PESWiki.com has been hit with an automated spam attack that circumvents 1) requirement that edits be done only by logged-in users 2) spamblock script that was installed.
It seems to target non-populated pages, such as talk pages and category pages and not-yet-built page links, and posts spam links from them.
It logs in as one user, then after a few hours, logs in as another user, and hits the same pages again.
So far today, I've been hit by three users.
It is not a mission critical attack inasmuch as the pages it is hitting are not high traffic pages, and it doesn't remove content, it only appends its spam links at the end.
Any ideas?
Sterling
We've been attacked too - It also adds a long list of links to http://buy-ativan.fil.ph lower on the page.
we had:
$wgSpamRegex="/overflow:auto/";
in LocalSettings.php
but an extra space has been added after the ...overflow: auto....
so now we have both $wgSpamRegex="/overflow:auto/"; $wgSpamRegex="/overflow: auto/";
hope that helps
Paul
On 12/12/05, Sterling D. Allan sterlingda@pureenergysystems.com wrote:
PESWiki.com has been hit with an automated spam attack that circumvents
- requirement that edits be done only by logged-in users
- spamblock script that was installed.
It seems to target non-populated pages, such as talk pages and category pages and not-yet-built page links, and posts spam links from them.
It logs in as one user, then after a few hours, logs in as another user, and hits the same pages again.
So far today, I've been hit by three users.
It is not a mission critical attack inasmuch as the pages it is hitting are not high traffic pages, and it doesn't remove content, it only appends its spam links at the end.
Any ideas?
Sterling _______________________________________________ MediaWiki-l mailing list MediaWiki-l@Wikimedia.org http://mail.wikipedia.org/mailman/listinfo/mediawiki-l
-- Yellowikis is to Yellow Pages, as Wikipedia is to The Encyclopedia Britannica
On 12/12/05, admin Yellowikis yellowikis@gmail.com wrote:
We've been attacked too - It also adds a long list of links to http://buy-ativan.fil.ph lower on the page.
we had:
$wgSpamRegex="/overflow:auto/";
in LocalSettings.php
but an extra space has been added after the ...overflow: auto....
so now we have both $wgSpamRegex="/overflow:auto/"; $wgSpamRegex="/overflow: auto/";
Of course since $wgSpamRegex is a scalar, only the second value will be in effect, overwriting the first.
I think that something like $wgSpamRegex="/overflow:\s*auto/
would work. The \s* matches zero or more whitespace characters. This might be slightly off since I'm not completely up on php regex pattern syntax. -- Rick DeNatale
Visit the Project Mercury Wiki Site http://www.mercuryspacecraft.com/
Thanks Rick.
On 12/12/05, Rick DeNatale rick.denatale@gmail.com wrote:
On 12/12/05, admin Yellowikis yellowikis@gmail.com wrote:
We've been attacked too - It also adds a long list of links to http://buy-ativan.fil.ph lower on the page.
we had:
$wgSpamRegex="/overflow:auto/";
in LocalSettings.php
but an extra space has been added after the ...overflow: auto....
so now we have both $wgSpamRegex="/overflow:auto/"; $wgSpamRegex="/overflow: auto/";
Of course since $wgSpamRegex is a scalar, only the second value will be in effect, overwriting the first.
I think that something like $wgSpamRegex="/overflow:\s*auto/
would work. The \s* matches zero or more whitespace characters. This might be slightly off since I'm not completely up on php regex pattern syntax. -- Rick DeNatale
Visit the Project Mercury Wiki Site http://www.mercuryspacecraft.com/ _______________________________________________ MediaWiki-l mailing list MediaWiki-l@Wikimedia.org http://mail.wikipedia.org/mailman/listinfo/mediawiki-l
-- Yellowikis is to Yellow Pages, as Wikipedia is to The Encyclopedia Britannica
$wgSpamRegex="/overflow:\s*auto/";
Works fine.
Paul
On 12/12/05, admin Yellowikis yellowikis@gmail.com wrote:
Thanks Rick.
On 12/12/05, Rick DeNatale rick.denatale@gmail.com wrote:
On 12/12/05, admin Yellowikis yellowikis@gmail.com wrote:
We've been attacked too - It also adds a long list of links to http://buy-ativan.fil.ph lower on the page.
we had:
$wgSpamRegex="/overflow:auto/";
in LocalSettings.php
but an extra space has been added after the ...overflow: auto....
so now we have both $wgSpamRegex="/overflow:auto/"; $wgSpamRegex="/overflow: auto/";
Of course since $wgSpamRegex is a scalar, only the second value will be in effect, overwriting the first.
I think that something like $wgSpamRegex="/overflow:\s*auto/
would work. The \s* matches zero or more whitespace characters. This might be slightly off since I'm not completely up on php regex pattern syntax. -- Rick DeNatale
Visit the Project Mercury Wiki Site http://www.mercuryspacecraft.com/ _______________________________________________ MediaWiki-l mailing list MediaWiki-l@Wikimedia.org http://mail.wikipedia.org/mailman/listinfo/mediawiki-l
-- Yellowikis is to Yellow Pages, as Wikipedia is to The Encyclopedia Britannica
-- Yellowikis is to Yellow Pages, as Wikipedia is to The Encyclopedia Britannica
Does this mean that to stop the spam attacks I just have to add this line or is there some other things that have to be done as well?
Laurie
-----Original Message----- From: mediawiki-l-bounces@Wikimedia.org [mailto:mediawiki-l-bounces@Wikimedia.org] On Behalf Of admin Yellowikis Sent: Tuesday, 13 December 2005 12:04 AM To: MediaWiki announcements and site admin list Subject: Re: [Mediawiki-l] boards2go spam attack
$wgSpamRegex="/overflow:\s*auto/";
Works fine.
Paul
On 12/12/05, admin Yellowikis yellowikis@gmail.com wrote:
Thanks Rick.
On 12/12/05, Rick DeNatale rick.denatale@gmail.com wrote:
On 12/12/05, admin Yellowikis yellowikis@gmail.com wrote:
We've been attacked too - It also adds a long list of links to http://buy-ativan.fil.ph lower on the page.
we had:
$wgSpamRegex="/overflow:auto/";
in LocalSettings.php
but an extra space has been added after the ...overflow: auto....
so now we have both $wgSpamRegex="/overflow:auto/"; $wgSpamRegex="/overflow: auto/";
Of course since $wgSpamRegex is a scalar, only the second value will be in effect, overwriting the first.
I think that something like $wgSpamRegex="/overflow:\s*auto/
would work. The \s* matches zero or more whitespace characters.
This
might be slightly off since I'm not completely up on php regex
pattern
syntax.
Rick DeNatale
Visit the Project Mercury Wiki Site http://www.mercuryspacecraft.com/ _______________________________________________ MediaWiki-l mailing list MediaWiki-l@Wikimedia.org http://mail.wikipedia.org/mailman/listinfo/mediawiki-l
-- Yellowikis is to Yellow Pages, as Wikipedia is to The Encyclopedia
Britannica
-- Yellowikis is to Yellow Pages, as Wikipedia is to The Encyclopedia Britannica _______________________________________________ MediaWiki-l mailing list MediaWiki-l@Wikimedia.org http://mail.wikipedia.org/mailman/listinfo/mediawiki-l
It will help combat that particular spam attack, but it won't stop all of them from all sources. Most wiki owners have to weigh up the various options available to them in combating spam and spambots. One option some take is to cripple editing for anonymous users, for instance.
At the end of the day, what you do depends very much on how much you can "get away with" without compromising the goal you set out to reach with your wiki.
Rob Church
On 13/12/05, Laurie Lewis ldlewis@swiftdsl.com.au wrote:
Does this mean that to stop the spam attacks I just have to add this line or is there some other things that have to be done as well?
Laurie
-----Original Message----- From: mediawiki-l-bounces@Wikimedia.org [mailto:mediawiki-l-bounces@Wikimedia.org] On Behalf Of admin Yellowikis Sent: Tuesday, 13 December 2005 12:04 AM To: MediaWiki announcements and site admin list Subject: Re: [Mediawiki-l] boards2go spam attack
$wgSpamRegex="/overflow:\s*auto/";
Works fine.
Paul
On 12/12/05, admin Yellowikis yellowikis@gmail.com wrote:
Thanks Rick.
On 12/12/05, Rick DeNatale rick.denatale@gmail.com wrote:
On 12/12/05, admin Yellowikis yellowikis@gmail.com wrote:
We've been attacked too - It also adds a long list of links to http://buy-ativan.fil.ph lower on the page.
we had:
$wgSpamRegex="/overflow:auto/";
in LocalSettings.php
but an extra space has been added after the ...overflow: auto....
so now we have both $wgSpamRegex="/overflow:auto/"; $wgSpamRegex="/overflow: auto/";
Of course since $wgSpamRegex is a scalar, only the second value will be in effect, overwriting the first.
I think that something like $wgSpamRegex="/overflow:\s*auto/
would work. The \s* matches zero or more whitespace characters.
This
might be slightly off since I'm not completely up on php regex
pattern
syntax.
Rick DeNatale
Visit the Project Mercury Wiki Site http://www.mercuryspacecraft.com/ _______________________________________________ MediaWiki-l mailing list MediaWiki-l@Wikimedia.org http://mail.wikipedia.org/mailman/listinfo/mediawiki-l
-- Yellowikis is to Yellow Pages, as Wikipedia is to The Encyclopedia
Britannica
-- Yellowikis is to Yellow Pages, as Wikipedia is to The Encyclopedia Britannica _______________________________________________ MediaWiki-l mailing list MediaWiki-l@Wikimedia.org http://mail.wikipedia.org/mailman/listinfo/mediawiki-l
MediaWiki-l mailing list MediaWiki-l@Wikimedia.org http://mail.wikipedia.org/mailman/listinfo/mediawiki-l
If you install the spamBlacklist extension it indicates that you should put the following code into youe LocalSettings.php
require_once( "$IP/extensions/SpamBlacklist/SpamBlacklist.php" ); $wgSpamBlacklistFiles = array( "$IP/extensions/SpamBlacklist/wikimedia_blacklist", // Wikimedia's list
// database title "DB: wikidb My_spam_blacklist", );
My question is if you have multiple wiki's using a shared database but using language prefixes eg en_ How do you fill in the database section above.
Laurie
-----Original Message----- From: mediawiki-l-bounces@Wikimedia.org [mailto:mediawiki-l-bounces@Wikimedia.org] On Behalf Of Rob Church Sent: Tuesday, 13 December 2005 11:33 PM To: MediaWiki announcements and site admin list Subject: Re: [Mediawiki-l] boards2go spam attack
It will help combat that particular spam attack, but it won't stop all of them from all sources. Most wiki owners have to weigh up the various options available to them in combating spam and spambots. One option some take is to cripple editing for anonymous users, for instance.
At the end of the day, what you do depends very much on how much you can "get away with" without compromising the goal you set out to reach with your wiki.
Rob Church
On 13/12/05, Laurie Lewis ldlewis@swiftdsl.com.au wrote:
Does this mean that to stop the spam attacks I just have to add this line or is there some other things that have to be done as well?
Laurie
-----Original Message----- From: mediawiki-l-bounces@Wikimedia.org [mailto:mediawiki-l-bounces@Wikimedia.org] On Behalf Of admin
Yellowikis
Sent: Tuesday, 13 December 2005 12:04 AM To: MediaWiki announcements and site admin list Subject: Re: [Mediawiki-l] boards2go spam attack
$wgSpamRegex="/overflow:\s*auto/";
Works fine.
Paul
On 12/12/05, admin Yellowikis yellowikis@gmail.com wrote:
Thanks Rick.
On 12/12/05, Rick DeNatale rick.denatale@gmail.com wrote:
On 12/12/05, admin Yellowikis yellowikis@gmail.com wrote:
We've been attacked too - It also adds a long list of links to http://buy-ativan.fil.ph lower on the page.
we had:
$wgSpamRegex="/overflow:auto/";
in LocalSettings.php
but an extra space has been added after the ...overflow:
auto....
so now we have both $wgSpamRegex="/overflow:auto/"; $wgSpamRegex="/overflow: auto/";
Of course since $wgSpamRegex is a scalar, only the second value
will
be in effect, overwriting the first.
I think that something like $wgSpamRegex="/overflow:\s*auto/
would work. The \s* matches zero or more whitespace characters.
This
might be slightly off since I'm not completely up on php regex
pattern
syntax.
Rick DeNatale
Visit the Project Mercury Wiki Site http://www.mercuryspacecraft.com/ _______________________________________________ MediaWiki-l mailing list MediaWiki-l@Wikimedia.org http://mail.wikipedia.org/mailman/listinfo/mediawiki-l
-- Yellowikis is to Yellow Pages, as Wikipedia is to The Encyclopedia
Britannica
-- Yellowikis is to Yellow Pages, as Wikipedia is to The Encyclopedia Britannica _______________________________________________ MediaWiki-l mailing list MediaWiki-l@Wikimedia.org http://mail.wikipedia.org/mailman/listinfo/mediawiki-l
MediaWiki-l mailing list MediaWiki-l@Wikimedia.org http://mail.wikipedia.org/mailman/listinfo/mediawiki-l
_______________________________________________ MediaWiki-l mailing list MediaWiki-l@Wikimedia.org http://mail.wikipedia.org/mailman/listinfo/mediawiki-l
Hi,
once I set
$wgSpamRegex="/<div/";
I had no more automated spam attacks. This blocks users from entering '<div', which might be bad, but I had no complaints yet.
Patrick
Is there any way to block both '<div' and 'overflow:\s*auto'?
We've been getting inundated with both.
On Dec 13, 2005, at 9:31 AM, Patrick Gundlach wrote:
Hi,
once I set
$wgSpamRegex="/<div/";
I had no more automated spam attacks. This blocks users from entering '<div', which might be bad, but I had no complaints yet.
Patrick _______________________________________________ MediaWiki-l mailing list MediaWiki-l@Wikimedia.org http://mail.wikipedia.org/mailman/listinfo/mediawiki-l
Tor Kinlok wrote:
Is there any way to block both '<div' and 'overflow:\s*auto'?
We've been getting inundated with both.
$wgSpamRegex="/(<div|overflow:[ \t\n]*auto)/";
or did you mean:
$wgSpamRegex="/<div([^>]|[^\]\>)*overflow:[ \t\n]*auto)/";
On Dec 13, 2005, at 9:31 AM, Patrick Gundlach wrote:
Hi,
once I set
$wgSpamRegex="/<div/";
I had no more automated spam attacks. This blocks users from entering '<div', which might be bad, but I had no complaints yet.
Patrick _______________________________________________ MediaWiki-l mailing list MediaWiki-l@Wikimedia.org http://mail.wikipedia.org/mailman/listinfo/mediawiki-l
MediaWiki-l mailing list MediaWiki-l@Wikimedia.org http://mail.wikipedia.org/mailman/listinfo/mediawiki-l
I prefer not to disable <div>
So far, by adding
$wgSpamRegex="/overflow:auto/"; $wgSpamRegex="/overflow: auto/"; $wgSpamRegex="/overflow:\s*auto/";
in my LocalSettings.php, the spam attacks have not persisted, at least not this particular brand.
Sterling http://peswiki.com
----- Original Message ----- From: "Aron Rubin" arubin@atl.lmco.com To: "MediaWiki announcements and site admin list" mediawiki-l@Wikimedia.org Sent: Tuesday, December 13, 2005 11:39 AM Subject: Re: [Mediawiki-l] Re: boards2go spam attack
Tor Kinlok wrote:
Is there any way to block both '<div' and 'overflow:\s*auto'?
We've been getting inundated with both.
$wgSpamRegex="/(<div|overflow:[ \t\n]*auto)/";
or did you mean:
$wgSpamRegex="/<div([^>]|[^\]\>)*overflow:[ \t\n]*auto)/";
On Dec 13, 2005, at 9:31 AM, Patrick Gundlach wrote:
Hi,
once I set
$wgSpamRegex="/<div/";
I had no more automated spam attacks. This blocks users from entering '<div', which might be bad, but I had no complaints yet.
Patrick _______________________________________________ MediaWiki-l mailing list MediaWiki-l@Wikimedia.org http://mail.wikipedia.org/mailman/listinfo/mediawiki-l
MediaWiki-l mailing list MediaWiki-l@Wikimedia.org http://mail.wikipedia.org/mailman/listinfo/mediawiki-l
_______________________________________________ MediaWiki-l mailing list MediaWiki-l@Wikimedia.org http://mail.wikipedia.org/mailman/listinfo/mediawiki-l
Tor Kinlok wrote:
Is there any way to block both '<div' and 'overflow:\s*auto'?
We've been getting inundated with both.
oops, lets try again
$wgSpamRegex="/(<div|overflow:[ \t\n]*auto)/";
or did you mean:
$wgSpamRegex="/<div(([^>]|[^\]\>)+overflow:[ \t\n]*auto)+/";
mediawiki-l@lists.wikimedia.org