MediaWiki | White Fir Design Blog

Transferring MediaWiki to a New Web Hosting Account

If you need to transfer a MediaWiki website to a new hosting account, either at a new web host or another account at the same web host, the process usually isn’t too hard. But there are things that can go wrong, so below we go through the important things to do as you are working to accomplish that in way that leads to a smooth transfer.

Test Before You Switch

When doing a transfer like this, the best advice is to do a test of the transfer before you make the final switch over. That way, if any problems come up, you can work on resolving them without having to rush the process.

Transfer the Files

You will need to transfer the files from the old hosting account to the new one. That is usually most easily done using FTP or SFTP to copy the files from the old hosting account to a computer and then copying them from there to the new hosting. That also provides you with a backup of the files.

Transfer the Database

You will need to copy the database from the old hosting account to the new hosting. That is usually done through phpMyAdmin, to export a copy of the database from the old hosting account, and using it to import that copy of the database to a database on the new hosting. Though there may be other options depending on the hosting setup. You will need to create a database on the new server to import the existing database.

Update The Configuration File

Once you have copied the files and the database, you will need to update the MediaWiki configuration file, /LocalSettings.php , in the new hosting to have the credentials for the new database.

Plan for a Switch Over

After you have tested out everything and confirmed that it works, plan for a time to switch over to the new hosting. You will need to allocate time for recopying the database and if the files have changed, the files as well. You also need to allocate for the time it will take for the website’s domain name to point to the new web hosting.

You will also want to make sure that access at the old hosting is blocked, so no more changes are being made once you start the final transfer process.

Redo The Transfer and Point The Website’s Domain to New Hosting

Once you have made a final transfer of the database and possibly the files, you need to update the records for the website’s domain name to point to the new server.

Getting Help

If you need help with MediaWiki, we offer support and we offer a service specifically to handle transfers like this.

Web Spammers Also Abusing MediaWiki Websites at Major Universities

In looking over recent web spam activity, we have noted two trends. Abusing functionality of popular web software and doing that with websites from major universes. So another element of this isn’t surprising. Spammers are adding spam pages to websites running MediaWiki from major universities.

Here are the latest pages added to a Harvard hosted MediaWiki website:

And here are the latest pages added on a University of California, San Diego hosted MediaWiki website:

Both of those websites are running MediaWiki 1.16, which was only supported through November 2011. So these websites look to have long ago stopped being maintained.

MediaWiki provides various ways to restrict access to editing, which can prevent old websites from being overrun with spam like this when they are no longer actively intentionally edited.

If you have a website that has web spam content placed on it, we can help you to get it cleaned up and hardened to avoid additional issues.

You Might Need to Upgrade MediaWiki in Steps Even if the Manual Says Otherwise

It used to be that you could upgrade an older version of the MediaWiki software directly to the latest version. According to the manual for that, that officially changed as of version 1.36:

Since Version 1.36, MediaWiki only commits to supporting upgrades from two LTS releases ago (see phab:T259771). Upgrades from older versions of MediaWiki will have to be performed in multiple steps. This means that if you want to upgrade to 1.36 from 1.23 or earlier, you’ll first have to upgrade your 1.23 wiki to 1.27 (or 1.35), and, from 1.27 (or 1.35), you’ll be able to upgrade to 1.36.

We were brought in to do a MediaWiki upgrade for a website running version 1.31 recently. According to that information, that should have been upgradeable directly to the latest version, 1.39, as 1.31 and 1.35 are the two long-term support (LTS) versions before 1.39. Instead, when doing a direct upgrade, we found the website was broken. We also found that doing an intermediate upgrade to 1.35 before going to 1.39 produced the same result. What we found from further testing is that it needed to be upgraded to 1.33 before being upgraded to 1.39 to avoid the website being broken after the upgrade.

One way to avoid problems here would be to do an upgrade to each major version instead of skipping any. That approach isn’t necessarily very practical depending on the amount of time it takes to do each upgrade, which can be considerable depending on the particulars of the website and the server it is on.

Another way to avoid problems is to make sure to do a test of the upgrade first. That way you don’t find that the website is broken after the upgrade and you are trying to rush to fix the problem. As we were doing a test first, we could patiently look into the problem and found the easiest way to resolve it was to do that intermediate upgrade.

Outdated Versions of Joomla 2.5.x and 3.x Widely Used

Last month we spotlighted at the fact that 31 percent of Joomla websites checked with our Joomla Version Check tool during January were still running Joomla 1.5, for which supported ended September 2012. This month we decided to take a look at if websites that were running a supported Joomla series, either 2.5.x or 3.x, were being kept up to date based on last month’s data from the tool. Unlike websites still running Joomla 1.5 that need a more complicated migration to be brought up to a supported version, the upgrade process for websites running 2.5.x or 3.x is relatively simple. Keeping software running on a website up to date is a basic security measure, so if websites are not being kept up to date when it is relatively easy it shows that website security is in bad shape.

Joomla 2.5.18 was released during the month so Joomla 2.5.x websites would have been up to date if they running 2.5.17 or 2.5.18. Unfortunately 58 percent of the Joomla 2.5 websites were detected as running older versions (for some installations the tool only could tell they were using Joomla 2.5 and those listed as 2.5.x in the chart).

Joomla Version: 2.5.x: 12.30%, 2.5.0: 0.53%, 2.5.1: 1.60%, 2.5.2: 0.53%, 2.5.3: 0.53%, 2.5.4: 4.28%, 2.5.6: 6.95%, 2.5.7: 3.74%, 2.5.8: 5.88%, 2.5.9: 10.16%, 2.5.11: 9.09%, 2.5.13: 1.07%, 2.5.14: 9.63%, 2.5.15: 0.53%, 2.5.16: 3.74%, 2.5.17: 15.51%, 2.5.18: 13.90%

54 percent of the Joomla 2.5 websites checked contain known security vulnerabilities, as they are running versions below 2.5.15, the most recent release with security fixes.

For Joomla 3.x the results are slightly better as only 48 percent were detected running versions prior 3.2.1 or 3.2.2 (3.2.2 was release during the month alongside 2.5.18).

Joomla Version 3.x: 6.35%, 3.0.2: 3.17%, 3.0.3: 6.35%, 3.0.4: 1.59%, 3.1.1: 14.29%, 3.1.4: 1.59%, 3.1.5: 14.29, 3.2.0: 6.35%, 3.2.1: 26.98%, 3.2.2: 19.05%

41 percent of the Joomla 3.x websites checked contain known security vulnerabilities, as they are running versions below 3.1.6, the most recent release with security fixes.

Outdated WordPress and MediaWiki Versions Heavily Used Too

The results for the WordPress and MediaWiki websites checked during February using our tools for those pieces software were also not good.

For WordPress, 60 percent of the websites checked were running a version below the current series, 3.8.

WordPress Version: 2.5: 0.93%, 2.9: 0.46%, 3.0: 0.93%, 3.1: 1.39%, 3.2: 2.78%, 3.3: 6.02%, 3.4: 6.02%, 3.5: 15.28%, 3.6: 10.65%, 3.7: 15.74%, 3.8: 39.81%

For MediaWiki, 47 percent of the websites checked were running a series no longer supported. The currently supported versions are 1.19.x, 1.21.x, and 1.22.x.

MediaWiki Version: 1.14: 3.77%, 1.15: 7.55%, 1.16: 9.43%, 1.17: 9.43%, 1.18: 7.55%, 1.19: 18.87%, 1.20: 9.43%, 1.21: 15.09%, 1.22: 16.98%, 1.23: 1.89%

OWASP Website Running Outdated and Insecure Version of MediaWiki

The Open Web Application Security Project (OWASP) promotes itself as being “focused on improving the security of software”, but unfortunately they don’t even bother to keep the software running their website up to date. If you visit their website with our Meta Generator Version Check extension installed in your web browser (available for Chrome and Firefox) you will see that they are running an outdated version of MediaWiki:

OWASP has failed to update their MediaWiki installation for over a year, the next version, 1.18.1, was released in January of 2012. They failed to apply any of the five security updates that were released for version 1.18.x. Support for version 1.18.x of MediaWiki ended back in November, so they also should have moved to a supported version some time ago.

Keeping software up to date is one the basic steps and easier steps to keep software running a website secure. The fact that a project dedicated to security is failing to do that highlights how bad the state of security is and raises the questions if the security community is in fact actually interested in security.

Outdated Software Running on Websites of WordPress and Other Web Software

When the makers of web software talk about security they always emphasize the importance of keeping software updated. One of the developers of WordPress said it this way “The only thing that I can promise will keep your blog secure today and in the future is upgrading.” Keeping software updated is good advice, but isn’t advice that the software makers, including WordPress, always follow themselves.

We recently mentioned a pretty egregious example of this from OpenX. Their blog, where they recently said it is critical to keep software up to date, is running a version of WordPress that is over three years out of date. Also, the main portion of their website appears to be running a version of Drupal that is over a year out of date.

MediaWiki, the software the powers the Wikipedia, is run on portions of many web software websites so we decided that it would be a good choice to see if software makers are keeping other people’s software running on their website up to date. There are several ways to check what version of MediaWiki is running and the easiest way to check for outdated MediaWiki installations is to use our Meta Generator Version Check web browser extension, available for Firefox and Chrome. The extension will show a warning icon when a web page has a meta generator tag from an outdated version of web software.

For those not familiar with MediaWiki they currently provide security updates for the two most recent releases 1.17.x and 1.18.x. The most recent version of those releases 1.17.2 and 1.18.1, both of which were released on January 11. We update our web browser extension a month after a new version is released, so until then it will check for MediaiWiki versions below 1.17.1.

Before mentioning the websites running outdated versions it is worth noting that one website we checked was actually up to date. TYPO3’s TYPO3Wiki is running 1.18.1.

WordPress

The WordPress Codex is the most out of date as it is running 1.15.5, which is two supported releases out of date. Support for 1.15.x ended in December of 2010.

Zen Cart

The Zen Cart Wiki is one supported release out of date and running a version, 1.16.2, that that is three minor updates out of date. Support for 1.16.x ended in late November of last year.

Joomla

Joomla! Documentation is one supported release out of date and running a version, 1.16.4, that that is one minor update out of date.

phpBB

The phpBB Development Wiki is at least running the most recent version of 1.16.x, 1.16.5, but that release is no longer supported.

Moodle

MoodleDocs is at least running a supported release, 1.17.x, but the version, 1.17.0, is two minor updates out of date.