DreamHost Wiki

Hey, everyone.

Massive spamming took place on the DreamHost Wiki today. If anyone notices spam (usually pharmaceutical in nature) being added, please feel free to PM me, or mention it in this thread. Spamming is particularly obvious when you look at the list of recent changes, in case anyone is interested in helping me keep an eye on things.

The facility to ban IP addresses works, but I cannot ban particular usernames. Does anyone who understands the MediaWiki application know why this isn't working?

There appears to be a new pattern to the spamming on the wiki. It involves editing an old page or creating a new page, and then editing them again. Presumably, the hope is that the pages will get simple reversions that take them back to the first spamming instance.

Please let me know if you see pages being created by a spammer, so I can delete them. Also, does anyone know how to figure out what the IP address is for a particular username?

does anyone know how to figure out what the IP address is for a particular username?

As far as I know, you can't, at least not without access to the server logs. A cursory glance at the Mediawiki database layout shows that it isn't stored with the user account.

This has come up recently with regard to Wikipedia and the Seigenthaler controversy: Ironically, as a Mediawiki contributor, you are more anonymous if you create an account rather than posting "anonymously".

In reply to:

---

Ironically, as a Mediawiki contributor, you are more anonymous if you create an account rather than posting "anonymously".

---

Terrific. Spammers win again. Sigh...

I have wiki on my site, but i got hit and people were deleting and hammering my site that i totally disabled all registration and editing ability. You have to ask me to be registered to edit and so on.


It was happening every day with 50 to 100 posts----and the odd thing for me, was that they never showed up on the wiki it self. Just in the coding for the page affected.


Wiki is cool, but it's seriously in need of a security overhaul IMHO to hold off spammers.




Jenn

Wiki is cool, but it's seriously in need of a security overhaul IMHO to hold off spammers.

MediaWiki allows anonymous contributions, and that's the issue as far as I can tell from this thread. DH should disallow anonymous edits, and introduce an e-mail confirmation when registering. Some other wiki systems are less prone to get spam because they do that.

The wiki suffered from another round of major spamming. The spammer is getting clever; he makes one or two "legitimate" edits (such as replacing double quotes for their named entity) in an attempt to conceal his tracks. Always the same pages are created or edited, so I suspect that either it is the same spammer every time, or the same bot every time.

Yet more spamming. I'm convinced we are dealing with a bot now. Help!

Why not get dreamhost to install this Extension? It's a spam Black-list extension to media-wiki that checks any page edit for known spam URLs. It also comes with instructions to hook up with a shared black-list on a regular basis (cron)

This script is also a possibility. It's not an extension to media-wiki, but it supposedly easy to incorperate into any php stuff. The Bad Behavior scripts apparently know what bot look like in server logs, and are thereby able to return bots with 412. I'm not entirley sure how this one work, but I found the link from the media-wiki Anti-spam Features page.

It would also make sense to have some kind of validation for new users to the wiki. We required people to register to post, in hopes of cuting down on spam, but it's just too easy for a bot to register. If we had some kind of a human-validation (thoes graphics you have to re-type) and/or verified the E-mail address before allowing people to post that would really help. I wasn't able to find an extension to accomplish this, but it seems accessable enough, plenty of other programs do it.

Just my opinion, what do you all think?



-Matttail

I'll ask Nate about these possibilities, but I've been having troubling getting feedback from DreamHost over these issues recently (which is why I started posting about it here).

As far as registration issues are concerned, I think you mean "captchas". These have accessibility issues, but they might indeed be suitable in this environment. I'll ask about this as well.

Well, if they 'own' the wiki, they need to be involved in oversight at SOME level! ;) ;)

Bad Behavior typically looks at the HTTP headers to expose fake/bot headers and bounce them completely. I don't know what other checks it does... My own hand-crafted stuff for my site works on URL blacklists (which nail 99% of the spam), keyword lists (which catch some of what falls through), and a few sanity rules (referrer should be X to get to page Y, checks for lots of dashes or attempts to hide keywords in htmlentities, etc.).

I'd hope some of this would help against the spammers...

-d

> I'll ask Nate about these possibilities, but I've been having troubling...


Any luck gettign feed back from Dreamhost about this? Maybe a sigguestion should be put in, and then a lot of people could vote for it.

-Matttail

No, nothing yet. Nobody seems to know enough about how the software works, and people are presumably off enjoying a holiday break.

I know that I get hit almost every day from what I beleive to be a bot. So far all they are doing is registering with a random alpha numeric user name. On the main page I placed a warning any alpha numeric names will be assumed to be created by a computer and will be deleted.
For those of you that don't know this yet, the user names are stored in the database and can easily be deleted by editing the database. Just make sure that note the user_id number as any matching user_id numbers in any other table also has to be deleted. So far only the user table and user rights table are the only two that you need to worry about, unless they make an entry.
Silk

It's an embarrasment how DreamHost has abandonded the wiki. They need to install the SpamBlacklist extension at the very least.

I installed SpamBlacklist today! And turned on the SORBS open proxy checking!

A special thanks to Simon for all the persistent effort he gives the wiki. It's much appreciated.


nate.

In reply to:

---

I installed SpamBlacklist today!

---

Oh thank God!

hurray! I'm glad that finally got done. Hope it blocks the spammers effectively. Guess we don't have to plan on spamming dreamhost into taking action



-Matttail

Very good to hear. Thank you.

Just make sure the list is updated frequently. Those spammers are persistent.

The wiki isn't working at the moment. Some sort of database error.