My www.PWSNotes.org MediaWiki site, which I've operated since 2004, has been overrun with spam in the last month. I used Nuke to clean it up. Unfortunately, neither ConfirmEdit with ReCaptcha nor SpamBlacklist is stopping the spammers. I interpret this as meaning that real people are doing the spamming. I just installed ConfirmAccount, which I expect should bring the spam to an end, at the unfortunate cost of making it harder for new people to contribute to our community.
Bummer. -- Dan Kohn mailto:dan@dankohn.com tel:+1-646-833-8291
I don't think that's the case; my logs show pretty much instant data entry. They must have found some way to break the service itself. I switched to Questy with some simple things like "type the word X" or "sum(2,3)" and it seems to be blocking them all so far.
On Tue, Mar 8, 2011 at 10:43 AM, Dan Kohn dan@dankohn.com wrote:
My www.PWSNotes.org MediaWiki site, which I've operated since 2004, has been overrun with spam in the last month. I used Nuke to clean it up. Unfortunately, neither ConfirmEdit with ReCaptcha nor SpamBlacklist is stopping the spammers. I interpret this as meaning that real people are doing the spamming. I just installed ConfirmAccount, which I expect should bring the spam to an end, at the unfortunate cost of making it harder for new people to contribute to our community.
Bummer.
Dan Kohn mailto:dan@dankohn.com tel:+1-646-833-8291
MediaWiki-l mailing list MediaWiki-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
Sol, I'd like to confirm your analysis. I switched from ReCaptcha to QuestyCaptcha with a custom question http://www.pwsnotes.org/Special:RecentChanges?title=Special:UserLogin&type=signup&returnto=Special:RecentChanges and have seen no further spam.
So, it looks like someone has programmed a MediaWiki/ConfirmEdit-focused spambot that can defeat SimpleCatcha (simple math problems) and -- shockingly -- ReCaptcha. But not that they're using human beings to do the spamming. So, QuestyCaptcha, for now, still works well. -- Dan Kohn mailto:dan@dankohn.com tel:+1-646-833-8291
On Tue, Mar 8, 2011 at 2:21 PM, Sol Invictus solinvic@gmail.com wrote:
I don't think that's the case; my logs show pretty much instant data entry. They must have found some way to break the service itself. I switched to Questy with some simple things like "type the word X" or "sum(2,3)" and it seems to be blocking them all so far.
On Tue, Mar 8, 2011 at 10:43 AM, Dan Kohn dan@dankohn.com wrote:
My www.PWSNotes.org MediaWiki site, which I've operated since 2004, has been overrun with spam in the last month. I used Nuke to clean it up. Unfortunately, neither ConfirmEdit with ReCaptcha nor SpamBlacklist is stopping the spammers. I interpret this as meaning that real people are doing the spamming. I just installed ConfirmAccount, which I expect should bring the spam to an end, at the unfortunate cost of making it harder for new people to contribute to our community.
Bummer.
Dan Kohn mailto:dan@dankohn.com tel:+1-646-833-8291
MediaWiki-l mailing list MediaWiki-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
MediaWiki-l mailing list MediaWiki-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
Just wait.. the technology behind IBM's Watson will end up in the hands of spammers and then there'll be no stopping the spam ;-)
--- On Thu, 3/10/11, Dan Kohn dan@dankohn.com wrote:
From: Dan Kohn dan@dankohn.com Subject: Re: [Mediawiki-l] Spam account creation, circumventing recaptcha To: "MediaWiki announcements and site admin list" mediawiki-l@lists.wikimedia.org Date: Thursday, March 10, 2011, 10:10 AM Sol, I'd like to confirm your analysis. I switched from ReCaptcha to QuestyCaptcha with a custom question http://www.pwsnotes.org/Special:RecentChanges?title=Special:UserLogin&type=signup&returnto=Special:RecentChanges and have seen no further spam.
So, it looks like someone has programmed a MediaWiki/ConfirmEdit-focused spambot that can defeat SimpleCatcha (simple math problems) and -- shockingly -- ReCaptcha. But not that they're using human beings to do the spamming. So, QuestyCaptcha, for now, still works well. -- Dan Kohn mailto:dan@dankohn.com tel:+1-646-833-8291
On Tue, Mar 8, 2011 at 2:21 PM, Sol Invictus solinvic@gmail.com wrote:
I don't think that's the case; my logs show pretty
much instant data
entry. They must have found some way to break the
service itself. I
switched to Questy with some simple things like "type
the word X" or
"sum(2,3)" and it seems to be blocking them all so
far.
On Tue, Mar 8, 2011 at 10:43 AM, Dan Kohn dan@dankohn.com
wrote:
My www.PWSNotes.org MediaWiki site, which I've
operated since 2004,
has been overrun with spam in the last month. I
used Nuke to clean it
up. Unfortunately, neither ConfirmEdit with
ReCaptcha nor
SpamBlacklist is stopping the spammers. I
interpret this as meaning
that real people are doing the spamming. I just
installed
ConfirmAccount, which I expect should bring the
spam to an end, at the
unfortunate cost of making it harder for new
people to contribute to
our community.
Bummer.
Dan Kohn mailto:dan@dankohn.com tel:+1-646-833-8291
MediaWiki-l mailing list MediaWiki-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
MediaWiki-l mailing list MediaWiki-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
MediaWiki-l mailing list MediaWiki-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
On Thu, Mar 10, 2011 at 11:10 AM, Dan Kohn dan@dankohn.com wrote:
So, it looks like someone has programmed a MediaWiki/ConfirmEdit-focused spambot that can defeat SimpleCatcha (simple math problems) and -- shockingly -- ReCaptcha. But not that they're using human beings to do the spamming. So, QuestyCaptcha, for now, still works well.
It's not really that shocking: reCAPTCHA isn't different from any other CAPTCHA, and even if a bot can only get it right 1% of the time, it can generally try new images until it gets one right.
I actually don't think there's any guarantee that it's not humans solving the CAPTCHAs: spammers could well be farming it out to humans and have just not yet added the infrastructure to support question-based CAPTCHAs (which are a rather small segment of the market and are more site-specific).
On Thu, Mar 10, 2011 at 11:49 AM, 2007@gmaskfx.com 2007@gmaskfx.com wrote:
Just wait.. the technology behind IBM's Watson will end up in the hands of spammers and then there'll be no stopping the spam ;-)
Funny, I had the same thought. The good news is that we'll have Watson-like ClueBots detecting and reverting spam by that point. In the end, it will just be machines engaged in an automated edit war. :-)
From my debug logging, the reCAPTCHAs were solved the first time,
every time, in under 1 second. This is no human, and it's no retries. I can think of any way that could happen unless the service itself has been broken, legitimately or through some flaw.
On Thu, Mar 10, 2011 at 3:37 PM, Benjamin Lees emufarmers@gmail.com wrote:
On Thu, Mar 10, 2011 at 11:10 AM, Dan Kohn dan@dankohn.com wrote:
So, it looks like someone has programmed a MediaWiki/ConfirmEdit-focused spambot that can defeat SimpleCatcha (simple math problems) and -- shockingly -- ReCaptcha. But not that they're using human beings to do the spamming. So, QuestyCaptcha, for now, still works well.
It's not really that shocking: reCAPTCHA isn't different from any other CAPTCHA, and even if a bot can only get it right 1% of the time, it can generally try new images until it gets one right.
I actually don't think there's any guarantee that it's not humans solving the CAPTCHAs: spammers could well be farming it out to humans and have just not yet added the infrastructure to support question-based CAPTCHAs (which are a rather small segment of the market and are more site-specific).
On Thu, Mar 10, 2011 at 11:49 AM, 2007@gmaskfx.com 2007@gmaskfx.com wrote:
Just wait.. the technology behind IBM's Watson will end up in the hands of spammers and then there'll be no stopping the spam ;-)
Funny, I had the same thought. The good news is that we'll have Watson-like ClueBots detecting and reverting spam by that point. In the end, it will just be machines engaged in an automated edit war. :-)
MediaWiki-l mailing list MediaWiki-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
mediawiki-l@lists.wikimedia.org