Lots of spam

Jonathan · Post by **Jonathan** » Sat Apr 28, 2007 4:53 pm

I just reverted 12 edits by 11 spammers made in just a few hours. Is there anything that can be done about that other than manually chasing them?

Edit: I should note that each time typically 16 to 17 k of spam was added.

philippeqc · Post by **philippeqc** » Sat Apr 28, 2007 5:44 pm

Could the account creation be "downgraded" from fully automated to semi-automated. If someone manually check that an account created is valid, it should restrict the number of spam poster, and therefore the number of spam post. The good old "please write a short text why you would like to get edit access on our wiki" might do the trick.

Nota: I know noting of the current mechanism for account creation on the wiki.

-ph

Jonathan · Post by **Jonathan** » Sat Apr 28, 2007 6:04 pm

Currently 'anonymous' editing is allowed, i.e. editing under an IP address rather than a real account without registering, and there's a good reason for that.

Post by **Lucifer** » Sun Apr 29, 2007 2:06 am

It looks like all the spam we're getting now is from unregistered users. Maybe when email works again (sorry!) we can disable anonymous editing again.

Jonathan · Post by **Jonathan** » Thu May 10, 2007 10:06 am

What's the point of all this with rel="nofollow"?

Post by **Lucifer** » Thu May 10, 2007 5:12 pm

There isn't one, and there are a few rants floating around where your question is the thesis.

Jonathan · Post by **Jonathan** » Fri Jun 29, 2007 6:35 pm

Argh.

wrtlprnft · Post by **wrtlprnft** » Fri Jun 29, 2007 11:10 pm

Yesterday was even worse, twenty blocks by Jonathan (“just” twelve today). Usually Jonathan catches the spam before I see it, good job. I just fear that the amount will keep growing…

Jonathan · Post by **Jonathan** » Fri Jun 29, 2007 11:30 pm

I didn't feel like stitching several screenshots together. Clicking through rollback and block and edit forms while being careful not to block those who reverted spam (just imagine; they might become sysops too!) is bad enough.

Post by **Tank Program** » Sat Jun 30, 2007 9:09 am

:S

I'll see about installing something. I hope. (Again sorry for being a crap admin here.)

Post by **Lucifer** » Sat Jun 30, 2007 7:15 pm

The three measures I'd taken were:

* Install Bad Behavior
* Install SpamBlacklist (available from mediawiki's extensions directory in their svn repo)
* Add these lines to your .htacess file:

Code: Select all

SetEnvIf User-Agent ^$ spammer=yes     # block blank user agents

Order allow,deny
allow from all
deny from env=spammer

Last working version of bad behavior that I installed is attached.

http://wiki.davefancella.com/index.php/Special:Version <--- old wiki is still there so you can see what was installed

wrtlprnft · Post by **wrtlprnft** » Sat Jun 30, 2007 7:38 pm

Meh, I don't like these user agent checking things. They're really just delaying it, it won't take long for everyone to use an IE6 user agent.
There's a far better extension on wikipedia itself (at least it was there, dunno if it still is): You have to enter a captcha if you try to add an external link to a page. If someone finds this plugin, we could “personalize” it to make it output a random question specific to arma or something…

Post by **Lucifer** » Sat Jun 30, 2007 7:44 pm

Bad behavior does more than user-agent checks for precisely those reasons.

The .htacess hack is just a hack that most spammers have adapted to anyway, but for the ones that have not, letting apache do the work saves the load of running php for the request. The SpamBlacklist is a blacklist of known spambots (and their signatures) kept by mediawiki, and the data that feeds it mostly comes from wikipedia.

There's an interesting captcha project where the captchas also help digitize books. I'd prefer that one, if we use a captcha at all.