Hi. see below please.
On 22 November 2012 19:56, C <smau...@gmail.com> wrote: > Hi everyone. > > TJ pointed me at the Wiki Spam problem. I can try to lend a hand. > A hand is always welcome. > > Who is responsible for the Wiki backend? I can help out with a few > changes, but I need to get in touch with whoever is managing that. > Will they give me access to the backend? (especially to the MW config > file and the Wiki directory) > I am currently getting access to the backend, and will on the middle term plan and execute an upgrade of the system, and do the maintenance. There are pretty tough restrictions on access, but that should not stop you from bringing ideas, and I can (in a day or two) give you more details on the current backend. You are welcome to write directly to me, so we do not overload the dev list. Simply put, the Wiki is under a scripting attack (Spam users are being > created in spurts. Sometimes several per minute), and it will not > stop until some drastic temp measures are put in place - ie locking > down all edits on the Wiki until the spam is dealt with. The admins > might keep up with the spam volume now, but... that can't go on > forever. in the space of an hour, I've blocked 30 spam accounts and > associated pages (content is the usual SEO spam on all kinds of > topics). To give you an idea of the scope of the problem, the Wiki is > getting an average of one new spam page every 3 minutes, or around > 300+ spam pages per day, and I'll bet money that will only increase. > I know it is bad, I have checked on a couple of spam-statistic pages, as well as a wiki forum. There seems however to be relatively simple countermeasures. > > A few things should happen to start to take care of this problem... > > 1. The Wiki should be locked down temporarily - a banner on the main > page can alert users that this is a temp issue and to hang in there > while it's sorted out. > That would only slow the attack, not stop it, or we have to take it down for quite a while. Shop-attackers keep tryng for at least a week. > 2. The Wiki *needs* to be updated - this is part of the problem, old > MW engine. This must not be done on the live Wiki - the extensions > need to be tested against the new engine on an offline copy. > Agree, the idea is to do an upgrade on a test machine. > 3. A *real* Captcha needs to be implemented. The simple math Captcha > that's in place right now is way too easy to defeat... as is apparent > by the scripting attack underway. If a more complex Captcha is not > acceptable, then an alternative such as Flagged Revisions should be > considered (it can be set up so that users who have some defined > number of valid edits have all edits auto promoted - this way admins > don't have to authorize all edits, just edits from new users). > That is good ideas, the flagged revision is something useful independent of spam. > > You don't have to set it up with admin approval on new accounts (I saw > this in the archived discussions on the problem)... but that's a > possibility as well. This does add a lot of overhead for the admins > though. How do you determine if it's a real user or a bot? As well, > this doesn't deal with the fact that there are literally 100s of spam > accounts sitting there... validated as real accounts, waiting in the > wings to be used. > Well it is at least a simple solution, that buys time. > > If this situation is left as is... the admins are going to get tired > of deleting 100s of pages and banning 100s of user accounts per day. > It's not much fun (for experience when I was dealing with this same > issue a couple of years ago). > Agreed, there is a little group of volunteers (incl. TJ) who have done a fantastic job to limit/eliminate the effect of the current attack, but for sure we need to be better prepared, which is one of the reasons the community decided to have a person who do maintenance (apart from the normal admin jobs). But again a hand is welcome, so lets discuss a bit more about what can/should be done. Jan > > > Clayton >
