On 11/20/2012 07:31, Herbert Duerr wrote:
On 20.11.2012 12:46, tj wrote:
Can I get lazy consensus on requiring users to request Mwiki accounts on
a ML? Temporarily or permanently, I don't know.
I agree that for the current spam attack this is the most reasonable
solution.
After that period the the registration captcha should become more
difficult for robots. In a related discussion from last June [1] Imacat
suggested to make the registration harder using stronger captchas. The
SimpleCatcha from the ConfirmEdit extension is too simple, but there are
plenty of other good alternatives [2].
[1] http://markmail.org/message/qmcwg4ibhhfb7ba7
[2] http://www.mediawiki.org/wiki/Extension:ConfirmEdit
If possible I also suggest to disable/remove all registrations that were
probably created by these spambots using e.g the criteria:
- signed up a for a while or contributions
- no edits/contributions whatsoever
Any Administrator ("sysop") can create a new user account. I will
research what change is required to block other sign-up methods.
Currently, Mwiki is under massive attack by spammers. Thanks to the
valiant efforts of volunteers Adailton, Helen russian, Pitonyak, and
Yak, we are staying even: the lifetime of spam may be a few hours, but
is usually only a few minutes.
However, the spammers are creating new spam accounts (the pattern in the
names is quite apparent) at a rate of one every minute or two, and 24/7.
We cannot survive that kind of onslaught indefinitely.
Thank you very much for fighting this!
On a related note I submitted [3] a MediaWiki feature request to default
to disabling registrations as being newsworthy enough for the
RecentChanges page.
[3] https://bugzilla.wikimedia.org/show_bug.cgi?id=42045
Herbert
Thanks, Herbert.
On [3], I agree completely, and would suggest that the link says,
"_Show_ registrations" (hidden by default).
On [2], will look at the extension when I can think better.
IMHO, we need some MySQL work at the root level:
1) delete all accounts over 1 year old with no edits. This will produce
shocking results: probably 80% of accounts will vanish. Good. Save
script to be run monthly.
2) delete all accounts from the last couple of weeks with no edits.
One-time anti-spam effort.
3) delete all blocked accounts and all blocks. One-time effort. Our
problem is very different from Wp. We very rarely have to chastise some
individual spammer; they are few enough that we can block them again, if
necessary. This will also get rid of the "backscatter", which has
actually helped us by interfering with the spammers' use of dial-up
lines, but now will only inconvenience our users.
Volunteers to do this are very welcome.
/tj/
