpeg, or .gif files. I suggest you:

  • Remove the ability to upload a site logo from the sitesettings extension. (This is no great loss, as the same effect can be achieved via common.css.)
  • Get rid of all files (including non-image files) that were uploaded via the site logo field of sitesettings.
  • Scour the referata servers and delete any and all suspicious .php files (anything with a .php suffix that isn't part of mediawiki, smw, or any other mw extensions is probably junk).

--Kamafa Delgato"

Yaron responded:

"THANK YOU, THANK YOU, THANK YOU! With this suggestion, you may have singlehandedly saved Referata. I don't know how you knew that was the problem (maybe I shouldn't ask), but plugging up that particular security hole seems to have prevented the hacker from getting in to the server. Referata is now running normally again, although it still needs some "love". I also checked in a fix to the Site Settings extension, here, although I'm pretty sure that no one else is running Site Settings other than Referata - which I'm now very glad about. Thank you again!"

This was the end of the war on Referata, but ever since then, Referata has been unbearably slow. Yaron said that this will be fixed in 2020, however.

The aftermath on EditThis

However, since KMF had spread the war to Editthis, it continued as a revert war, similar to its early days on Referata. Nutshinou got involved in this revert war as well, and also had his IP grabbed. However, KMF kept reverting. At one point, she got Rob Kohr to ban two Delicious accounts, but he just made more. As a result, the war continued until July 2019, 6 days after KMF's 16th birthday, when Delicious agreed to surrender.