Author Topic: Wiki Spammers  (Read 6235 times)

Offline FlyingRagnar

  • Dragon Quest Wiki Staff
  • ***
  • Posts: 111
    • View Profile
    • Dragon Quest Wiki
Wiki Spammers
« on: September 22, 2011, 03:18:33 PM »
Recently we have had some problems with wiki spammers.  So far, I haven't been able to stop them altogether. 

The spammers create an account, then upload an image and create a page with spam that contains the image.  It's usually nothing vulgar, just random junk.  I tightened up the permissions and made more privileges required a confirmed email address.  However, I found that the spammers were using legit 'throw away' email addresses and confirming the accounts. 

They are most likely bots, but they most be somewhat complex to be giving an email address and then confirming it.  The IP addresses come from all over.  I've moved more privs into 'autoconfirmed' but I'm not sure how to stop them.   Any other wikis had problems?

Offline Greenpickle

  • Forum Administrator
  • *****
  • Posts: 470
  • Gender: Male
    • View Profile
    • My site
Re: Wiki Spammers
« Reply #1 on: September 23, 2011, 08:33:29 AM »
Porplemontage installed some sort of Captcha at Pikipedia when we had similar spam going on, and it stopped altogether.

Offline FlyingRagnar

  • Dragon Quest Wiki Staff
  • ***
  • Posts: 111
    • View Profile
    • Dragon Quest Wiki
Re: Wiki Spammers
« Reply #2 on: October 04, 2011, 07:53:53 PM »
In case anyone is ever curious or has a similar problem, here is how I solved our issues.  I'm not sure if they were bots or just human spammers, but they were creating new accounts, supplying an email address, and then verifying the email link.  That means that they were 'emailconfirmed' users, making it hard to limit their privileges without effecting other normal users. 

The issue was that these spammers were using "throw away" email addresses to register.  MediaWiki does not currently have any standard protection against this.  I was able to stop them by adding the following to LocalSettings.php.

Code: [Select]
$wgHooks['AbortNewAccount'][] = 'noMailinator';

function noMailinator( $user, $message ) {
if( preg_match( '/@(mailinator|binkmail|zippymail|devnullmail|mailinator2|bobmail|safetymail|tradermail|thisisnotmyrealemail|suremail|spamherelots|dispostable)/i', $user->getEmail() )) {
$message = 'One-time-use email services are forbidden on the Dragon Quest Wiki';
return false;
}
return true;
}


Offline FlyingRagnar

  • Dragon Quest Wiki Staff
  • ***
  • Posts: 111
    • View Profile
    • Dragon Quest Wiki
Re: Wiki Spammers
« Reply #3 on: April 09, 2012, 01:21:03 PM »
Since joining NIWA, we have had an influx of spammers hit the wiki.  We are using the ConfirmEdit extension to use CAPTCHA on account creation so it would seem that they are human spammers and not bots. 

Do any of the other wikis use a spam blacklist or something of that nature?  I'm curious how big wikis like Mario and Bulbapedia combat spam.

Offline Moydow

  • NIWA Coordinator
  • Forum Administrator
  • *****
  • Posts: 483
    • View Profile
    • Fire Emblem Wiki
Re: Wiki Spammers
« Reply #4 on: April 09, 2012, 03:07:51 PM »
StrategyWiki and a few others use SpamBlacklist and Title Blacklist. StrategyWiki's blacklist is here.
NIWA Coordinator

Offline Bop1996

  • Kreatz
  • Super Mario Wiki Staff
  • ***
  • Posts: 8
  • Gender: Male
  • "I love this kinda stuff!"
    • View Profile
Re: Wiki Spammers
« Reply #5 on: April 09, 2012, 08:51:41 PM »
I'm curious how big wikis like Mario and Bulbapedia combat spam.
We have page creation restricted to Autoconfirmed users. We don't get a whole lot of advertising spammers, and the ones we do are usually blocked pretty quickly. Most spammers we get are just idiot vandals posting inane things on existing articles, and they go quickly as well. Of course, the administrator to spam ratio is probably larger on large wikis compared to small wikis, so the two extensions mentioned above are probably helpful for small wikis.

Offline SnorlaxMonster

  • Bulbapedia Staff
  • ***
  • Posts: 485
  • Gender: Male
  • Bulbapedia bureaucrat, Zelda Wiki administrator
    • View Profile
Re: Wiki Spammers
« Reply #6 on: April 10, 2012, 04:44:45 AM »
I'm curious how big wikis like Mario and Bulbapedia combat spam.
We have page creation restricted to Autoconfirmed users. We don't get a whole lot of advertising spammers, and the ones we do are usually blocked pretty quickly. Most spammers we get are just idiot vandals posting inane things on existing articles, and they go quickly as well. Of course, the administrator to spam ratio is probably larger on large wikis compared to small wikis, so the two extensions mentioned above are probably helpful for small wikis.
Pretty much the same applies for Bulbapedia; page creation restricted to auto-confirmed, lots of active admins.

Offline KidIcarus

  • Hero Member
  • *****
  • Posts: 905
    • View Profile
Re: Wiki Spammers
« Reply #7 on: February 08, 2013, 09:49:56 AM »
I understand the logic behind it, but it does sacrifice a major element of wikis. Is it worth the sacrifice. It seems I'm on the fence on this issue.

Offline SnorlaxMonster

  • Bulbapedia Staff
  • ***
  • Posts: 485
  • Gender: Male
  • Bulbapedia bureaucrat, Zelda Wiki administrator
    • View Profile
Re: Wiki Spammers
« Reply #8 on: February 11, 2013, 05:23:30 PM »
I understand the logic behind it, but it does sacrifice a major element of wikis. Is it worth the sacrifice. It seems I'm on the fence on this issue.
Do you mean locking page creation from new users? I don't think it really is; they are still free to edit existing pages while they are new, and once they've gotten used to the wiki they can start creating pages. It both prevents spambots and prevents terrible pages being created.

Offline FlyingRagnar

  • Dragon Quest Wiki Staff
  • ***
  • Posts: 111
    • View Profile
    • Dragon Quest Wiki
Re: Wiki Spammers
« Reply #9 on: October 08, 2013, 08:52:44 PM »
Found a nice blog post on creating dynamic CAPTCHAs using the ConfirmEdit extension.  I've implemented on our wiki and so far it is working great.

http://thingelstad.com/stopping-mediawiki-spam-with-dynamic-questy-captchas/

We have not had problems with users spamming edits on pages, but have had major issues with rogue account creation.  I like the random sequence of character solution because it doesn't require the user to navigate to a link or speak a specific language.