IdeaWell

Project ideas from Hacker News discussions.

Wikipedia was in read-only mode following mass admin account compromise

Original Article

Hacker News Discussion

📝 Discussion Summary (Click to expand)

1. Privileged JavaScript editing is a critical security flaw
The worm spread because a staff account with interface‑admin rights was allowed to edit MediaWiki:Common.js without review or 2‑FA.

“Any user with interface administrator status can change global JavaScript or CSS for all users on a given Wiki with no review.” – Wikipedianon
“The user who ran this test is a Staff Security Engineer at WMF… and decided to do this test under their highly‑privileged Wikimedia Foundation staff account.” – tux3

2. The incident was human‑error, not a sophisticated attack
A 2‑year‑old malicious script from Russian Wikipedia was accidentally loaded during a production test.

“They decided to just start loading random user scripts… One of those random scripts was a 2‑year‑old malicious script from ruwiki.” – tux3
“It was really just humans playing with an old library. It should be safe, using their own automation, clean and benign.” – HoldOnAMinute

3. The debate over client‑side JavaScript vs static sites
Many commenters argue that heavy JS is a security and performance liability, while others defend its utility.

“Too much app logic in the client side (Javascript) has always been an attack vector.” – j45
“If you need to run some code and learn what happens when 100 million people hit it at once… you ship it and prepare to roll back if anything even starts to look fishy.” – withinboredom

4. Wikipedia’s resilience through backups and quick restoration
The community stresses that even a day‑long loss of edits is tolerable thanks to frequent snapshots and the ability to revert.

“If they reset to several days ago and lose, say, thousands of edits, even tens of thousands of minor edits, they’re still in a pretty good place.” – Extropy_
“Snapshotting is a very low‑overhead operation, so you can make them very frequently and then expire them after some time.” – Kiboneu

These four themes capture the dominant concerns and viewpoints in the discussion.

🚀 Project Ideas

WikiGuard

Summary

  • Real‑time monitoring of MediaWiki pages that can contain executable code (e.g., MediaWiki:Common.js, User:* scripts).
  • Automatic detection of suspicious patterns (e.g., repeated script injection, large payloads, obfuscated code).
  • One‑click rollback to the last known clean snapshot or to a user‑selected revision.
  • Alerts to admins via email, Slack, or the MediaWiki interface.

Details

Key Value
Target Audience MediaWiki site administrators, especially those managing large wikis (Wikipedia, Wikidata, community wikis).
Core Feature Continuous change‑watching, anomaly detection, automated rollback, audit trail.
Tech Stack Node.js + Express for the backend, PostgreSQL for state, MediaWiki API for diff/rollback, WebSocket for real‑time alerts.
Difficulty Medium
Monetization Revenue‑ready: subscription tiers ($10/mo for small wikis, $50/mo for enterprise).

Notes

  • HN commenters lamented the worm spreading because “no one noticed the change to Common.js until after damage.” (e.g., “We had to turn the Wiki read‑only.”)
  • A tool that flags the injection immediately would spark discussion on best‑practice monitoring.
  • The rollback feature directly addresses the “hard to reconcile state” pain point raised by many.

ScriptSafe

Summary

  • Sandbox and static‑analysis engine for MediaWiki user scripts.
  • Enforces a strict CSP, disallows network requests to unknown domains, and blocks DOM manipulation that could hide UI elements.
  • Provides a curated marketplace of vetted scripts with version history and community ratings.
  • Integrates with MediaWiki’s user‑script system to automatically apply only approved scripts.

Details

Key Value
Target Audience Power users and developers who create or use custom MediaWiki user scripts.
Core Feature Automated sandboxing, CSP enforcement, script vetting, marketplace.
Tech Stack Rust (for sandbox), WebAssembly, MediaWiki API, React for marketplace UI.
Difficulty High
Monetization Revenue‑ready: freemium with premium vetted scripts ($5/mo).

Notes

  • The worm “hid UI elements that would reveal the infection” – a direct symptom of unreviewed scripts. (e.g., “It uses jQuery to hide UI elements.”)
  • By providing a safe execution environment, users can still enjoy customization without the risk of malicious code.
  • The marketplace encourages community discussion and sharing of best practices.

WikiBackup Vault

Summary

  • Continuous, immutable snapshot service for any MediaWiki instance.
  • Snapshots taken every 15 minutes, stored in a tamper‑evident log.
  • Easy restore to any point, with diff comparison and selective page restoration.
  • Integrates with CI/CD pipelines to trigger automated backups on deployment.

Details

Key Value
Target Audience Wiki operators, backup engineers, compliance teams.
Core Feature Frequent snapshots, immutable storage, restore UI, diff viewer.
Tech Stack Go for backend, MinIO for object storage, Terraform for infrastructure, MediaWiki API for restore.
Difficulty Medium
Monetization Revenue‑ready: tiered storage pricing ($0.02/GB‑month for small wikis, enterprise contracts).

Notes

  • “We had to revert to a snapshot and then replay all edits” was a pain point. (e.g., “We can snapshot every 15 minutes.”)
  • The service would reduce downtime and simplify forensic analysis after incidents.
  • HN users interested in “backup” and “restore” would find this directly useful.

AuthShield

Summary

  • MediaWiki extension that forces two‑factor authentication for any privileged action (editing Common.js, running Special:Nuke, etc.).
  • Provides audit logs, real‑time alerts, and a “one‑time‑use” token system for emergency edits.
  • Integrates with existing TOTP or U2F providers.

Details

Key Value
Target Audience MediaWiki administrators, security teams.
Core Feature 2FA enforcement, audit trail, emergency bypass.
Tech Stack PHP (extension), Redis for token storage, Google Authenticator API.
Difficulty Medium
Monetization Hobby (open source) – optional paid support.

Notes

  • Commenters noted that “any admin could edit global JS without 2FA” caused the worm. (e.g., “Any admin could edit global JS without a review.”)
  • Enforcing 2FA would raise the bar for accidental or malicious propagation.
  • The audit logs would help in post‑incident investigations, a topic frequently discussed in the thread.

Read Later