Difference between revisions of "WikiSpam"
(response) |
m (link fix) |
||
(2 intermediate revisions by the same user not shown) | |||
Line 5: | Line 5: | ||
Grrr. | Grrr. | ||
− | --TedPro | + | --[[TedPro]] |
See also: [[Discussions/WikiSpam]] if you have questions. Chances are they're answered there. For one thing, it will tell you how to easily despam a page (without needing to go all crazy with the select-all button, either!) and for another, it will give you information to help figure out what can feasibly be done. | See also: [[Discussions/WikiSpam]] if you have questions. Chances are they're answered there. For one thing, it will tell you how to easily despam a page (without needing to go all crazy with the select-all button, either!) and for another, it will give you information to help figure out what can feasibly be done. | ||
Line 13: | Line 13: | ||
First success for the antispam: | First success for the antispam: | ||
− | 170.224.224.117 - - [10/Mar/2005:14:56:07 +1300] "GET /wiki/wiki.pl?action=browse&diff=1&id=SuzumeAbilities HTTP/1.0" 200 24005 "http://www.google.com/search?q=inurl:pl%3Faction%3Dbrowse+porn&hl=en&lr=&start=20&sa=N" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)" | + | 170.224.224.117 - - [10/Mar/2005:14:56:07 +1300] "GET /wiki/wiki.pl?action=browse&diff=1&id=[[SuzumeAbilities]] HTTP/1.0" 200 24005 "http://www.google.com/search?q=inurl:pl%3Faction%3Dbrowse+porn&hl=en&lr=&start=20&sa=N" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)" |
170.224.224.120 - - [10/Mar/2005:14:56:08 +1300] "GET /wiki/basic.css HTTP/1.0" 200 642 "http://exalted.xi.co.nz/wiki/wiki.pl?action=browse&diff=1&id=SuzumeAbilities" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)" | 170.224.224.120 - - [10/Mar/2005:14:56:08 +1300] "GET /wiki/basic.css HTTP/1.0" 200 642 "http://exalted.xi.co.nz/wiki/wiki.pl?action=browse&diff=1&id=SuzumeAbilities" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)" | ||
− | 170.224.224.123 - - [10/Mar/2005:14:56:09 +1300] "GET /wiki/ExaltedLogo.gif HTTP/1.0" 200 14935 "http://exalted.xi.co.nz/wiki/wiki.pl?action=browse&diff=1&id=SuzumeAbilities" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)" | + | 170.224.224.123 - - [10/Mar/2005:14:56:09 +1300] "GET /wiki/[[ExaltedLogo]].gif HTTP/1.0" 200 14935 "http://exalted.xi.co.nz/wiki/wiki.pl?action=browse&diff=1&id=SuzumeAbilities" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)" |
− | 170.224.224.124 - - [10/Mar/2005:14:56:20 +1300] "GET /wiki/wiki.pl?action=edit&id=SuzumeAbilities HTTP/1.0" 200 2649 "http://exalted.xi.co.nz/wiki/wiki.pl?action=browse&diff=1&id=SuzumeAbilities" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)" | + | 170.224.224.124 - - [10/Mar/2005:14:56:20 +1300] "GET /wiki/wiki.pl?action=edit&id=[[SuzumeAbilities]] HTTP/1.0" 200 2649 "http://exalted.xi.co.nz/wiki/wiki.pl?action=browse&diff=1&id=SuzumeAbilities" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)" |
170.224.224.117 - - [10/Mar/2005:14:56:36 +1300] "POST /wiki/wiki.pl HTTP/1.0" 200 1410 "http://exalted.xi.co.nz/wiki/wiki.pl?action=edit&id=SuzumeAbilities" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)" | 170.224.224.117 - - [10/Mar/2005:14:56:36 +1300] "POST /wiki/wiki.pl HTTP/1.0" 200 1410 "http://exalted.xi.co.nz/wiki/wiki.pl?action=edit&id=SuzumeAbilities" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)" | ||
− | So, they searched Google for 'inurl:pl?action=browse porn', got SuzumeAbilities, tried to deface it (lots of porn links), were bounced, and I was notified. -- [[Xyphoid]] | + | So, they searched Google for 'inurl:pl?action=browse porn', got [[SuzumeAbilities]], tried to deface it (lots of porn links), were bounced, and I was notified. -- [[Xyphoid]] |
Line 26: | Line 26: | ||
Right, so bare URL's get turned into links even without brackets around them. I wasn't detecting bare URL's in my spamtrap (which is rejecting 30-50 edits a day so far), and so it missed this one. To fix. -- [[Xyphoid]] | Right, so bare URL's get turned into links even without brackets around them. I wasn't detecting bare URL's in my spamtrap (which is rejecting 30-50 edits a day so far), and so it missed this one. To fix. -- [[Xyphoid]] | ||
− | Looks like the spammers found a crack to slip through. I just unspammed a couple pages that had 3 spam links at the bottom of them. Granted 3 links at the bottom of the page is 10 times better then 1000 links replacing an entire page, but I just thought everyone should be aware.<BR>--DarkWolff | + | Looks like the spammers found a crack to slip through. I just unspammed a couple pages that had 3 spam links at the bottom of them. Granted 3 links at the bottom of the page is 10 times better then 1000 links replacing an entire page, but I just thought everyone should be aware.<BR>--[[DarkWolff]] |
− | :Yeah, it seems they found the google hole. At least all the links go through it. Looks like some sorta bot network. Anyway one could make it so people have to be set by an admin to be able to post external links? Gah. Spammers make me ill! -FlowsLikeBits, <i>yes, it's evil, but this is STUPID evil</i> | + | :Yeah, it seems they found the google hole. At least all the links go through it. Looks like some sorta bot network. Anyway one could make it so people have to be set by an admin to be able to post external links? Gah. Spammers make me ill! -[[FlowsLikeBits]], <i>yes, it's evil, but this is STUPID evil</i> |
:: I've reduced the number of external links you can add at once again - I'd increased it recently. [[Xyphoid]] | :: I've reduced the number of external links you can add at once again - I'd increased it recently. [[Xyphoid]] | ||
Line 47: | Line 47: | ||
I dont know if you realise but I have several large eggshells out back - wanna try some | I dont know if you realise but I have several large eggshells out back - wanna try some | ||
− | Fairly large spam attack today. Spammer would put one link at the bottom of the page. All pages seem to be clean now. Based on today's incident, I feel the need to ask if setting up the wiki to only be editted by users logged in (with a decent registration identification) is still out of the question.<br>--DarkWolff | + | Fairly large spam attack today. Spammer would put one link at the bottom of the page. All pages seem to be clean now. Based on today's incident, I feel the need to ask if setting up the wiki to only be editted by users logged in (with a decent registration identification) is still out of the question.<br>--[[DarkWolff]] |
Damn it - the big spam runs always happen while I'm asleep. I've locked the wiki so you'll need to use the editor password as above (set it in the 'administrator password' box on your prefs page). Will look at other solutions - I don't want to force registration. - Xyphoid | Damn it - the big spam runs always happen while I'm asleep. I've locked the wiki so you'll need to use the editor password as above (set it in the 'administrator password' box on your prefs page). Will look at other solutions - I don't want to force registration. - Xyphoid |
Latest revision as of 01:18, 6 April 2010
It sucks a lot. Best thing to do is, if you see it, fix it. Go to the revision before the spam, and save it. It's annoying, though.
I wonder if they've gotten even a single clickthrough on those. Sometimes I think spammers just do it for a power trip, rather than any kind of advertisement.
Grrr.
--TedPro
See also: Discussions/WikiSpam if you have questions. Chances are they're answered there. For one thing, it will tell you how to easily despam a page (without needing to go all crazy with the select-all button, either!) and for another, it will give you information to help figure out what can feasibly be done.
First success for the antispam:
170.224.224.117 - - [10/Mar/2005:14:56:07 +1300] "GET /wiki/wiki.pl?action=browse&diff=1&id=SuzumeAbilities HTTP/1.0" 200 24005 "http://www.google.com/search?q=inurl:pl%3Faction%3Dbrowse+porn&hl=en&lr=&start=20&sa=N" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)" 170.224.224.120 - - [10/Mar/2005:14:56:08 +1300] "GET /wiki/basic.css HTTP/1.0" 200 642 "http://exalted.xi.co.nz/wiki/wiki.pl?action=browse&diff=1&id=SuzumeAbilities" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)" 170.224.224.123 - - [10/Mar/2005:14:56:09 +1300] "GET /wiki/ExaltedLogo.gif HTTP/1.0" 200 14935 "http://exalted.xi.co.nz/wiki/wiki.pl?action=browse&diff=1&id=SuzumeAbilities" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)" 170.224.224.124 - - [10/Mar/2005:14:56:20 +1300] "GET /wiki/wiki.pl?action=edit&id=SuzumeAbilities HTTP/1.0" 200 2649 "http://exalted.xi.co.nz/wiki/wiki.pl?action=browse&diff=1&id=SuzumeAbilities" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)" 170.224.224.117 - - [10/Mar/2005:14:56:36 +1300] "POST /wiki/wiki.pl HTTP/1.0" 200 1410 "http://exalted.xi.co.nz/wiki/wiki.pl?action=edit&id=SuzumeAbilities" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
So, they searched Google for 'inurl:pl?action=browse porn', got SuzumeAbilities, tried to deface it (lots of porn links), were bounced, and I was notified. -- Xyphoid
--
Right, so bare URL's get turned into links even without brackets around them. I wasn't detecting bare URL's in my spamtrap (which is rejecting 30-50 edits a day so far), and so it missed this one. To fix. -- Xyphoid
Looks like the spammers found a crack to slip through. I just unspammed a couple pages that had 3 spam links at the bottom of them. Granted 3 links at the bottom of the page is 10 times better then 1000 links replacing an entire page, but I just thought everyone should be aware.
--DarkWolff
- Yeah, it seems they found the google hole. At least all the links go through it. Looks like some sorta bot network. Anyway one could make it so people have to be set by an admin to be able to post external links? Gah. Spammers make me ill! -FlowsLikeBits, yes, it's evil, but this is STUPID evil
-- The latest spam page (2/11/2005) got through once because it appears to clear large pages before adding the links (small pages it just added the links to, tripping the filter.) To handle this, I'll need to check the actual urls instead of the difference in number of urls added - hopefully this week.
In order to help fix this kind of thing, if you set the administrator password in your prefs to the name of the game, you're exempted from the link check, which should let you revert the page in one go. I'm assuming the spammers aren't reading this, of course - if they are, we'll notice pretty quickly, and i'll change the password to something more obscure. Xyphoid
Got a question, what is the administrator password, I'll understand if it has to be kept a secret. So, the question then comes, how do we get ahold of it when we need it? ~ Haku
Just 'exalted'. If it gets used for spam, I'll change it to a password out of the corebook. - Xyphoid
Cool, that works for me. ^_^ ~ haku
I dont know if you realise but I have several large eggshells out back - wanna try some
Fairly large spam attack today. Spammer would put one link at the bottom of the page. All pages seem to be clean now. Based on today's incident, I feel the need to ask if setting up the wiki to only be editted by users logged in (with a decent registration identification) is still out of the question.
--DarkWolff
Damn it - the big spam runs always happen while I'm asleep. I've locked the wiki so you'll need to use the editor password as above (set it in the 'administrator password' box on your prefs page). Will look at other solutions - I don't want to force registration. - Xyphoid