Yes I have the same problem. So annoying. Are humans confirming the emails as well?
I have captcha, email confirmation and the SpamBlacklist extension and i'm still getting spammed every day for the last week. They keep making new accounts every day. What can I do since they are bypassing all this? Really annoying and time consuming banning users and deleting spam pages.
Chris
Good Morning MediaWiki Fans:
Our wiki site suffered a spam attack this weekend. (version 1.13.0) The attack evidently had some method to work-around the new account Captcha barrier, and the authorized user email allowed to edit setting. I'm curious if anyone else has encountered such attacks and if there are new ways to block bogus account creation.
--Hiram
At this stage I've blocked the function for users to create accounts themselves... They complete a form on the website, and I receive an email, then I create the account for them. Before I create the account, I normally contact them to determine if they are a genuine prospective users... It seems to be working for me, but I have to mention that I do not receive a lot of requests to create an account as my site is not a high traffic website at this stage.
Op 2011/03/16 07:45 AM, het Chris Lewis geskryf:
Yes I have the same problem. So annoying. Are humans confirming the emails as well?
I have captcha, email confirmation and the SpamBlacklist extension and i'm still getting spammed every day for the last week. They keep making new accounts every day. What can I do since they are bypassing all this? Really annoying and time consuming banning users and deleting spam pages.
Chris
On Wed, Mar 16, 2011 at 1:45 AM, Chris Lewis yecheondigital@yahoo.comwrote:
Yes I have the same problem. So annoying. Are humans confirming the emails as well?
I have captcha, email confirmation and the SpamBlacklist extension and i'm still getting spammed every day for the last week. They keep making new accounts every day. What can I do since they are bypassing all this? Really annoying and time consuming banning users and deleting spam pages.
Chris
Install http://www.mediawiki.org/wiki/Extension:OpenID and disable new account creation, instead, redirect users to the OpenID account page, Special:OpenIDLogin.
--Fred
Try QuestyCaptcha*. It has been stopping spammers on my wiki that reCaptcha failed to.
* http://www.mediawiki.org/wiki/ConfirmEdit#QuestyCaptcha
Roger TEFLChina.org, wiki for teachers of English as a foreign language in China
Questy solved this problem for me immediately.. I also feel totally redeemed to know that other people are having this same issue after I first posted about it a month or so ago.
--- On Wed, 3/16/11, roger@rogerchrisman.com roger@rogerchrisman.com wrote:
From: roger@rogerchrisman.com roger@rogerchrisman.com Subject: Re: [Mediawiki-l] spam attack avoids captcha To: "MediaWiki announcements and site admin list" mediawiki-l@lists.wikimedia.org Date: Wednesday, March 16, 2011, 11:47 AM Try QuestyCaptcha*. It has been stopping spammers on my wiki that reCaptcha failed to.
Roger TEFLChina.org, wiki for teachers of English as a foreign language in China
MediaWiki-l mailing list MediaWiki-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
What prevents the black hat google spammers from creating OpenID accounts ?
--Hiram
Frederick Grose wrote:
Install http://www.mediawiki.org/wiki/Extension:OpenID and disable new account creation, instead, redirect users to the OpenID account page, Special:OpenIDLogin.
On Wed, Mar 16, 2011 at 6:50 PM, Hiram Clawson hiram@soe.ucsc.edu wrote:
What prevents the black hat google spammers from creating OpenID accounts ?
--Hiram
Frederick Grose wrote:
Install http://www.mediawiki.org/wiki/Extension:OpenID and disable new account creation, instead, redirect users to the OpenID account page, Special:OpenIDLogin.
I suspect that that simply doesn't fit their attack plan or program. Perhaps there are other obstacles in taking that route, such as better filtering by the OpenID providers.
--Fred
On 11-03-16 04:35 PM, Frederick Grose wrote:
On Wed, Mar 16, 2011 at 6:50 PM, Hiram Clawsonhiram@soe.ucsc.edu wrote:
What prevents the black hat google spammers from creating OpenID accounts ?
--Hiram
Frederick Grose wrote:
Install http://www.mediawiki.org/wiki/Extension:OpenID and disable new account creation, instead, redirect users to the OpenID account page, Special:OpenIDLogin.
I suspect that that simply doesn't fit their attack plan or program. Perhaps there are other obstacles in taking that route, such as better filtering by the OpenID providers.
--Fred
Anyone can be an OpenID provider, there is even less filtering and control. Spammers could create their own private OpenID provider for their spam accounts and without any CAPTCHA or anything else in their way. It's like e-mail.
This is just a game of whack-a-mole. The spambots have to be programmed, naturally they can't take every single situation into account. So they start, we find a way to stop them. They find a way to bypass that. We find another way to stop that, they find another way to bypass that. The spammers haven't coded the bots to handle QuestyCaptcha yet, but if people start using it to stop them, then they will code it into the bot. If you use OpenID to stop them, they'll code OpenID into the bots (and in the meantime you may irritate your potential userbase a bit). I wrote a AbuseFilter filter to deal with a pattern like this on a wiki, made that spam pattern require an extra confirmation page. Bots stopped since they weren't coded to use the confirmation form. Sure enough after a bit I started seeing the same spam, naturally the bots were now using the confirmation form. So I had to elevate it to deny. Later I had to elevate it to autoblock of users using that spam pattern.
~Daniel Friesen (Dantman, Nadir-Seen-Fire) [http://daniel.friesen.name]
Daniel Friesen wrote:
The spammers haven't coded the bots to handle QuestyCaptcha yet, but if people start using it to stop them, then they will code it into the bot.
Questy captcha is a free form question. You can't learn how to bypass any instance of it. Not even a human would be able to bypass it using just generic knowledge (eg. a foreign speaker). The most that bots could do is to try with common answers such as a the wiki name, or domain. No bot would be able to solve all by itself "Who is the current companion of Doctor Who?"* OTOH it's highly annoying for those users which don't know about Doctor Who, or that for some reason get their answer rejected. I was once denied access by one captcha of that kind (naming the character of the image) despite having found the correct answer, I don't remember exactly what was the issue. So you may also want to provide some email address for appealing.
*Once a human instructs it, they are able to use it multiple times at that wiki, though.
On Wed, Mar 16, 2011 at 8:15 PM, Daniel Friesen lists@nadir-seen-fire.comwrote: [...]
Sure enough after a bit I started seeing the same spam,
Perhaps it is a bit draconian, but on my wiki, when I get spam, I use checkuser to get their ip. I block their whole /24 subnet. I then go look at the spam they left me, and I blacklist every domain in the URL's. Most spammers spam a single domain, but if they come back with different URL's, I look at the phrasing of the language of the containing text, and pick something (like a grammatical error) and blacklist that by regular expression.
On my wiki, if they come back, it is at least not with the same spam. They might come back once or twice, but I don't often see many repeats.
The whole thing is pointless, because most of the time they edit pages that are in the ban list in robots.txt, so google would never even download those pages. And if they do occasionally edit a page that would be downloaded by google, I've turned on the option that tells google not to use those links in pagerank, so it won't help them with SEO. Occasionally, I put that message in the ban text when I get a repeat spammer. Maybe they read it and don't come back, but I doubt that they are even that clever.
Maybe my wiki is just too small for them to care enough to come back and I just got caught in a huge list they were spamming. My wiki is certainly small enough that I don't care if some ISP's subdomain gets blocked accidently, I can afford to be draconian.
The spam is getting really tiresome. I turned on ConfirmAccount and the spammers continue to ask for accounts even through that mechanism. It is a real pain...
--Hiram
On 04/13/2011 06:57 PM, Hiram Clawson wrote:
The spam is getting really tiresome. I turned on ConfirmAccount and the spammers continue to ask for accounts even through that mechanism. It is a real pain...
Read this: http://www.mediawiki.org/wiki/Manual:Combating_spam
http://www.mediawiki.org/wiki/Extension:ConfirmEdit works well for me, with the QuestyCaptcha CAPTCHA type.
Cheers, Kilian
On Wednesday 13 April 2011 18:01:30 Kilian wrote:
On 04/13/2011 06:57 PM, Hiram Clawson wrote:
The spam is getting really tiresome. I turned on ConfirmAccount and the spammers continue to ask for accounts even through that mechanism. It is a real pain...
Read this: http://www.mediawiki.org/wiki/Manual:Combating_spam
http://www.mediawiki.org/wiki/Extension:ConfirmEdit works well for me, with the QuestyCaptcha CAPTCHA type.
What I'd really like to see is the ability to say that you can't make any edits until you have been registered for a period of time, unless you are a member of a higher group. I doubt if the spammers would bother creating an account and coming back to post their spam three months later. I haven't seen anyone suggest that it actually is possible, though.
Anne
On 04/13/2011 07:42 PM, Anne Wilson wrote:
What I'd really like to see is the ability to say that you can't make any edits until you have been registered for a period of time, unless you are a member of a higher group. I doubt if the spammers would bother creating an account and coming back to post their spam three months later. I haven't seen anyone suggest that it actually is possible, though.
It shouldn't be too difficult to write an extension that does this.
Kilian
On Wed, Apr 13, 2011 at 1:42 PM, Anne Wilson annew@kde.org wrote:
What I'd really like to see is the ability to say that you can't make any edits until you have been registered for a period of time, unless you are a member of a higher group. I doubt if the spammers would bother creating an account and coming back to post their spam three months later. I haven't seen anyone suggest that it actually is possible, though.
You could do this by playing with the autoconfirm settings and default permissions.
-Chad
Hi Anne,
On 13-04-11 19:42 Anne Wilson annew@kde.org wrote:
What I'd really like to see is the ability to say that you can't make any edits until you have been registered for a period of time, unless you are a member of a higher group. I doubt if the spammers would bother creating an account and coming back to post their spam three months later. I haven't seen anyone suggest that it actually is possible, though.
This is already possible. Users can become "autoconfirmed" based on several criteria. Once of those is the age of an account. If the edit right is set only for autoconfirmed users and up, then registered users will not be able to edit until they are autoconfirmed. See:
http://www.mediawiki.org/wiki/Manual:$wgAutoConfirmAge http://www.mediawiki.org/wiki/Manual:$wgAutoConfirmCount
Cheers!
Siebrand
On Wed, Apr 13, 2011 at 11:11 AM, Siebrand Mazeland s.mazeland@xs4all.nlwrote:
On 13-04-11 19:42 Anne Wilson annew@kde.org wrote:
What I'd really like to see is the ability to say that you can't make any edits until you have been registered for a period of time, unless you are
a
member of a higher group. I doubt if the spammers would bother creating
an
account and coming back to post their spam three months later. I haven't
seen
anyone suggest that it actually is possible, though.
This is already possible. Users can become "autoconfirmed" based on several criteria. Once of those is the age of an account. If the edit right is set only for autoconfirmed users and up, then registered users will not be able to edit until they are autoconfirmed. See:
http://www.mediawiki.org/wiki/Manual:$wgAutoConfirmAge http://www.mediawiki.org/wiki/Manual:$wgAutoConfirmCount
You can indeed do these sorts of things, but if you're not careful in what you restrict this way you'll find that you simply lock out all possibility of new users coming to your site and doing anything. A human won't wait around three months before they can edit, either!
These are usually meant to provide speed bumps to unlock advanced features after people have had a chance to acclimate (like page renaming, which can be much more disruptive when misused than merely editing pages).
-- brion
Hiya,
On Wed, Apr 13, 2011 at 19:42, Anne Wilson annew@kde.org wrote:
What I'd really like to see is the ability to say that you can't make any edits until you have been registered for a period of time, unless you are a member of a higher group. I doubt if the spammers would bother creating an account and coming back to post their spam three months later. I haven't seen anyone suggest that it actually is possible, though.
I haven't actually tried this, but based on what's on mediawiki.org, the following might do the trick: restrict editing to members of the "autoconfirmed" user group, and set $wgAutoConfirmAge to the desired amount of time (in seconds)[1].
There's also a the "Require Editor Priviledge" extension[2], which apparently restricts editing to a hand-chosen list of users.
1. http://www.mediawiki.org/wiki/Manual:$wgAutoConfirmAge 2. http://www.mediawiki.org/wiki/Extension:Require_Editor_Privilege
Anne
On 11-04-13 10:42 AM, Anne Wilson wrote:
On Wednesday 13 April 2011 18:01:30 Kilian wrote:
On 04/13/2011 06:57 PM, Hiram Clawson wrote:
The spam is getting really tiresome. I turned on ConfirmAccount and the spammers continue to ask for accounts even through that mechanism. It is a real pain...
Read this: http://www.mediawiki.org/wiki/Manual:Combating_spam
http://www.mediawiki.org/wiki/Extension:ConfirmEdit works well for me, with the QuestyCaptcha CAPTCHA type.
What I'd really like to see is the ability to say that you can't make any edits until you have been registered for a period of time, unless you are a member of a higher group. I doubt if the spammers would bother creating an account and coming back to post their spam three months later. I haven't seen anyone suggest that it actually is possible, though.
Anne
^_^ That would be our autoconfirmed feature... and guess what, spambots that know how to register, wait for the autoconfirmed time to elapse, and then come back, already exist. There are also ones that know how to confirm their own e-mail. And ones that know how to upload images.
~Daniel Friesen (Dantman, Nadir-Seen-Fire) [http://daniel.friesen.name]
On Wednesday 13 April 2011 22:29:35 Daniel Friesen wrote:
On 11-04-13 10:42 AM, Anne Wilson wrote:
On Wednesday 13 April 2011 18:01:30 Kilian wrote:
On 04/13/2011 06:57 PM, Hiram Clawson wrote:
The spam is getting really tiresome. I turned on ConfirmAccount and the spammers continue to ask for accounts even through that mechanism. It is a real pain...
Read this: http://www.mediawiki.org/wiki/Manual:Combating_spam
http://www.mediawiki.org/wiki/Extension:ConfirmEdit works well for me, with the QuestyCaptcha CAPTCHA type.
What I'd really like to see is the ability to say that you can't make any edits until you have been registered for a period of time, unless you are a member of a higher group. I doubt if the spammers would bother creating an account and coming back to post their spam three months later. I haven't seen anyone suggest that it actually is possible, though.
Anne
^_^ That would be our autoconfirmed feature... and guess what, spambots that know how to register, wait for the autoconfirmed time to elapse, and then come back, already exist. There are also ones that know how to confirm their own e-mail. And ones that know how to upload images.
~Daniel Friesen (Dantman, Nadir-Seen-Fire) [http://daniel.friesen.name]
Our sysadmin appears to be of the same opinion. That's sad. I had hoped that autoconfirm with a delay of only one day would be fine, especially if we blogged about contacting us on IRC to speed it up when necessary.
I don't know if others have the same experience, but I'm finding that usually the new user is registered, the page and its image posted, all within a minute. That seems very fast for a user, even if the text was already prepared. It was the fact that it happens instantaneously that made me think that some sort of delay may be useful.
How do the spambots know what delay is set? (You'll realise that the technical side of this is not my expertise :-) )
Anne
Personally I'm of the opinion that if the spambot can defeat the captcha then practically any other type of hurdle you through at them that doesn't require human intervention is pointless.
As of now the only type of captcha that appears to work %100 is questycaptcha unless ReCaptcha has been fixed.
--- On Thu, 4/14/11, Kilian drehbuehne@texttheater.net wrote:
From: Kilian drehbuehne@texttheater.net Subject: Re: [Mediawiki-l] spam, spam, spam, and spam To: mediawiki-l@lists.wikimedia.org Date: Thursday, April 14, 2011, 6:33 AM On 04/14/2011 01:28 PM, Anne Wilson wrote:
How do the spambots know what delay is set?
They probably try periodically.
-Kilian
MediaWiki-l mailing list MediaWiki-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
On Fri, Apr 15, 2011 at 12:09 PM, 2007@gmaskfx.com 2007@gmaskfx.com wrote:
As of now the only type of captcha that appears to work %100 is questycaptcha unless ReCaptcha has been fixed.
FancyCaptcha still seems to stop almost all spam.
On Thu, Apr 14, 2011 at 13:28, Anne Wilson annew@kde.org wrote:
^_^ That would be our autoconfirmed feature... and guess what, spambots that know how to register, wait for the autoconfirmed time to elapse, and then come back, already exist. There are also ones that know how to confirm their own e-mail. And ones that know how to upload images.
Our sysadmin appears to be of the same opinion. That's sad. I had hoped that autoconfirm with a delay of only one day would be fine, especially if we blogged about contacting us on IRC to speed it up when necessary.
It might still be worth a try; even if it does not stop all spam, it could well stop a significant amount. You'd have to evaluate whether the amount of spam stopped is worth the extra inconvenience it'd cause for new genuine users, though.
On Thu, Apr 14, 2011 at 7:08 AM, Schneelocke schneelocke@gmail.com wrote:
On Thu, Apr 14, 2011 at 13:28, Anne Wilson annew@kde.org wrote:
^_^ That would be our autoconfirmed feature... and guess what, spambots that know how to register, wait for the autoconfirmed time to elapse, and then come back, already exist. There are also ones that know how to confirm their own e-mail. And ones that know how to upload images.
Our sysadmin appears to be of the same opinion. That's sad. I had hoped that autoconfirm with a delay of only one day would be fine, especially if we blogged about contacting us on IRC to speed it up when necessary.
It might still be worth a try; even if it does not stop all spam, it could well stop a significant amount. You'd have to evaluate whether the amount of spam stopped is worth the extra inconvenience it'd cause for new genuine users, though.
Or you could use the suggested QuestyCaptcha or MatchCaptcha. I haven't had any spam after switching from recaptcha.
On 11-04-14 04:28 AM, Anne Wilson wrote:
On Wednesday 13 April 2011 22:29:35 Daniel Friesen wrote:
On 11-04-13 10:42 AM, Anne Wilson wrote:
On Wednesday 13 April 2011 18:01:30 Kilian wrote:
On 04/13/2011 06:57 PM, Hiram Clawson wrote:
The spam is getting really tiresome. I turned on ConfirmAccount and the spammers continue to ask for accounts even through that mechanism. It is a real pain...
Read this: http://www.mediawiki.org/wiki/Manual:Combating_spam
http://www.mediawiki.org/wiki/Extension:ConfirmEdit works well for me, with the QuestyCaptcha CAPTCHA type.
What I'd really like to see is the ability to say that you can't make any edits until you have been registered for a period of time, unless you are a member of a higher group. I doubt if the spammers would bother creating an account and coming back to post their spam three months later. I haven't seen anyone suggest that it actually is possible, though.
Anne
^_^ That would be our autoconfirmed feature... and guess what, spambots that know how to register, wait for the autoconfirmed time to elapse, and then come back, already exist. There are also ones that know how to confirm their own e-mail. And ones that know how to upload images.
~Daniel Friesen (Dantmn, Nadir-Seen-Fire) [http://daniel.friesen.name]
Our sysadmin appears to be of the same opinion. That's sad. I had hoped that autoconfirm with a delay of only one day would be fine, especially if we blogged about contacting us on IRC to speed it up when necessary.
I don't know if others have the same experience, but I'm finding that usually the new user is registered, the page and its image posted, all within a minute. That seems very fast for a user, even if the text was already prepared. It was the fact that it happens instantaneously that made me think that some sort of delay may be useful.
I use an AbuseFilter rule to prevent most of the instantaneous spam. http://wiki.commonjs.org/wiki/Special:AbuseFilter/1 Be wary though that I use it on a registered-only wiki where it can take at least 18s for a human who was logged in, logged out in another tab, created an account, went through the captcha, and then saved twice in the other tab (for the session warning) to create a new article as a brand new user. This filter will NOT work right on a anon editable wiki.
How do the spambots know what delay is set? (You'll realise that the technical side of this is not my expertise :-) )
The ones I see just wait a fixed period of time as a guess.
Anne
~Daniel Friesen (Dantman, Nadir-Seen-Fire) [http://daniel.friesen.name]
mediawiki-l@lists.wikimedia.org