[Systems] New Wiki spam

Chris Leonard cjlhomeaddress at gmail.com
Wed Jul 15 22:32:39 EDT 2009

On Wed, Jul 15, 2009 at 10:50 AM, Frederick Grose <fgrose at gmail.com> wrote:

> Please see the user creation log and many spam pages added on 15 July 2009,
> http://wiki.sugarlabs.org/go/Special:RecentChanges.
> We have this problem on wiki.laptop.org as well, see
> http://wiki.laptop.org/go/OLPC_talk:Vandalism#Article_updated_via_HTTP_request
> .
> Chris suggested that we may need a page creation restriction, such as
> http://www.mediawiki.org/wiki/Manual:Preventing_access#Restrict_page_creation
> .
> Suggestions...
>          --Fred

Just to clarify, there are two dominant styles of wiki vandalism these days
on w.l.o (and apparently now on w.sl.o).

Style 1 (mostly on w.l.o)

Repetitive creation of a number of specific pages in Main space containing
only a link.  These pages are created by a rotating series of anon IP

It is this type that I think could be addressed by a page creation blocking
tool. The same pages created are generated by some HTTP request that appears
to be immune to normal IP blocking, very odd.  The same pages are created
over and over again.    Given how fast they are created, I'm reasonably
confident that this is being done by a bot that looks to see if these pages
have been deleted and recreates them (with a different spammy URL) probably
as some form of SEO link indexing spam motive.

I've blocked a lot of anon IPs, but they just change uo, only sometimes do
the IP addresses repeat.  I've deleted the same 20-odd pages many times.

Style 2 (on w.l.o and now most recently on w.sl.o)

Creation of a new user with the naming pattern of

(nnn) buy (some drug name)
where nnn is some three digit number and the drug names vary.

and the population of that user's page in User space with a series of spammy
text and links.

I have handed out a lot of infinite blocks (as these are unacceptable user
names) and deleted a lot of pages (because the user pages are spammy), but
this pattern represents a very large possible namespace and there are a very
large number of possible combinations of this naming pattern.

For this type of attack I am guessing that an improved CAPTCHA on user
creation is needed.

I would encourage systems and wiki-gang to collaborate on automated or
systemic solutions to these attack types.  I'd love to have a
countervandalism bot installed (there are wikipedia examples that merit
investigation).  I've been stomp on these attacks, but it is getting sort of
old.  Any help would be appreciated.  As I am soon ot be unemployed (in
about two weeks) and fully engaged in the job hunt, it will cut into my time
available to vandal-stomp, resulting in the build-up of the attacks I have
been manually countering.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.sugarlabs.org/private/systems/attachments/20090715/b6a82003/attachment.htm 

More information about the Systems mailing list