[Systems] New Wiki spam
fgrose at sugarlabs.org
Fri Jul 17 10:15:05 EDT 2009
On Fri, Jul 17, 2009 at 10:10 AM, Frederick Grose <fgrose at sugarlabs.org>wrote:
> On Wed, Jul 15, 2009 at 10:32 PM, Chris Leonard <cjlhomeaddress at gmail.com>wrote:
>> On Wed, Jul 15, 2009 at 10:50 AM, Frederick Grose <fgrose at gmail.com>wrote:
>>> Please see the user creation log and many spam pages added on 15 July
>>> 2009, http://wiki.sugarlabs.org/go/Special:RecentChanges.
>>> We have this problem on wiki.laptop.org as well, see
>>> Chris suggested that we may need a page creation restriction, such as
>> Just to clarify, there are two dominant styles of wiki vandalism these
>> days on w.l.o (and apparently now on w.sl.o).
>> Style 1 (mostly on w.l.o)
>> Repetitive creation of a number of specific pages in Main space containing
>> only a link. These pages are created by a rotating series of anon IP
>> It is this type that I think could be addressed by a page creation
>> blocking tool. The same pages created are generated by some HTTP request
>> that appears to be immune to normal IP blocking, very odd. The same pages
>> are created over and over again. Given how fast they are created, I'm
>> reasonably confident that this is being done by a bot that looks to see if
>> these pages have been deleted and recreates them (with a different spammy
>> URL) probably as some form of SEO link indexing spam motive.
>> I've blocked a lot of anon IPs, but they just change uo, only sometimes do
>> the IP addresses repeat. I've deleted the same 20-odd pages many times.
>> Style 2 (on w.l.o and now most recently on w.sl.o)
>> Creation of a new user with the naming pattern of
>> (nnn) buy (some drug name)
>> where nnn is some three digit number and the drug names vary.
>> and the population of that user's page in User space with a series of
>> spammy text and links.
>> I have handed out a lot of infinite blocks (as these are unacceptable user
>> names) and deleted a lot of pages (because the user pages are spammy), but
>> this pattern represents a very large possible namespace and there are a very
>> large number of possible combinations of this naming pattern.
>> For this type of attack I am guessing that an improved CAPTCHA on user
>> creation is needed.
>> I would encourage systems and wiki-gang to collaborate on automated or
>> systemic solutions to these attack types. I'd love to have a
>> countervandalism bot installed (there are wikipedia examples that merit
>> investigation). I've been stomp on these attacks, but it is getting sort of
>> old. Any help would be appreciated. As I am soon ot be unemployed (in
>> about two weeks) and fully engaged in the job hunt, it will cut into my time
>> available to vandal-stomp, resulting in the build-up of the attacks I have
>> been manually countering.
> A variation of 2 is occurring on dev.sugarlabs.org as well,
Or for a fuller view,
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Systems