User blog:RRabbit42/Security issues at Wikia

Hello, Phinatics and Ferbaholics.

This is a quick update to address something that happened over the weekend that we need to be aware of. I will probably include some of this in the newsletter this weekend, but let's cover it now.

What happened is that some people figured out how to insert some Javascript code into wiki pages and it caused problems on several wikis. Wikia has temporarily shut off editing access to a few areas that admins are able to get to while they work on security updates. Until they get that done, when we've got an announcement, we can't use the normal pop-up message system. We'll have to do something like I'm doing right now, which is put it in a blog and then stick a notice about the blog on the main page or elsewhere.

This is also affecting our main page because the part that snags the messages from our Twitter account are not being updated when you go there right now. Check our Facebook account for the moment for other news.

Another part of what happened is that some accounts got broken into. When those accounts were admin and/or bureaucrat accounts, they were used to change user rights in order to commit vandalism.

You may be seeing pop-up notice advising you to change your password. It's a good idea to do that every so often and don't use the same password on more than one site. It may be a pain to remember extra passwords, but the more accounts on different places that are tied together, the more vulnerable they all are when they have something in common like the same user name or password.

If you would like to change your password, go to Special:ChangePassword. Here's some tips on choosing a strong password:


 * The longer the password is, the longer it takes to break into an account. Pick something that's at least 10 characters long.
 * Avoid using common words. For example, HistoryMajor is not a good password.
 * Add uppercase letters, numbers and symbols to your password. Don't put the last two right at the end if you can avoid it.
 * If you already have a number in your password and you want to change it, don't just add one onto the number. For example, don't change HistoryMajor3 to HistoryMajor4. That's too easy to guess.

Until this is straightened out, a few miscellaneous things here may not look quite right, but it will eventually get fixed. If you want to read a little more about what happened, head to Community Central and read the blog.