[MediaWiki-l] SPAMMERS!!!!

classic Classic list List threaded Threaded
9 messages Options
Reply | Threaded
Open this post in threaded view
|

[MediaWiki-l] SPAMMERS!!!!

John Foster-2
Wow. I am getting clobbered, or was. I shut down the new account system
that was open to the public and set it to be by e-mail confirmation,
then disabled e-mail for a while.. I then used the
deletUnusedAccounts.php a couple of times and it deleted 17860 of the
spammers. But they are a persistant lot and some of them actually did
manage to get pages up and running, actually hundreds or maybe thousands
of them. The challenge is "How do I get rid of them?", & doing it one at
a time is useless. How to keep them at bay. I would appreciate any tips
regarding this. expecially  actual mediawiki settings that get rid of
them. I need to know if there is any way to 'delete' them using a list
of the user:names
seems there should be a simple way to do this, but I've had no luck so
far.
Thanks!
John


_______________________________________________
MediaWiki-l mailing list
[hidden email]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
Reply | Threaded
Open this post in threaded view
|

Re: SPAMMERS!!!!

Jonathan Aquilina
Hi John,

I am helping the document foundation with spam issues, and they report a
drastic drop of registrations with questy which is really good. I am
currently working on being able to have localized questions for the said
project. I am not sure how to exactly answer your question though.

My wiki though public does not accept registrations at all. I am the only
one with an account.


On Mon, Nov 25, 2013 at 10:16 PM, John W. Foster <[hidden email]>wrote:

> Wow. I am getting clobbered, or was. I shut down the new account system
> that was open to the public and set it to be by e-mail confirmation,
> then disabled e-mail for a while.. I then used the
> deletUnusedAccounts.php a couple of times and it deleted 17860 of the
> spammers. But they are a persistant lot and some of them actually did
> manage to get pages up and running, actually hundreds or maybe thousands
> of them. The challenge is "How do I get rid of them?", & doing it one at
> a time is useless. How to keep them at bay. I would appreciate any tips
> regarding this. expecially  actual mediawiki settings that get rid of
> them. I need to know if there is any way to 'delete' them using a list
> of the user:names
> seems there should be a simple way to do this, but I've had no luck so
> far.
> Thanks!
> John
>
>
> _______________________________________________
> MediaWiki-l mailing list
> [hidden email]
> https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
>



--
Jonathan Aquilina
_______________________________________________
MediaWiki-l mailing list
[hidden email]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
Reply | Threaded
Open this post in threaded view
|

Re: SPAMMERS!!!!

Steph Zhang
Why you need to delete those spammer accounts? I thought to ban them with
their IP address is enough unless others from the same IP address want to
contribute to your wiki.

Actually at that time when my wiki was under spamming, I accidentally
blocked two IP addresses, and suddenly...... No more spammers :D or at
least not that more. I don't think your wiki would have so much people
registering to manually, so that spamming must be done with a program which
came from one or several IPs.

Moreover, I tried to use ReCaptcha from Extension:
ConfirmEdit<https://www.mediawiki.org/wiki/Extension:ConfirmEdit>to
protect my wiki from spammers, but still failed. I was told that some
of
the spamming accounts are registered manually and then spammed
automatically. Why not ask everyone with edits less than 3 or 5 to do
ReCaptcha?

User name blacklist can also help on stop others to spam... My wiki is in
Chinese, and I set that none of the user with a username begins with
[a..zA..z0..9] alphanumerical charater can register to my wiki. No spammers
so far.

After that, if you still decide to delete those spamming accounts with
their pages, you might try Extension:
UserMerge<https://www.mediawiki.org/wiki/Extension:UserMerge>or even
try to hack it to see if there's anyway to use it to delete a lot
of users once. Or if some users did a lot of spamming work, you might also
try Extension: Nuke <https://www.mediawiki.org/wiki/Extension:Nuke>. For
more extensions to help you stop others spamming, why not have a look on
how Wikipedia did?

Spam prevention *Abuse Filter
<https://www.mediawiki.org/wiki/Extension:AbuseFilter> *Applies automatic
heuristics to edits Andrew Garrett, River Tarnell, Victor Vasiliev and
Marius Hoch  *AntiBot
<https://www.mediawiki.org/wiki/Extension:AntiBot> *Simple
framework for spambot checks and trigger payloads Tim Starling  *AntiSpoof
<https://www.mediawiki.org/wiki/Extension:AntiSpoof> *Blocks the creation
of accounts with mixed-script, confusing and similar usernames Brion
Vibber  *AntiSpoof
for CentralAuth <https://www.mediawiki.org/wiki/Extension:AntiSpoof> *Adds
AntiSpoof technology to CentralAuth Sam Reed  *ConfirmEdit
<https://www.mediawiki.org/wiki/Extension:ConfirmEdit> (Version 1.2)*Provides
CAPTCHA techniques to protect against spam and password-guessing Brion
Vibber and others  *SpamBlacklist
<https://www.mediawiki.org/wiki/Extension:SpamBlacklist> *Regex-based
anti-spam tool allowing to blacklist URLs in pages and email addresses for
registered users Tim Starling, John Du Hart and Daniel Kinzler  *Title
Blacklist <https://www.mediawiki.org/wiki/Extension:Title_Blacklist>
(Version 1.4.2)*Allows administrators to forbid creation of pages and user
accounts per a blacklist<http://en.wikipedia.org/wiki/MediaWiki:Titleblacklist>and
whitelist <http://en.wikipedia.org/wiki/MediaWiki:Titlewhitelist> Victor
Vasiliev and Fran Rogers  *TorBlock
<https://www.mediawiki.org/wiki/Extension:TorBlock> *Allows tor exit nodes
to be blocked from editing a wiki Andrew Garrett


2013/11/25 Jonathan Aquilina <[hidden email]>

> Hi John,
>
> I am helping the document foundation with spam issues, and they report a
> drastic drop of registrations with questy which is really good. I am
> currently working on being able to have localized questions for the said
> project. I am not sure how to exactly answer your question though.
>
> My wiki though public does not accept registrations at all. I am the only
> one with an account.
>
>
> On Mon, Nov 25, 2013 at 10:16 PM, John W. Foster <[hidden email]
> >wrote:
>
> > Wow. I am getting clobbered, or was. I shut down the new account system
> > that was open to the public and set it to be by e-mail confirmation,
> > then disabled e-mail for a while.. I then used the
> > deletUnusedAccounts.php a couple of times and it deleted 17860 of the
> > spammers. But they are a persistant lot and some of them actually did
> > manage to get pages up and running, actually hundreds or maybe thousands
> > of them. The challenge is "How do I get rid of them?", & doing it one at
> > a time is useless. How to keep them at bay. I would appreciate any tips
> > regarding this. expecially  actual mediawiki settings that get rid of
> > them. I need to know if there is any way to 'delete' them using a list
> > of the user:names
> > seems there should be a simple way to do this, but I've had no luck so
> > far.
> > Thanks!
> > John
> >
> >
> > _______________________________________________
> > MediaWiki-l mailing list
> > [hidden email]
> > https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
> >
>
>
>
> --
> Jonathan Aquilina
> _______________________________________________
> MediaWiki-l mailing list
> [hidden email]
> https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
>
_______________________________________________
MediaWiki-l mailing list
[hidden email]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
Reply | Threaded
Open this post in threaded view
|

Re: SPAMMERS!!!!

Arcane 21
Some additional tips.

On my wiki, we use ConfirmEdit with Asirra (requires 5-10 edits to disable), which I find to be one of the more effective captchas to frustrate spammers.

I also find it useful to check user all the user names that are obvious gibberish and determine which ones come from the same IP and IP ranges. Genrally, if you want to be sure you aren't punishing legitimate users, only block the IPs and IP ranges that have four or more obvious spammer usernames attached to them, as these are usually mass produced by a bot from zombie computers used to spam.

> Date: Tue, 26 Nov 2013 06:33:24 +0000
> From: [hidden email]
> To: [hidden email]
> Subject: Re: [MediaWiki-l] SPAMMERS!!!!
>
> Why you need to delete those spammer accounts? I thought to ban them with
> their IP address is enough unless others from the same IP address want to
> contribute to your wiki.
>
> Actually at that time when my wiki was under spamming, I accidentally
> blocked two IP addresses, and suddenly...... No more spammers :D or at
> least not that more. I don't think your wiki would have so much people
> registering to manually, so that spamming must be done with a program which
> came from one or several IPs.
>
> Moreover, I tried to use ReCaptcha from Extension:
> ConfirmEdit<https://www.mediawiki.org/wiki/Extension:ConfirmEdit>to
> protect my wiki from spammers, but still failed. I was told that some
> of
> the spamming accounts are registered manually and then spammed
> automatically. Why not ask everyone with edits less than 3 or 5 to do
> ReCaptcha?
>
> User name blacklist can also help on stop others to spam... My wiki is in
> Chinese, and I set that none of the user with a username begins with
> [a..zA..z0..9] alphanumerical charater can register to my wiki. No spammers
> so far.
>
> After that, if you still decide to delete those spamming accounts with
> their pages, you might try Extension:
> UserMerge<https://www.mediawiki.org/wiki/Extension:UserMerge>or even
> try to hack it to see if there's anyway to use it to delete a lot
> of users once. Or if some users did a lot of spamming work, you might also
> try Extension: Nuke <https://www.mediawiki.org/wiki/Extension:Nuke>. For
> more extensions to help you stop others spamming, why not have a look on
> how Wikipedia did?
>
> Spam prevention *Abuse Filter
> <https://www.mediawiki.org/wiki/Extension:AbuseFilter> *Applies automatic
> heuristics to edits Andrew Garrett, River Tarnell, Victor Vasiliev and
> Marius Hoch  *AntiBot
> <https://www.mediawiki.org/wiki/Extension:AntiBot> *Simple
> framework for spambot checks and trigger payloads Tim Starling  *AntiSpoof
> <https://www.mediawiki.org/wiki/Extension:AntiSpoof> *Blocks the creation
> of accounts with mixed-script, confusing and similar usernames Brion
> Vibber  *AntiSpoof
> for CentralAuth <https://www.mediawiki.org/wiki/Extension:AntiSpoof> *Adds
> AntiSpoof technology to CentralAuth Sam Reed  *ConfirmEdit
> <https://www.mediawiki.org/wiki/Extension:ConfirmEdit> (Version 1.2)*Provides
> CAPTCHA techniques to protect against spam and password-guessing Brion
> Vibber and others  *SpamBlacklist
> <https://www.mediawiki.org/wiki/Extension:SpamBlacklist> *Regex-based
> anti-spam tool allowing to blacklist URLs in pages and email addresses for
> registered users Tim Starling, John Du Hart and Daniel Kinzler  *Title
> Blacklist <https://www.mediawiki.org/wiki/Extension:Title_Blacklist>
> (Version 1.4.2)*Allows administrators to forbid creation of pages and user
> accounts per a blacklist<http://en.wikipedia.org/wiki/MediaWiki:Titleblacklist>and
> whitelist <http://en.wikipedia.org/wiki/MediaWiki:Titlewhitelist> Victor
> Vasiliev and Fran Rogers  *TorBlock
> <https://www.mediawiki.org/wiki/Extension:TorBlock> *Allows tor exit nodes
> to be blocked from editing a wiki Andrew Garrett
>
>
> 2013/11/25 Jonathan Aquilina <[hidden email]>
>
> > Hi John,
> >
> > I am helping the document foundation with spam issues, and they report a
> > drastic drop of registrations with questy which is really good. I am
> > currently working on being able to have localized questions for the said
> > project. I am not sure how to exactly answer your question though.
> >
> > My wiki though public does not accept registrations at all. I am the only
> > one with an account.
> >
> >
> > On Mon, Nov 25, 2013 at 10:16 PM, John W. Foster <[hidden email]
> > >wrote:
> >
> > > Wow. I am getting clobbered, or was. I shut down the new account system
> > > that was open to the public and set it to be by e-mail confirmation,
> > > then disabled e-mail for a while.. I then used the
> > > deletUnusedAccounts.php a couple of times and it deleted 17860 of the
> > > spammers. But they are a persistant lot and some of them actually did
> > > manage to get pages up and running, actually hundreds or maybe thousands
> > > of them. The challenge is "How do I get rid of them?", & doing it one at
> > > a time is useless. How to keep them at bay. I would appreciate any tips
> > > regarding this. expecially  actual mediawiki settings that get rid of
> > > them. I need to know if there is any way to 'delete' them using a list
> > > of the user:names
> > > seems there should be a simple way to do this, but I've had no luck so
> > > far.
> > > Thanks!
> > > John
> > >
> > >
> > > _______________________________________________
> > > MediaWiki-l mailing list
> > > [hidden email]
> > > https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
> > >
> >
> >
> >
> > --
> > Jonathan Aquilina
> > _______________________________________________
> > MediaWiki-l mailing list
> > [hidden email]
> > https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
> >
> _______________________________________________
> MediaWiki-l mailing list
> [hidden email]
> https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
     
_______________________________________________
MediaWiki-l mailing list
[hidden email]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
Reply | Threaded
Open this post in threaded view
|

Re: SPAMMERS!!!!

Mark A. Hershberger-4
On 11/26/2013 07:38 AM, Arcane 21 wrote:.
> only block the IPs and IP ranges that have four or more obvious spammer
> usernames attached to them, as these are usually mass produced by a bot
> from zombie computers used to spam.

This is an interesting feature to add to BlockandNuke[1], but it would
be good to track if an IP that produces a spammer reappears with a
different user name after the spam user has been blocked.

Right now, BlockandNuke just blocks all IP addresses it sees from spammers.

[1] https://www.mediawiki.org/wiki/Extension:BlockandNuke

_______________________________________________
MediaWiki-l mailing list
[hidden email]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
Reply | Threaded
Open this post in threaded view
|

Re: SPAMMERS!!!!

John Foster
In reply to this post by Steph Zhang
On Tue, 2013-11-26 at 06:33 +0000, Steph Zhang wrote:
> Why you need to delete those spammer accounts? I thought to ban them with
> their IP address is enough unless others from the same IP address want to
> contribute to your wiki.
This is on a remote server that I pay for the disk space & the extra
service load on the system by spammers slow it down. There are thousands
of them as I was not aware of their actions while getting the system set
up & I left it open.

>
> Actually at that time when my wiki was under spamming, I accidentally
> blocked two IP addresses, and suddenly...... No more spammers :D or at
> least not that more. I don't think your wiki would have so much people
> registering to manually, so that spamming must be done with a program which
> came from one or several IPs.
I will check on the IP address thing. Thanks
>
> Moreover, I tried to use ReCaptcha from Extension:
> ConfirmEdit<https://www.mediawiki.org/wiki/Extension:ConfirmEdit>to
> protect my wiki from spammers, but still failed. I was told that some
> of
I have confirm edit installed

> the spamming accounts are registered manually and then spammed
> automatically. Why not ask everyone with edits less than 3 or 5 to do
> ReCaptcha?
at the present time there should only be me working on the site as I'm
still installing features on it.
>
> User name blacklist can also help on stop others to spam... My wiki is in
> Chinese, and I set that none of the user with a username begins with
> [a..zA..z0..9] alphanumerical charater can register to my wiki. No spammers
> so far.
Hmmm...a lot of the spammers are using chinese characters  LOL
>
> After that, if you still decide to delete those spamming accounts with
> their pages, you might try Extension:
> UserMerge<https://www.mediawiki.org/wiki/Extension:UserMerge>or even
> try to hack it to see if there's anyway to use it to delete a lot
> of users once.
I can use usermerge but it only removes one at a time..too tedious

>  Or if some users did a lot of spamming work, you might also
> try Extension: Nuke <https://www.mediawiki.org/wiki/Extension:Nuke>. For
> more extensions to help you stop others spamming, why not have a look on
> how Wikipedia did?
I have Nuke installed as well as BlockandNuke & both work well. They
have blocked thousands of these accounts, now if I could just get rid of
them.

>
> Spam prevention *Abuse Filter
> <https://www.mediawiki.org/wiki/Extension:AbuseFilter> *Applies automatic
> heuristics to edits Andrew Garrett, River Tarnell, Victor Vasiliev and
> Marius Hoch  *AntiBot
installed & working
> <https://www.mediawiki.org/wiki/Extension:AntiBot>
installed & working
> *Simple
> framework for spambot checks and trigger payloads Tim Starling  *AntiSpoof
> <https://www.mediawiki.org/wiki/Extension:AntiSpoof> *Blocks the creation
> of accounts with mixed-script, confusing and similar usernames Brion
installed & working
> Vibber  *AntiSpoof
> for CentralAuth <https://www.mediawiki.org/wiki/Extension:AntiSpoof> *Adds
> AntiSpoof technology to CentralAuth Sam Reed  *ConfirmEdit
> <https://www.mediawiki.org/wiki/Extension:ConfirmEdit>
installed & working
> (Version 1.2)*Provides
> CAPTCHA techniques to protect against spam and password-guessing Brion
> Vibber and others  *SpamBlacklist
> <https://www.mediawiki.org/wiki/Extension:SpamBlacklist>
installed & working
> *Regex-based
> anti-spam tool allowing to blacklist URLs in pages and email addresses for
> registered users Tim Starling, John Du Hart and Daniel Kinzler  *Title
> Blacklist <https://www.mediawiki.org/wiki/Extension:Title_Blacklist>
> (Version 1.4.2)*Allows administrators to forbid creation of pages and user
> accounts per a blacklist<http://en.wikipedia.org/wiki/MediaWiki:Titleblacklist>and
> whitelist <http://en.wikipedia.org/wiki/MediaWiki:Titlewhitelist> Victor
> Vasiliev and Fran Rogers  *TorBlock
> <https://www.mediawiki.org/wiki/Extension:TorBlock>
Installed & working

any idea what should be in this array;
$wgTorIPs = array( '208.80.152.2' );


> $wgTorIPs = array( '208.80.152.2' );
> An array of IP addresses that the wiki server uses. Only exit nodes
> allowed to connect to these IPs will be returned in the internal list.
> Note: this is only used when the extension has to fall back to the Tor
> Project's bulk list service, rather than using the newer Onionoo
> protocol.
>

Should it be the IP address of my server??

> *Allows tor exit nodes
> to be blocked from editing a wiki Andrew Garrett
>
>
> 2013/11/25 Jonathan Aquilina <[hidden email]>
>
--------------------------snipped------------------


_______________________________________________
MediaWiki-l mailing list
[hidden email]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
Reply | Threaded
Open this post in threaded view
|

Re: SPAMMERS!!!!

John Foster-2
In reply to this post by Mark A. Hershberger-4
On Tue, 2013-11-26 at 10:07 -0500, Mark A. Hershberger wrote:

> On 11/26/2013 07:38 AM, Arcane 21 wrote:.
> > only block the IPs and IP ranges that have four or more obvious spammer
> > usernames attached to them, as these are usually mass produced by a bot
> > from zombie computers used to spam.
>
> This is an interesting feature to add to BlockandNuke[1], but it would
> be good to track if an IP that produces a spammer reappears with a
> different user name after the spam user has been blocked.
>
> Right now, BlockandNuke just blocks all IP addresses it sees from spammers.
>
> [1] https://www.mediawiki.org/wiki/Extension:BlockandNuke

another thing I would suggest is something to indicate what BlockandNuke
is doing. I have it running for great lengths of time and all it says is
Banning
I know works only when I check the blocked users list & see that
BlockandNuke is responsible for a lot of them. Just would like to know
how long the process has to run to complete the job while it is doing
it. maybe a bar or timer, or something.
Thanks
john


_______________________________________________
MediaWiki-l mailing list
[hidden email]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
Reply | Threaded
Open this post in threaded view
|

Re: SPAMMERS!!!!

2007@gmaskfx.com
Personally I've found QuestyCaptcha to be the most reliable. You show the
user an image and they have to guess the right answer. It can be configured
to have several correct answers and to randomly choose from a list of
several image/answers.

I have had zero spammer account creations since I started using it several
years ago.


On Tue, Nov 26, 2013 at 9:36 AM, John W. Foster <[hidden email]>wrote:

> On Tue, 2013-11-26 at 10:07 -0500, Mark A. Hershberger wrote:
> > On 11/26/2013 07:38 AM, Arcane 21 wrote:.
> > > only block the IPs and IP ranges that have four or more obvious spammer
> > > usernames attached to them, as these are usually mass produced by a bot
> > > from zombie computers used to spam.
> >
> > This is an interesting feature to add to BlockandNuke[1], but it would
> > be good to track if an IP that produces a spammer reappears with a
> > different user name after the spam user has been blocked.
> >
> > Right now, BlockandNuke just blocks all IP addresses it sees from
> spammers.
> >
> > [1] https://www.mediawiki.org/wiki/Extension:BlockandNuke
>
> another thing I would suggest is something to indicate what BlockandNuke
> is doing. I have it running for great lengths of time and all it says is
> Banning
> I know works only when I check the blocked users list & see that
> BlockandNuke is responsible for a lot of them. Just would like to know
> how long the process has to run to complete the job while it is doing
> it. maybe a bar or timer, or something.
> Thanks
> john
>
>
> _______________________________________________
> MediaWiki-l mailing list
> [hidden email]
> https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
>
_______________________________________________
MediaWiki-l mailing list
[hidden email]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
Reply | Threaded
Open this post in threaded view
|

Re: SPAMMERS!!!!

Jan Steinman
In reply to this post by Jonathan Aquilina
I require an email round-trip. That seems to do it for our wiki, at least.

But perhaps H.L. Mencken (below, at random) knows something I don't... :-)

:::: For every complex problem, there is a solution that is simple, neat, and wrong. -- H. L. Mencken
:::: Jan Steinman, EcoReality Co-op ::::


_______________________________________________
MediaWiki-l mailing list
[hidden email]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-l