[Systems] New Wiki spam

Frederick Grose fgrose at sugarlabs.org
Fri Jul 17 10:10:31 EDT 2009

On Wed, Jul 15, 2009 at 10:32 PM, Chris Leonard <cjlhomeaddress at gmail.com>wrote:

> On Wed, Jul 15, 2009 at 10:50 AM, Frederick Grose <fgrose at gmail.com>wrote:
>> Please see the user creation log and many spam pages added on 15 July
>> 2009, http://wiki.sugarlabs.org/go/Special:RecentChanges.
>> We have this problem on wiki.laptop.org as well, see
>> http://wiki.laptop.org/go/OLPC_talk:Vandalism#Article_updated_via_HTTP_request
>> .
>> Chris suggested that we may need a page creation restriction, such as
>> http://www.mediawiki.org/wiki/Manual:Preventing_access#Restrict_page_creation
>> .
>> Suggestions...
>>          --Fred
> Just to clarify, there are two dominant styles of wiki vandalism these days
> on w.l.o (and apparently now on w.sl.o).
> Style 1 (mostly on w.l.o)
> Repetitive creation of a number of specific pages in Main space containing
> only a link.  These pages are created by a rotating series of anon IP
> addresses.
> It is this type that I think could be addressed by a page creation blocking
> tool. The same pages created are generated by some HTTP request that appears
> to be immune to normal IP blocking, very odd.  The same pages are created
> over and over again.    Given how fast they are created, I'm reasonably
> confident that this is being done by a bot that looks to see if these pages
> have been deleted and recreates them (with a different spammy URL) probably
> as some form of SEO link indexing spam motive.
> I've blocked a lot of anon IPs, but they just change uo, only sometimes do
> the IP addresses repeat.  I've deleted the same 20-odd pages many times.
> Style 2 (on w.l.o and now most recently on w.sl.o)
> Creation of a new user with the naming pattern of
> (nnn) buy (some drug name)
> where nnn is some three digit number and the drug names vary.
> and the population of that user's page in User space with a series of
> spammy text and links.
> I have handed out a lot of infinite blocks (as these are unacceptable user
> names) and deleted a lot of pages (because the user pages are spammy), but
> this pattern represents a very large possible namespace and there are a very
> large number of possible combinations of this naming pattern.
> For this type of attack I am guessing that an improved CAPTCHA on user
> creation is needed.
> I would encourage systems and wiki-gang to collaborate on automated or
> systemic solutions to these attack types.  I'd love to have a
> countervandalism bot installed (there are wikipedia examples that merit
> investigation).  I've been stomp on these attacks, but it is getting sort of
> old.  Any help would be appreciated.  As I am soon ot be unemployed (in
> about two weeks) and fully engaged in the job hunt, it will cut into my time
> available to vandal-stomp, resulting in the build-up of the attacks I have
> been manually countering.

A variation of 2 is occurring on dev.sugarlabs.org as well,

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.sugarlabs.org/private/systems/attachments/20090717/c60ee488/attachment.htm 

More information about the Systems mailing list