Hi,
I am running a couple of relatively small academic Wikis mainly for educational uses at university. Thus there is relatively little traffic apart from course time. Nevertheless, some two years ago I noticed more and more spam and thus reduced editing rights first to registered users, then to users of a special group that need my personal acknowledgement. Now, in recent months there is an increasing number of new users (robots?) obviously attempting to write spam which they do not do but they are kind of spamming the lists of registered users. I could reduce the registration rights but on the other hand I want students to register freely in order to obtain their editing permissions. Is there a decent way to detect and prevent harmful would-be spammers from setting up an account without preventing that option for serious users?
Best
Bernhard
***************
Dr. Bernhard Scheid
Austrian Academy of Sciences Institute for the Cultural and Intellectual History of Asia
Apostelgasse 23 1030 Vienna, Austria
Tel.: +43-1-51581 6424 E-mail: bernhard.scheid@oeaw.ac.at
2012/8/1 Scheid, Bernhard Bernhard.Scheid@oeaw.ac.at:
Hi,
I am running a couple of relatively small academic Wikis mainly for educational uses at university. Thus there is relatively little traffic apart from course time. Nevertheless, some two years ago I noticed more and more spam and thus reduced editing rights first to registered users, then to users of a special group that need my personal acknowledgement. Now, in recent months there is an increasing number of new users (robots?) obviously attempting to write spam which they do not do but they are kind of spamming the lists of registered users. I could reduce the registration rights but on the other hand I want students to register freely in order to obtain their editing permissions. Is there a decent way to detect and prevent harmful would-be spammers from setting up an account without preventing that option for serious users?
Hallo,
Try this page: https://www.mediawiki.org/wiki/Manual:Combating_spam
-- Amir Elisha Aharoni · אָמִיר אֱלִישָׁע אַהֲרוֹנִי http://aharoni.wordpress.com “We're living in pieces, I want to live in peace.” – T. Moore
Bernhard ,
I have found questycaptcha to be the most successful at blocking bots from adding users. Basically it asks a question such as "Where is Tokyo?" and the answer is "Japan". This has been working pretty well but lately I have noticed that some bots are still getting through so I might need to change my question.
http://www.mediawiki.org/wiki/Extension:QuestyCaptcha
Adrian
________________________________ From: "Scheid, Bernhard" Bernhard.Scheid@oeaw.ac.at To: "mediawiki-l@lists.wikimedia.org" mediawiki-l@lists.wikimedia.org Sent: Wednesday, August 1, 2012 3:36 AM Subject: [MediaWiki-l] spam users
Hi,
I am running a couple of relatively small academic Wikis mainly for educational uses at university. Thus there is relatively little traffic apart from course time. Nevertheless, some two years ago I noticed more and more spam and thus reduced editing rights first to registered users, then to users of a special group that need my personal acknowledgement. Now, in recent months there is an increasing number of new users (robots?) obviously attempting to write spam which they do not do but they are kind of spamming the lists of registered users. I could reduce the registration rights but on the other hand I want students to register freely in order to obtain their editing permissions. Is there a decent way to detect and prevent harmful would-be spammers from setting up an account without preventing that option for serious users?
Best
Bernhard
***************
Dr. Bernhard Scheid
Austrian Academy of Sciences Institute for the Cultural and Intellectual History of Asia
Apostelgasse 23 1030 Vienna, Austria
Tel.: +43-1-51581 6424 E-mail: bernhard.scheid@oeaw.ac.at
_______________________________________________ MediaWiki-l mailing list MediaWiki-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
Many thanks!
-----Ursprüngliche Nachricht----- Von: mediawiki-l-bounces@lists.wikimedia.org [mailto:mediawiki-l-bounces@lists.wikimedia.org] Im Auftrag von 2007@gmaskfx.com Gesendet: Mittwoch, 1. August 2012 15:30 An: MediaWiki announcements and site admin list Betreff: Re: [MediaWiki-l] spam users
Bernhard ,
I have found questycaptcha to be the most successful at blocking bots from adding users. Basically it asks a question such as "Where is Tokyo?" and the answer is "Japan". This has been working pretty well but lately I have noticed that some bots are still getting through so I might need to change my question.
http://www.mediawiki.org/wiki/Extension:QuestyCaptcha
Adrian
________________________________ From: "Scheid, Bernhard" Bernhard.Scheid@oeaw.ac.at To: "mediawiki-l@lists.wikimedia.org" mediawiki-l@lists.wikimedia.org Sent: Wednesday, August 1, 2012 3:36 AM Subject: [MediaWiki-l] spam users
Hi,
I am running a couple of relatively small academic Wikis mainly for educational uses at university. Thus there is relatively little traffic apart from course time. Nevertheless, some two years ago I noticed more and more spam and thus reduced editing rights first to registered users, then to users of a special group that need my personal acknowledgement. Now, in recent months there is an increasing number of new users (robots?) obviously attempting to write spam which they do not do but they are kind of spamming the lists of registered users. I could reduce the registration rights but on the other hand I want students to register freely in order to obtain their editing permissions. Is there a decent way to detect and prevent harmful would-be spammers from setting up an account without preventing that option for serious users?
Best
Bernhard
***************
Dr. Bernhard Scheid
Austrian Academy of Sciences Institute for the Cultural and Intellectual History of Asia
Apostelgasse 23 1030 Vienna, Austria
Tel.: +43-1-51581 6424 E-mail: bernhard.scheid@oeaw.ac.at
_______________________________________________ MediaWiki-l mailing list MediaWiki-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-l _______________________________________________ MediaWiki-l mailing list MediaWiki-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
I had good results with QueryCaptcha as well. Do you have experience with it? I wonder how it compares with QuestyCaptcha.
On Wed, Aug 1, 2012 at 10:29 AM, 2007@gmaskfx.com 2007@gmaskfx.com wrote:
Bernhard ,
I have found questycaptcha to be the most successful at blockingbots from adding users. Basically it asks a question such as "Where is Tokyo?" and the answer is "Japan". This has been working pretty well but lately I have noticed that some bots are still getting through so I might need to change my question.
http://www.mediawiki.org/wiki/Extension:QuestyCaptcha
Adrian
From: "Scheid, Bernhard" Bernhard.Scheid@oeaw.ac.at To: "mediawiki-l@lists.wikimedia.org" mediawiki-l@lists.wikimedia.org Sent: Wednesday, August 1, 2012 3:36 AM Subject: [MediaWiki-l] spam users
Hi,
I am running a couple of relatively small academic Wikis mainly for educational uses at university. Thus there is relatively little traffic apart from course time. Nevertheless, some two years ago I noticed more and more spam and thus reduced editing rights first to registered users, then to users of a special group that need my personal acknowledgement. Now, in recent months there is an increasing number of new users (robots?) obviously attempting to write spam which they do not do but they are kind of spamming the lists of registered users. I could reduce the registration rights but on the other hand I want students to register freely in order to obtain their editing permissions. Is there a decent way to detect and prevent harmful would-be spammers from setting up an account without preventing that option for serious users?
Best
Bernhard
Dr. Bernhard Scheid
Austrian Academy of Sciences Institute for the Cultural and Intellectual History of Asia
Apostelgasse 23 1030 Vienna, Austria
Tel.: +43-1-51581 6424 E-mail: bernhard.scheid@oeaw.ac.at
MediaWiki-l mailing list MediaWiki-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-l _______________________________________________ MediaWiki-l mailing list MediaWiki-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
Hallo, Bernhard,
Du meintest am 01.08.12:
I am running a couple of relatively small academic Wikis mainly for educational uses at university. Thus there is relatively little traffic apart from course time. Nevertheless, some two years ago I noticed more and more spam and thus reduced editing rights first to registered users, then to users of a special group that need my personal acknowledgement. Now, in recent months there is an increasing number of new users (robots?) obviously attempting to write spam which they do not do but they are kind of spamming the lists of registered users.
Yes - I know these nasty robots ...
I could reduce the registration rights but on the other hand I want students to register freely in order to obtain their editing permissions. Is there a decent way to detect and prevent harmful would-be spammers from setting up an account without preventing that option for serious users?
Captcha: didn't work reliable (may be due to my external provider).
Then I added the following lines
# reduzieren; 29.5.12
$wgGroupPermissions['*']['edit'] = false; $wgGroupPermissions['user']['edit'] = true; $wgGroupPermissions['sysop']['edit'] = true;
# $wgGroupPermissions['*']['createpage'] = false; # $wgGroupPermissions['user']['createpage'] = false; $wgGroupPermissions['user']['createpage'] = true; $wgGroupPermissions['autoconfirmed']['createpage'] = true; $wgAutoConfirmAge = 86400 * 4; # 4 Tage oder aelter # $wgGroupPermissions['*']['createaccount'] = false; $wgGroupPermissions['user']['createaccount'] = true; #
to "LocalSettings.php"; I have (as sysop/bureaucrat) to create an account for every allowed user, but that's (in my case) much less work than cleaning the Wiki every day.
Maybe these lines can be elaborated ...
And with a lot of hope and ccordination it may be possible to change the "createaccount" line for an hour or so and all allowed users have to create their account within that time.
Viele Gruesse! Helmut
On Wed, Aug 1, 2012 at 12:44 PM, Helmut Hullen Hullen@t-online.de wrote:
Hallo, Bernhard,
Du meintest am 01.08.12:
I am running a couple of relatively small academic Wikis mainly for educational uses at university. Thus there is relatively little traffic apart from course time. Nevertheless, some two years ago I noticed more and more spam and thus reduced editing rights first to registered users, then to users of a special group that need my personal acknowledgement. Now, in recent months there is an increasing number of new users (robots?) obviously attempting to write spam which they do not do but they are kind of spamming the lists of registered users.
Yes - I know these nasty robots ...
I could reduce the registration rights but on the other hand I want students to register freely in order to obtain their editing permissions. Is there a decent way to detect and prevent harmful would-be spammers from setting up an account without preventing that option for serious users?
Captcha: didn't work reliable (may be due to my external provider).
Then I added the following lines
# reduzieren; 29.5.12
$wgGroupPermissions['*']['edit'] = false; $wgGroupPermissions['user']['edit'] = true; $wgGroupPermissions['sysop']['edit'] = true;
# $wgGroupPermissions['*']['createpage'] = false; # $wgGroupPermissions['user']['createpage'] = false; $wgGroupPermissions['user']['createpage'] = true; $wgGroupPermissions['autoconfirmed']['createpage'] = true; $wgAutoConfirmAge = 86400 * 4; # 4 Tage oder aelter # $wgGroupPermissions['*']['createaccount'] = false; $wgGroupPermissions['user']['createaccount'] = true; #
to "LocalSettings.php"; I have (as sysop/bureaucrat) to create an account for every allowed user, but that's (in my case) much less work than cleaning the Wiki every day.
Maybe these lines can be elaborated ...
And with a lot of hope and ccordination it may be possible to change the "createaccount" line for an hour or so and all allowed users have to create their account within that time.
Viele Gruesse! Helmut
New account spam can be largely avoided by disabling account creation for new users and transferring authentication to a service such as https://www.mediawiki.org/wiki/Extension:OpenID
New account creation is disabled with this line in LocalSettings.php:
$wgGroupPermissions['*']['createaccount'] = false;
The [[MediaWiki:Loginprompt]] can be updated from its default value to suggest that new users create accounts with an OpenID. Current accounts are unaffected, and new users often already have an account with one of the OpenID providers,
http://openid.net/get-an-openid/
Also reported here:
https://www.mediawiki.org/wiki/Manual:Combating_spam#Restrict_editing
--Fred
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 01/08/12 11:36, Scheid, Bernhard wrote:
Hi,
I am running a couple of relatively small academic Wikis mainly for educational uses at university. Thus there is relatively little traffic apart from course time. Nevertheless, some two years ago I noticed more and more spam and thus reduced editing rights first to registered users, then to users of a special group that need my personal acknowledgement. Now, in recent months there is an increasing number of new users (robots?) obviously attempting to write spam which they do not do but they are kind of spamming the lists of registered users. I could reduce the registration rights but on the other hand I want students to register freely in order to obtain their editing permissions. Is there a decent way to detect and prevent harmful would-be spammers from setting up an account without preventing that option for serious users?
Determined human spammers are hard to beat, but fortunately not great in numbers. Questy captcha is wonderful at shutting out the bots. You can expect a massive reduction as soon as you have set your questions. You just set questions that are simple to answer, often based on what is on-screen at the time of registration. Bots can't handle that.
Anne
Questy captcha is awesome but don't forget to change the questions from time to time. Maybe you'll also find this article interesting, I wrote it when there was much spam on semanticweb.org: http://semanticweb.org/wiki/semanticweb.org:Fighting_spam ----- Yury Katkov
On Wed, Aug 1, 2012 at 10:28 PM, Anne Wilson annew@kde.org wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 01/08/12 11:36, Scheid, Bernhard wrote:
Hi,
I am running a couple of relatively small academic Wikis mainly for educational uses at university. Thus there is relatively little traffic apart from course time. Nevertheless, some two years ago I noticed more and more spam and thus reduced editing rights first to registered users, then to users of a special group that need my personal acknowledgement. Now, in recent months there is an increasing number of new users (robots?) obviously attempting to write spam which they do not do but they are kind of spamming the lists of registered users. I could reduce the registration rights but on the other hand I want students to register freely in order to obtain their editing permissions. Is there a decent way to detect and prevent harmful would-be spammers from setting up an account without preventing that option for serious users?
Determined human spammers are hard to beat, but fortunately not great in numbers. Questy captcha is wonderful at shutting out the bots. You can expect a massive reduction as soon as you have set your questions. You just set questions that are simple to answer, often based on what is on-screen at the time of registration. Bots can't handle that.
Anne
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAlAZB30ACgkQj93fyh4cnBexKwCfSQqkMeiyysMT177si4NzezEm ryAAnA/rz5jCetvqHT7QVluS6mekd2Tl =iCTi
- -----END PGP SIGNATURE-----
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAlAZdVIACgkQj93fyh4cnBe9tACbB6BAN2d1UnluRP6zByTgt0ry JjQAn1m9M1x06kbKpPhyK/IjX6oezI2l =uZdF -----END PGP SIGNATURE-----
MediaWiki-l mailing list MediaWiki-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
mediawiki-l@lists.wikimedia.org