[Systems] New Wiki spam

[Tomeu Vizoso]

On Fri, Jul 17, 2009 at 16:15, Frederick Grose<fgrose at sugarlabs.org> wrote:
>
>
> On Fri, Jul 17, 2009 at 10:10 AM, Frederick Grose <fgrose at sugarlabs.org>
> wrote:
>>
>>
>> On Wed, Jul 15, 2009 at 10:32 PM, Chris Leonard <cjlhomeaddress at gmail.com>
>> wrote:
>>>
>>> On Wed, Jul 15, 2009 at 10:50 AM, Frederick Grose <fgrose at gmail.com>
>>> wrote:
>>>>
>>>> Please see the user creation log and many spam pages added on 15 July
>>>> 2009, http://wiki.sugarlabs.org/go/Special:RecentChanges.
>>>>
>>>> We have this problem on wiki.laptop.org as well, see
>>>> http://wiki.laptop.org/go/OLPC_talk:Vandalism#Article_updated_via_HTTP_request.
>>>>
>>>> Chris suggested that we may need a page creation restriction, such as
>>>> http://www.mediawiki.org/wiki/Manual:Preventing_access#Restrict_page_creation.
>>>>
>>>> Suggestions...
>>>>
>>>>          --Fred
>>>>
>>>
>>>
>>> Just to clarify, there are two dominant styles of wiki vandalism these
>>> days on w.l.o (and apparently now on w.sl.o).
>>>
>>> Style 1 (mostly on w.l.o)
>>>
>>> Repetitive creation of a number of specific pages in Main space
>>> containing only a link.  These pages are created by a rotating series of
>>> anon IP addresses.
>>>
>>> It is this type that I think could be addressed by a page creation
>>> blocking tool. The same pages created are generated by some HTTP request
>>> that appears to be immune to normal IP blocking, very odd.  The same pages
>>> are created over and over again.    Given how fast they are created, I'm
>>> reasonably confident that this is being done by a bot that looks to see if
>>> these pages have been deleted and recreates them (with a different spammy
>>> URL) probably as some form of SEO link indexing spam motive.
>>>
>>> I've blocked a lot of anon IPs, but they just change uo, only sometimes
>>> do the IP addresses repeat.  I've deleted the same 20-odd pages many times.
>>>
>>>
>>> Style 2 (on w.l.o and now most recently on w.sl.o)
>>>
>>> Creation of a new user with the naming pattern of
>>>
>>> (nnn) buy (some drug name)
>>> where nnn is some three digit number and the drug names vary.
>>>
>>> and the population of that user's page in User space with a series of
>>> spammy text and links.
>>>
>>> I have handed out a lot of infinite blocks (as these are unacceptable
>>> user names) and deleted a lot of pages (because the user pages are spammy),
>>> but this pattern represents a very large possible namespace and there are a
>>> very large number of possible combinations of this naming pattern.
>>>
>>> For this type of attack I am guessing that an improved CAPTCHA on user
>>> creation is needed.
>>>
>>> I would encourage systems and wiki-gang to collaborate on automated or
>>> systemic solutions to these attack types.  I'd love to have a
>>> countervandalism bot installed (there are wikipedia examples that merit
>>> investigation).  I've been stomp on these attacks, but it is getting sort of
>>> old.  Any help would be appreciated.  As I am soon ot be unemployed (in
>>> about two weeks) and fully engaged in the job hunt, it will cut into my time
>>> available to vandal-stomp, resulting in the build-up of the attacks I have
>>> been manually countering.
>>
>>
>> A variation of 2 is occurring on dev.sugarlabs.org as well,
>> http://dev.sugarlabs.org/wiki/131_buy_risperdal
>
> Or for a fuller view,
> http://dev.sugarlabs.org/search?ticket=on&milestone=on&wiki=on&q=Click&page=2&noquickjump=1

Who deals with these issues in dev.sugarlabs.org?

Regards,

Tomeu

>>
>>
>>       --Fred
>
>
> _______________________________________________
> Systems mailing list
> Systems at lists.sugarlabs.org
> http://lists.sugarlabs.org/listinfo/systems
>
>