On Thu, 22 Nov 2012 19:56:52 +0100 C <smau...@gmail.com> wrote: > Hi everyone. > > TJ pointed me at the Wiki Spam problem. I can try to lend a hand. > > Who is responsible for the Wiki backend? I can help out with a few > changes, but I need to get in touch with whoever is managing that. > Will they give me access to the backend? (especially to the MW config > file and the Wiki directory) > > Simply put, the Wiki is under a scripting attack (Spam users are being > created in spurts. Sometimes several per minute), and it will not > stop until some drastic temp measures are put in place - ie locking > down all edits on the Wiki until the spam is dealt with. The admins > might keep up with the spam volume now, but... that can't go on > forever. in the space of an hour, I've blocked 30 spam accounts and > associated pages (content is the usual SEO spam on all kinds of > topics). To give you an idea of the scope of the problem, the Wiki is > getting an average of one new spam page every 3 minutes, or around > 300+ spam pages per day, and I'll bet money that will only increase. > > A few things should happen to start to take care of this problem... > > 1. The Wiki should be locked down temporarily - a banner on the main > page can alert users that this is a temp issue and to hang in there > while it's sorted out. > 2. The Wiki *needs* to be updated - this is part of the problem, old > MW engine. This must not be done on the live Wiki - the extensions > need to be tested against the new engine on an offline copy. > 3. A *real* Captcha needs to be implemented. The simple math Captcha > that's in place right now is way too easy to defeat... as is apparent > by the scripting attack underway. If a more complex Captcha is not > acceptable, then an alternative such as Flagged Revisions should be > considered (it can be set up so that users who have some defined > number of valid edits have all edits auto promoted - this way admins > don't have to authorize all edits, just edits from new users). > > You don't have to set it up with admin approval on new accounts (I saw > this in the archived discussions on the problem)... but that's a > possibility as well. This does add a lot of overhead for the admins > though. How do you determine if it's a real user or a bot? As well, > this doesn't deal with the fact that there are literally 100s of spam > accounts sitting there... validated as real accounts, waiting in the > wings to be used. > > If this situation is left as is... the admins are going to get tired > of deleting 100s of pages and banning 100s of user accounts per day. > It's not much fun (for experience when I was dealing with this same > issue a couple of years ago). > > > Clayton > Purely out of interest, do any of the Wiki moderators see any general theme to the spam attacks?
On the En-Forum a new User's initial post is queued until moderated - approved or disapproved. Most of the obvious spam is caught at the moderation stage and the Moderator also bans that User. It can happen that a User posts some innocuous posts to pass the first post moderation count and later edits his sig or his postings to introduce spamlinks. These are caught by careful housekeeping of the moderator logs. -- Rory O'Farrell <ofarr...@iol.ie>
