Combatting Spam[edit source]
What are we gonna do. This is the first Wiki I've been part of during the begining. I can keep reverting the spam. This last time, I removed the spam and less than 10 minutes later it was back, on the Main page. Tuxhedoh 13:50, 23 May 2005 (GMT)
Interesting note- At least some of the spambot spam seems to be replacing HTML entities with their escaped versions, (Replacing & with &, for instance) which screws up comments and stuff, so definitely revert as opposed to just deleting the links.
But I definitely agree something should be done more than just letting people revert, as the spammer:editor ratio eats a decent portion of time (At least in my case) that could go to actually improving things.
Do I have the title of First Ever Icehouse.org Spam Reverter? I feel proud. -- GregF 22:24, 23 May 2005 (GMT)
Is it possible for MediaWiki to prevent editing by people who aren't logged in? As much as I hate to do this, it seems like most of the people who do editing on IcehouseGames.org have accounts, and that would probably eliminate most of the spam. Also, according the mediawiki page linked from this page, there is an extension that allows blocking of links based on regexps on a page that can be edited by administrators. If this could be installed, then a few trusted people could be made administrators with appropriate permissions, and after reverting a spamming, you could prevent anyone from spamming with the same domain again, which would probably cut down the amount of time that needed to be spent dealing with spammers, and wouldn't put as much burden on MiSuBa as updating the built in blacklist by hand. — Lambda 00:23, 24 May 2005 (GMT)
- I hope he doesn't update the blacklist by hand. But let's not encourage spammers to sign up for accounts! We're in an arms race, and we don't want to run any faster than necessary. (Besides, users with accounts have better anonymity than ones without. Not many people can easily see what IP address I use to post, for example.)
- For now, anybody (even another anonymous user) can check for new and possibly dubious edits by following the "Show new changes starting from" link on a Recent changes page customized like this, to hide logged-in users and patrolled edits.
- I strongly second the idea of having a few more administrators. -- Rootbeer 02:48, 24 May 2005 (GMT)
- FWIW - I'm fairly certain that any IP's listed that spammers are using are spoofed, and not actually the IP they're surfing the net on. I could be wrong. --Tuxhedoh 17:32, 24 May 2005 (GMT)
- Well, an IP address can't be "spoofed", exactly. But you're right if you mean that the IP addresses that we can see are not related to the real attacker's location. From some investigating I did, I would guess that the attacker was using a botnet (a number of compromised machines) to affect many MediaWiki sites, including this one. So, if you could track down the owner of the machine at the given IP address, that would be some grandmother whose kids hooked up broadband and no firewall to her Windows 95 machine eight months ago. -- Rootbeer 17:59, 24 May 2005 (GMT)
- Heh, I just suggested the same thing I'm responding to. I'm pretty sure mediawiki DOES allow you to require logging in. Does logging in bypass the blacklist? If so, you can blacklist everyone... -JEEP 21:49, 24 May 2005 (GMT)
- Uh... do what now? The blacklist works by looking at the actual content that anyone tries to save. I've tested it while logged in and it still blocked the content in question. Given that, I don't see any reason to block anonymous users. - misuba 23:23, 24 May 2005 (GMT)
- MiSuBa has the right idea. Try the spam test sandbox, JEEP, and you'll see how it stops the spam. But I think you might be saying that blacklisting everyone would hurt more than help.… and I'd agree. -- Rootbeer 23:39, 24 May 2005 (GMT)
- Sorry, I wasn't very clear. Ignore my last suggestion. I thought you were blacklisting IP addresses. Some wiki programs allow logged in users to bypass blacklisted IPs. You can set: $wgWhitelistEdit = true; (in LocalSettings.php) to make it so only logged in users can edit. It's not the most satisfying solution to me, but it should stop spambots with minimal impact to users. -JEEP 06:16, 25 May 2005 (GMT)
- I think you mean that doing that would stop the spambots we've already seen, and it would stop anyone who wants to help the wiki without logging in first. It wouldn't stop a spambot or other vandal who can log in, though.
- Think of this as finding some litter on the street in front of your house. Sure, it's a nuisance to see it there, and it's another nuisance to have to clean it up. But closing the street to anybody who doesn't have a driver's license won't stop litter. Instead, it stops your street from being open to most of the other people, including pedestrians who might help you to keep the street clean.
- If somebody really wants to throw trash on the streets of IcehouseOrg or your home town, you and I can't do anything to stop that. But what we've done now is to forbid the most smelly trash, and we've got other tools (like quick reverts) that are working fine in dealing with everything else for now. Let's not rush to block hundreds or thousands of possible contributors just because one of their number took advantage of us. -- Rootbeer 14:31, 25 May 2005 (GMT)
- As I said, it's not the most satisfying solution. I have another wiki that I manage and I have temporarily done a similar thing. It's stopped all spam so far. It's a minor nuisance, as far as I'm concerned. Esp. since the community is pretty small. If the Icehouse Community is large enough, then I agree that it's not worth it. It all depends on the number of people who want to help the community. -JEEP 20:13, 25 May 2005 (GMT)
- It looks like the blacklist based on URLs has stopped all the spam that we were getting; I haven't seen any spam since that was instituted. Why don't we see if that works, before banning anonymous posting? The thing about URL blocking is that although it's possible to get around it by getting more domain names, that defeats the purpose of wiki-spamming, which is to try and improve your page rank on wikipedia:Google and other search engines; if you keep adding more domains, you'll dilute the page rank for each one. — Lambda 20:41, 25 May 2005 (GMT)
The Return of the Spam[edit source]
Three new spammy/vandaly edits, unfortunately. The first two ( and ) probably qualify more as vandalism, and can't really be dealt with by the blacklist- they replaced the page with "stsdart of my messfage" and a bunch of random links that don't go anywhere. The third  just looks like porn- if it comes back, the appropriate hosts can be blacklisted, I guess.
Anyone know/guess why/how they've returned? -- GregF 11:32, 18 Jul 2005 (GMT)
- There's no mystery to it; now and again, a spambot will wander by, try some URLs on us, and manage not to hit anything blacklisted. Then I blacklist the URLs and the Circle Of Life continues. As for generic vandalism, really all we can do is roll it back unless it's unusually unique and consistent. - misuba 19:25, 18 Jul 2005 (GMT)
Spam strikes back[edit source]
There's still quite a bit of spam left, I have to go, though. I'll leave it for the next guy to clean up. (They're one pixel, so not easy to see, use the recent changes.)
Registerred spam[edit source]
User:Heel1983 made a spam edit in the current wave of spam. -- GregF 16:20, 3 Jan 2006 (GMT)