dKosopedia admin wrote:
Of the 17000 registered users on my site, over 10000
are spambot
registrations. We monitor edits pretty closely (though obviously not
registrations, which will change), so of those 10000 spambot users,
no more than 20 have actually edited a page, all starting on Oct
10th. (We caught it prett quickly.)
So it seems as if I should be able to feed my wiki a list of user and
have it delete those users, if, as in this case, I am *absolutely*
sure none of these users have edited pages.
I know it's not a solution, but since I've seen a few edits on my wiki
in such cases, I zapped all users with the FooooBaarr name format. I
did a MySQL query to grab all the 10 character user IDs where the user
ID and the real name were the same (and where it wasn't the one real
user who just happened to get caught with this same general format
name). With these IDs, I created a script to run changePassword.php (in
the /wiki/maintenance/ directory) for every such user. This replaced
all the passwords with one I know so these bots can't sign in. I then
used SQL to rename the users to zzFooooBaarr so they sort to the bottom
in the User List page.
Still there, but unusable by the spammers and not interfering with
regular users.
I put the reCaptcha extension in place to try to defeat the bots from
making new user IDs.
Mike