• Welcome to NIWA Community Forums.
 

Wiki Spammers

Started by FlyingRagnar, September 22, 2011, 03:18:33 PM

Previous topic - Next topic

FlyingRagnar

Recently we have had some problems with wiki spammers.  So far, I haven't been able to stop them altogether. 

The spammers create an account, then upload an image and create a page with spam that contains the image.  It's usually nothing vulgar, just random junk.  I tightened up the permissions and made more privileges required a confirmed email address.  However, I found that the spammers were using legit 'throw away' email addresses and confirming the accounts. 

They are most likely bots, but they most be somewhat complex to be giving an email address and then confirming it.  The IP addresses come from all over.  I've moved more privs into 'autoconfirmed' but I'm not sure how to stop them.   Any other wikis had problems?

Greenpickle

Porplemontage installed some sort of Captcha at Pikipedia when we had similar spam going on, and it stopped altogether.

FlyingRagnar

In case anyone is ever curious or has a similar problem, here is how I solved our issues.  I'm not sure if they were bots or just human spammers, but they were creating new accounts, supplying an email address, and then verifying the email link.  That means that they were 'emailconfirmed' users, making it hard to limit their privileges without effecting other normal users. 

The issue was that these spammers were using "throw away" email addresses to register.  MediaWiki does not currently have any standard protection against this.  I was able to stop them by adding the following to LocalSettings.php.

$wgHooks['AbortNewAccount'][] = 'noMailinator';

function noMailinator( $user, $message ) {
if( preg_match( '/@(mailinator|binkmail|zippymail|devnullmail|mailinator2|bobmail|safetymail|tradermail|thisisnotmyrealemail|suremail|spamherelots|dispostable)/i', $user->getEmail() )) {
$message = 'One-time-use email services are forbidden on the Dragon Quest Wiki';
return false;
}
return true;
}



FlyingRagnar

Since joining NIWA, we have had an influx of spammers hit the wiki.  We are using the ConfirmEdit extension to use CAPTCHA on account creation so it would seem that they are human spammers and not bots. 

Do any of the other wikis use a spam blacklist or something of that nature?  I'm curious how big wikis like Mario and Bulbapedia combat spam.

Moydow

StrategyWiki and a few others use SpamBlacklist and Title Blacklist. StrategyWiki's blacklist is here.
NIWA Coordinator

Bop1996

Quote from: FlyingRagnar on April 09, 2012, 01:21:03 PM
I'm curious how big wikis like Mario and Bulbapedia combat spam.
We have page creation restricted to Autoconfirmed users. We don't get a whole lot of advertising spammers, and the ones we do are usually blocked pretty quickly. Most spammers we get are just idiot vandals posting inane things on existing articles, and they go quickly as well. Of course, the administrator to spam ratio is probably larger on large wikis compared to small wikis, so the two extensions mentioned above are probably helpful for small wikis.

SnorlaxMonster

Quote from: Bop1996 on April 09, 2012, 08:51:41 PM
Quote from: FlyingRagnar on April 09, 2012, 01:21:03 PM
I'm curious how big wikis like Mario and Bulbapedia combat spam.
We have page creation restricted to Autoconfirmed users. We don't get a whole lot of advertising spammers, and the ones we do are usually blocked pretty quickly. Most spammers we get are just idiot vandals posting inane things on existing articles, and they go quickly as well. Of course, the administrator to spam ratio is probably larger on large wikis compared to small wikis, so the two extensions mentioned above are probably helpful for small wikis.
Pretty much the same applies for Bulbapedia; page creation restricted to auto-confirmed, lots of active admins.

KidIcarus

I understand the logic behind it, but it does sacrifice a major element of wikis. Is it worth the sacrifice. It seems I'm on the fence on this issue.

SnorlaxMonster

Quote from: KidIcarus on February 08, 2013, 09:49:56 AM
I understand the logic behind it, but it does sacrifice a major element of wikis. Is it worth the sacrifice. It seems I'm on the fence on this issue.
Do you mean locking page creation from new users? I don't think it really is; they are still free to edit existing pages while they are new, and once they've gotten used to the wiki they can start creating pages. It both prevents spambots and prevents terrible pages being created.

FlyingRagnar

Found a nice blog post on creating dynamic CAPTCHAs using the ConfirmEdit extension.  I've implemented on our wiki and so far it is working great.

http://thingelstad.com/stopping-mediawiki-spam-with-dynamic-questy-captchas/

We have not had problems with users spamming edits on pages, but have had major issues with rogue account creation.  I like the random sequence of character solution because it doesn't require the user to navigate to a link or speak a specific language.