Greetings,
As of a few months ago, I've been getting spam pages generated on my wiki. I upgraded to the latest mediawiki release and I added recaptcha to login and anonymous edit, but spam accounts and pages are still being created. I added debug output to the recaptcha extension to show me when it accepts or denies input, but it seems it isn't even getting called when the spam accounts are being created. Is there a known security hole with recaptcha and the latest mediawiki version? An log example is below (with a couple modifications for privacy).
Thanks, Sol
POST /wiki/index.php?title=Special:UserLogin&action=submitlogin&type=signup HTTP HEADERS: ACCEPT: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 ACCEPT_ENCODING: gzip CONNECTION: keep-alive COOKIE: wikidb_algowiki__session=c6622d43e60d6161f4d071925be118db COOKIE2: $Version="1" HOST: algowiki.net REFERER: http://algowiki.net/wiki/index.php?title=Special:UserLogin&type=signup USER_AGENT: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.10) Gecko/20100914 Firefox/3.6.10 [...] DatabaseBase::query: Writes done: INSERT INTO `algowiki_user` (user_id,user_name,user_password,user_newpassword,user_newpass_time,user_email,user_email_authenticated,user_real_name,user_options,user_token,user_registration,user_editcount) VALUES (NULL,'MaryannCarney','','','20110307115456','',NULL,'','','09f0f00ac09383bde1de0721eeaf2cd4','20110307115456','0') Loading options for user 197 from database. setcookie: "wikidb_algowiki_UserID", "197", "1302090896", "/", "", "", "1" setcookie: "wikidb_algowiki_UserName", "MaryannCarney", "1302090896", "/", "", "", "1" setcookie: "wikidb_algowiki_Token", "", "1299412496", "/", "", "", "1"
On Mon, Mar 7, 2011 at 10:27 AM, Sol Invictus solinvic@gmail.com wrote:
Greetings,
As of a few months ago, I've been getting spam pages generated on my wiki. I upgraded to the latest mediawiki release and I added recaptcha to login and anonymous edit, but spam accounts and pages are still being created. I added debug output to the recaptcha extension to show me when it accepts or denies input, but it seems it isn't even getting called when the spam accounts are being created. Is there a known security hole with recaptcha and the latest mediawiki version? An log example is below (with a couple modifications for privacy).
Switching to MathCaptcha has pretty much solved my problem for now.
Switching to Questycaptcha solved my spambot problem completely... a question as simple as what this website about did the trick.
--- On Mon, 3/7/11, Sol Invictus solinvic@gmail.com wrote:
From: Sol Invictus solinvic@gmail.com Subject: [Mediawiki-l] Spam account creation, circumventing recaptcha To: mediawiki-l@lists.wikimedia.org Date: Monday, March 7, 2011, 10:27 AM Greetings,
As of a few months ago, I've been getting spam pages generated on my wiki. I upgraded to the latest mediawiki release and I added recaptcha to login and anonymous edit, but spam accounts and pages are still being created. I added debug output to the recaptcha extension to show me when it accepts or denies input, but it seems it isn't even getting called when the spam accounts are being created. Is there a known security hole with recaptcha and the latest mediawiki version? An log example is below (with a couple modifications for privacy).
Thanks, Sol
POST /wiki/index.php?title=Special:UserLogin&action=submitlogin&type=signup HTTP HEADERS: ACCEPT: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 ACCEPT_ENCODING: gzip CONNECTION: keep-alive COOKIE: wikidb_algowiki__session=c6622d43e60d6161f4d071925be118db COOKIE2: $Version="1" HOST: algowiki.net REFERER: http://algowiki.net/wiki/index.php?title=Special:UserLogin&type=signup USER_AGENT: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.10) Gecko/20100914 Firefox/3.6.10 [...] DatabaseBase::query: Writes done: INSERT INTO `algowiki_user` (user_id,user_name,user_password,user_newpassword,user_newpass_time,user_email,user_email_authenticated,user_real_name,user_options,user_token,user_registration,user_editcount) VALUES (NULL,'MaryannCarney','','','20110307115456','',NULL,'','','09f0f00ac09383bde1de0721eeaf2cd4','20110307115456','0') Loading options for user 197 from database. setcookie: "wikidb_algowiki_UserID", "197", "1302090896", "/", "", "", "1" setcookie: "wikidb_algowiki_UserName", "MaryannCarney", "1302090896", "/", "", "", "1" setcookie: "wikidb_algowiki_Token", "", "1299412496", "/", "", "", "1"
MediaWiki-l mailing list MediaWiki-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
Sol Invictus wrote:
Greetings,
As of a few months ago, I've been getting spam pages generated on my wiki. I upgraded to the latest mediawiki release and I added recaptcha to login and anonymous edit, but spam accounts and pages are still being created. I added debug output to the recaptcha extension to show me when it accepts or denies input, but it seems it isn't even getting called when the spam accounts are being created. Is there a known security hole with recaptcha and the latest mediawiki version? An log example is below (with a couple modifications for privacy).
Thanks, Sol
There is probably some weakness inside recaptcha plugin (or they simply broke recaptcha), as I have seen other wikis heavily spammed albeit using recaptcha.
On Mon, Mar 7, 2011 at 6:01 PM, Platonides Platonides@gmail.com wrote:
There is probably some weakness inside recaptcha plugin (or they simply broke recaptcha), as I have seen other wikis heavily spammed albeit using recaptcha.
Back at the beginning of Jan all my sites that use reCaptcha started getting lots of spam so it's not limited to mediawiki.
I'll try to take a look at the extension's code tonight to see if I can find it... was hoping someone had already identified the problem.
On Mon, Mar 7, 2011 at 5:03 PM, OQ overlordq@gmail.com wrote:
On Mon, Mar 7, 2011 at 6:01 PM, Platonides Platonides@gmail.com wrote:
There is probably some weakness inside recaptcha plugin (or they simply broke recaptcha), as I have seen other wikis heavily spammed albeit using recaptcha.
Back at the beginning of Jan all my sites that use reCaptcha started getting lots of spam so it's not limited to mediawiki.
MediaWiki-l mailing list MediaWiki-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
Well, my log output shows the spam bots are entering valid responses. I have to assume that recaptcha has simply been broken, either legitimately or through response poisoning... guess I'll switch to another captcha type.
On Mon, Mar 7, 2011 at 5:06 PM, Sol Invictus solinvic@gmail.com wrote:
I'll try to take a look at the extension's code tonight to see if I can find it... was hoping someone had already identified the problem.
On Mon, Mar 7, 2011 at 5:03 PM, OQ overlordq@gmail.com wrote:
On Mon, Mar 7, 2011 at 6:01 PM, Platonides Platonides@gmail.com wrote:
There is probably some weakness inside recaptcha plugin (or they simply broke recaptcha), as I have seen other wikis heavily spammed albeit using recaptcha.
Back at the beginning of Jan all my sites that use reCaptcha started getting lots of spam so it's not limited to mediawiki.
MediaWiki-l mailing list MediaWiki-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
I have captcha on, plus a user needs to validate their email address to acquire edit privls, and the spam just keeps coming. It appears to be an army of hired hands paid to insert links for black hat spoofing of google rankings. Do these guys get put on the black listing ? Maybe I should turn on the black listing extension.
--Hiram
mediawiki-l@lists.wikimedia.org