Hi everyone. TJ pointed me at the Wiki Spam problem. I can try to lend a hand.
Who is responsible for the Wiki backend? I can help out with a few changes, but I need to get in touch with whoever is managing that. Will they give me access to the backend? (especially to the MW config file and the Wiki directory) Simply put, the Wiki is under a scripting attack (Spam users are being created in spurts. Sometimes several per minute), and it will not stop until some drastic temp measures are put in place - ie locking down all edits on the Wiki until the spam is dealt with. The admins might keep up with the spam volume now, but... that can't go on forever. in the space of an hour, I've blocked 30 spam accounts and associated pages (content is the usual SEO spam on all kinds of topics). To give you an idea of the scope of the problem, the Wiki is getting an average of one new spam page every 3 minutes, or around 300+ spam pages per day, and I'll bet money that will only increase. A few things should happen to start to take care of this problem... 1. The Wiki should be locked down temporarily - a banner on the main page can alert users that this is a temp issue and to hang in there while it's sorted out. 2. The Wiki *needs* to be updated - this is part of the problem, old MW engine. This must not be done on the live Wiki - the extensions need to be tested against the new engine on an offline copy. 3. A *real* Captcha needs to be implemented. The simple math Captcha that's in place right now is way too easy to defeat... as is apparent by the scripting attack underway. If a more complex Captcha is not acceptable, then an alternative such as Flagged Revisions should be considered (it can be set up so that users who have some defined number of valid edits have all edits auto promoted - this way admins don't have to authorize all edits, just edits from new users). You don't have to set it up with admin approval on new accounts (I saw this in the archived discussions on the problem)... but that's a possibility as well. This does add a lot of overhead for the admins though. How do you determine if it's a real user or a bot? As well, this doesn't deal with the fact that there are literally 100s of spam accounts sitting there... validated as real accounts, waiting in the wings to be used. If this situation is left as is... the admins are going to get tired of deleting 100s of pages and banning 100s of user accounts per day. It's not much fun (for experience when I was dealing with this same issue a couple of years ago). Clayton
