Having trouble with bots placing gibberish on our site. I first want to understand the why?
It could be :
* They testing or trying to get setup to spam search engine indexes? * They are measuring the time to rollback? * Spy code words - pass information anonymously without traceability? * Want to destroy search engine ranking? * ??
Anyone have a clear understanding of this?
---------------------------------------------------------------- Karl Schmidt EMail Karl@xtronics.com Transtronics, Inc. WEB http://xtronics.com 3209 West 9th Street Ph (785) 841-3089 Lawrence, KS 66049 FAX (785) 841-0434
99% of lawyers give the rest a bad name. ----------------------------------------------------------------
On 10/28/07, Karl Schmidt karl@xtronics.com wrote:
Having trouble with bots placing gibberish on our site. I first want to understand the why?
It could be :
- They testing or trying to get setup to spam search engine indexes?
- They are measuring the time to rollback?
- Spy code words - pass information anonymously without traceability?
- Want to destroy search engine ranking?
- ??
Anyone have a clear understanding of this?
As near as I can tell, these bots (I would call them vandalbots) are simply out to maliciously damage wikis, much as crackers sift through sites running old versions of phpBB and deface them. There doesn't have to be a profit motive—my luck has been no better than yours in finding one (the vandalbots I've encountered have behaved similarly, so there may well be a single person, or at least a single script, behind them; good luck tracking him/it down).
In terms of actually dealing with vandalbots, your options are kind of limited: The spam blacklist extension won't help you (unless the bots are inserting foreign characters or somesuch), and if the bots aren't adding links, you can't use the CAPTCHA's "trigger only on the addition of new URLs" feature. You could try to track the bot behavior and use one of those tools (or another one, like Bad Behavior < http://www.homelandstupidity.us/software/bad-behavior/installing-and-using-b..., though I don't know how well it would work here). Or, if you don't mind sacrificing a bit of accessibility, you can just set the CAPTCHA to trigger on unregistered users' edits and registration attempts.
Emufarmers Sangly wrote:
As near as I can tell, these bots (I would call them vandalbots) are simply out to maliciously damage wikis, much as crackers sift through sites running old versions of phpBB and deface them. There doesn't have to be a profit motive
Never attribute to greed that which can be explained by psychopathy.
Or, if you don't mind sacrificing a bit of accessibility, you can just set the CAPTCHA to trigger on unregistered users' edits and registration attempts.
I've had good luck doing this with reCaptcha. It eliminated (so far) all user-creation bots and valdalbots.
Mike
El dl 29 de 10 del 2007 a les 01:40 -0400, en/na Michael Daly va escriure:
Or, if you don't mind sacrificing a bit of accessibility, you can just set the CAPTCHA to trigger on unregistered users' edits and registration attempts.
I've had good luck doing this with reCaptcha. It eliminated (so far) all user-creation bots and valdalbots.
I'm using reCaptcha too.
Look at: http://www.mediawiki.org/wiki/Extension:ReCAPTCHA http://recaptcha.net/plugins/mediawiki/
dvdgmz.
On 10/29/07, Michael Daly michael_daly@kayakwiki.org wrote:
Emufarmers Sangly wrote:
Or, if you don't mind sacrificing a bit of accessibility, you can just set the CAPTCHA to
trigger
on unregistered users' edits and registration attempts.
I've had good luck doing this with reCaptcha. It eliminated (so far) all user-creation bots and valdalbots.
I've used ReCAPTCHA, but I'm not sure how much better it is on the accessibility front: Doesn't it require JavaScript? I'm also not sure how I feel about the CAPTCAHs being centrally-stored: Part of the protectiveness of CAPTCHAs comes in their being relatively unique to each site, so that it isn't worthwhile to break them. Centralizing things removes that security by obscurity protection. Of course, it also means that if the CAPTCHA is broken, a centralized group can improve it, but if you're the kind of person who distrusts centralized Web authorities, ReCAPTCHA might be a problem.
Between you, me, and the mailing list, I just use FancyCaptcha whenever I can. I find it more lightweight. I haven't had any bots get past it either, so any CAPTCHA's probably as good as any other for the average site (beyond the simple math CAPTCHA!).
On 10/29/07, Chuck chuck@mutualaid.org wrote:
MediaWiki could improve its anti-spam pages by creating a new page that lists the kind of attacks that MediaWiki administrators are running into.
I had hoped that this fix would also stop the spambot which is creating dummy user accounts with fake Russian email addresses. I stopped the gibberish, but not the fake Russian accounts.
You could always start a page on MediaWiki.org for this. (Look at < http://meta.wikimedia.org/wiki/Anti-spam_features%3E, < http://www.mediawiki.org/wiki/Manual:Combating_spam%3E, < http://meta.wikimedia.org/wiki/Wiki_spam%3E.)
Emufarmers Sangly wrote:
On 10/28/07, Karl Schmidt karl@xtronics.com wrote:
Having trouble with bots placing gibberish on our site. I first want to understand the why?
It could be :
- They testing or trying to get setup to spam search engine indexes?
- They are measuring the time to rollback?
- Spy code words - pass information anonymously without traceability?
- Want to destroy search engine ranking?
- ??
Anyone have a clear understanding of this?
As near as I can tell, these bots (I would call them vandalbots) are simply out to maliciously damage wikis,
I'm not sure I agree - the defacement comes regularly from a wide range of IP - I would assume a bot net. The defacement often has the same words. I could see this as a way of passing code words by foreign agents - much to much trouble just for true vandalism. I suppose the NSA would know about it in that case. By splattering the messages across a large number of wikis there would be no meaningful IP trail to the recipient.
A CAPTCHA has stopped it for now...
---------------------------------------------------------------- Karl Schmidt EMail Karl@xtronics.com Transtronics, Inc. WEB http://xtronics.com 3209 West 9th Street Ph (785) 841-3089 Lawrence, KS 66049 FAX (785) 841-0434
True wisdom is knowing what we don't know; True maturity is being comfortable with the idea of not knowing. -KPS
----------------------------------------------------------------
I have been having the same problem (random gibberish edits) on my teampedia.net for the past few weeks. I am already using ConfirmEdit, but only have the default setting enabled (thus no captcha for all edits).
I am considering two options: - Disabling anonymous edits (i.e. requiring users to register before editing/adding) - Changing it so the captchas trigger on any edit.
Any advice about which way to go?
Thanks, -Seth
On 10/30/07, Karl Schmidt karl@xtronics.com wrote:
Emufarmers Sangly wrote:
On 10/28/07, Karl Schmidt karl@xtronics.com wrote:
Having trouble with bots placing gibberish on our site. I first want to understand the why?
It could be :
- They testing or trying to get setup to spam search engine indexes?
- They are measuring the time to rollback?
- Spy code words - pass information anonymously without traceability?
- Want to destroy search engine ranking?
- ??
Anyone have a clear understanding of this?
As near as I can tell, these bots (I would call them vandalbots) are
simply
out to maliciously damage wikis,
I'm not sure I agree - the defacement comes regularly from a wide range of IP - I would assume a bot net. The defacement often has the same words. I could see this as a way of passing code words by foreign agents - much to much trouble just for true vandalism. I suppose the NSA would know about it in that case. By splattering the messages across a large number of wikis there would be no meaningful IP trail to the recipient.
A CAPTCHA has stopped it for now...
Karl Schmidt EMail Karl@xtronics.com Transtronics, Inc. WEB http://xtronics.com 3209 West 9th Street Ph (785) 841-3089 Lawrence, KS 66049 FAX (785) 841-0434
True wisdom is knowing what we don't know; True maturity is being comfortable with the idea of not knowing. -KPS
MediaWiki-l mailing list MediaWiki-l@lists.wikimedia.org http://lists.wikimedia.org/mailman/listinfo/mediawiki-l
On Nov 3, 2007 9:31 PM, Seth Marbin smarbin@gmail.com wrote:
I have been having the same problem (random gibberish edits) on my teampedia.net for the past few weeks. I am already using ConfirmEdit, but only have the default setting enabled (thus no captcha for all edits).
I am considering two options:
- Disabling anonymous edits (i.e. requiring users to register before
editing/adding)
- Changing it so the captchas trigger on any edit.
Any advice about which way to go?
The least obtrusive option would be a combination of the two: Enable the CAPTCHA for unregistered users' edits, and for registration attempts, but let logged-in users edit freely.
Thanks Emufarmers for the advice... I have still yet to implement, but just noticed something and wonder if others are seeing it too.
On my wiki the bot is not just inserting random gibberish words, it is also changing symbols to strange characters. For example as seen herehttp://www.teampedia.net/wiki/index.php?title=Captain%27s_Coming%21&diff=prev&oldid=2089 :
" (a quote symbol) becomes â (the letter a with an accent)
any other theories or solutions?
On Nov 3, 2007 8:31 PM, Emufarmers Sangly emufarmers@gmail.com wrote:
On Nov 3, 2007 9:31 PM, Seth Marbin smarbin@gmail.com wrote:
I have been having the same problem (random gibberish edits) on my teampedia.net for the past few weeks. I am already using ConfirmEdit, but only have the default setting
enabled
(thus no captcha for all edits).
I am considering two options:
- Disabling anonymous edits (i.e. requiring users to register before
editing/adding)
- Changing it so the captchas trigger on any edit.
Any advice about which way to go?
The least obtrusive option would be a combination of the two: Enable the CAPTCHA for unregistered users' edits, and for registration attempts, but let logged-in users edit freely.
-- Arr, ye emus, http://emufarmers.com _______________________________________________ MediaWiki-l mailing list MediaWiki-l@lists.wikimedia.org http://lists.wikimedia.org/mailman/listinfo/mediawiki-l
I've seen people try to maliciously substitute in Cyrillic characters that look identical to Latin ones, but this just looks like a mis-programmed bot. I have absolutely no idea what this could be trying to accomplish, but if you want to target it directly, you could probably black- or graylist those characters. Of course, that's moot if you set the CAPTCHA in the way I suggested.
On Nov 19, 2007 9:53 PM, Seth Marbin smarbin@gmail.com wrote:
Thanks Emufarmers for the advice... I have still yet to implement, but just noticed something and wonder if others are seeing it too.
On my wiki the bot is not just inserting random gibberish words, it is also changing symbols to strange characters. For example as seen here< http://www.teampedia.net/wiki/index.php?title=Captain%27s_Coming%21&diff...
:
" (a quote symbol) becomes â (the letter a with an accent)
any other theories or solutions?
On Nov 3, 2007 8:31 PM, Emufarmers Sangly emufarmers@gmail.com wrote:
On Nov 3, 2007 9:31 PM, Seth Marbin smarbin@gmail.com wrote:
I have been having the same problem (random gibberish edits) on my teampedia.net for the past few weeks. I am already using ConfirmEdit, but only have the default setting
enabled
(thus no captcha for all edits).
I am considering two options:
- Disabling anonymous edits (i.e. requiring users to register before
editing/adding)
- Changing it so the captchas trigger on any edit.
Any advice about which way to go?
The least obtrusive option would be a combination of the two: Enable the CAPTCHA for unregistered users' edits, and for registration attempts,
but
let logged-in users edit freely.
-- Arr, ye emus, http://emufarmers.com _______________________________________________ MediaWiki-l mailing list MediaWiki-l@lists.wikimedia.org http://lists.wikimedia.org/mailman/listinfo/mediawiki-l
MediaWiki-l mailing list MediaWiki-l@lists.wikimedia.org http://lists.wikimedia.org/mailman/listinfo/mediawiki-l
On 20/11/2007, Emufarmers Sangly emufarmers@gmail.com wrote:
I've seen people try to maliciously substitute in Cyrillic characters that look identical to Latin ones, but this just looks like a mis-programmed bot. I have absolutely no idea what this could be trying to accomplish, but if you want to target it directly, you could probably black- or graylist those characters. Of course, that's moot if you set the CAPTCHA in the way I suggested.
On Nov 19, 2007 9:53 PM, Seth Marbin smarbin@gmail.com wrote:
Thanks Emufarmers for the advice... I have still yet to implement, but just noticed something and wonder if others are seeing it too.
On my wiki the bot is not just inserting random gibberish words, it is also changing symbols to strange characters. For example as seen here< http://www.teampedia.net/wiki/index.php?title=Captain%27s_Coming%21&diff...
:
" (a quote symbol) becomes â (the letter a with an accent)
Yeah - it seems that the bot is reading in the whole page, into a string, sticking its 'calling card' at the front ;-), and then submitting the whole string back to the wiki, screwing up special characters as it goes. This is only annoying if you accidentally delete the spam word instead of undoing the whole edit.
any other theories or solutions?
On Nov 3, 2007 8:31 PM, Emufarmers Sangly emufarmers@gmail.com wrote:
On Nov 3, 2007 9:31 PM, Seth Marbin smarbin@gmail.com wrote:
I have been having the same problem (random gibberish edits) on my teampedia.net for the past few weeks. I am already using ConfirmEdit, but only have the default setting
enabled
(thus no captcha for all edits).
I am considering two options:
- Disabling anonymous edits (i.e. requiring users to register before
editing/adding)
- Changing it so the captchas trigger on any edit.
Any advice about which way to go?
The least obtrusive option would be a combination of the two: Enable the CAPTCHA for unregistered users' edits, and for registration attempts,
but
let logged-in users edit freely.
-- Arr, ye emus, http://emufarmers.com _______________________________________________ MediaWiki-l mailing list MediaWiki-l@lists.wikimedia.org http://lists.wikimedia.org/mailman/listinfo/mediawiki-l
MediaWiki-l mailing list MediaWiki-l@lists.wikimedia.org http://lists.wikimedia.org/mailman/listinfo/mediawiki-l
MediaWiki-l mailing list MediaWiki-l@lists.wikimedia.org http://lists.wikimedia.org/mailman/listinfo/mediawiki-l
Dan Bolser wrote:
On Nov 19, 2007 9:53 PM, Seth Marbin smarbin@gmail.com wrote:
Thanks Emufarmers for the advice... I have still yet to implement, but just noticed something and wonder if others are seeing it too.
On my wiki the bot is not just inserting random gibberish words, it is also changing symbols to strange characters. For example as seen here< http://www.teampedia.net/wiki/index.php?title=Captain%27s_Coming%21&diff... :
" (a quote symbol) becomes â (the letter a with an accent)
Yeah - it seems that the bot is reading in the whole page, into a string, sticking its 'calling card' at the front ;-), and then submitting the whole string back to the wiki, screwing up special characters as it goes. This is only annoying if you accidentally delete the spam word instead of undoing the whole edit.
Then you can block those stupid bots by rewuiring one of those strings they change at wpEditToken
There seems to be a new extension < http://www.mediawiki.org/wiki/Extension:CommentSpammer%3E that purports to deal with this. No idea whether it's actually as effective as it claims, but it does look to be non-invasive and specially targeted to this problem.
Why gibberish?
Hm.. gibberish bots are putting unique -- easily findable once indexed by search engines -- gibberish onto wiki's.
Maybe to phone home that, "Master, I'm alive and ready for work." while avoiding the security risk of actually phoning home.
Bot masters could then know such and such bot is ready for work or for rental or sale without ever being contacted directly.
Maybe that is why bots are marking wikis and forums with unique gibberish.
Just an idea based on what I see -- google this:
racrodr
If that was the unique twitter of your own bot spawn, wouldn't you be thrilled to find it alive and twittering? Your own bot, recorded in Google's index!
Twitter bots.
Roger :-)
On Nov 13, 2007 12:00 AM, Roger Chrisman roger@rogerchrisman.com wrote:
Why gibberish?
Hm.. gibberish bots are putting unique -- easily findable once indexed by search engines -- gibberish onto wiki's.
Maybe to phone home that, "Master, I'm alive and ready for work." while avoiding the security risk of actually phoning home.
Bot masters could then know such and such bot is ready for work or for rental or sale without ever being contacted directly.
Maybe that is why bots are marking wikis and forums with unique gibberish.
Just an idea based on what I see -- google this:
racrodr
If that was the unique twitter of your own bot spawn, wouldn't you be thrilled to find it alive and twittering? Your own bot, recorded in Google's index!
Twitter bots.
Roger :-)
So botnets are having their slaves use gibberish postings as a method of phoning home? That's absolutely devious, but it sounds like a logistical nightmare in comparison to current methods: You wouldn't know which gibberish string belongs to which bot unless it had already communicated its identification string to you beforehand, in which case there would be no need to phone home! I'm sure the evil masterminds behind such operations could probably engineer a solution around that issue, but adding gibberish to random wikis still seems like a pretty far-out method of communication in comparison to just identifying through an IRC channel or a Web page or whatever. (The only real benefit I could see to this scheme is that it would be harder to infiltrate or break, which may now be at the top of the botmaster's concerns.)
I'm kind of partial to the NSA spy code theory, myself. :p
Emufarmers Sangly wrote:
So botnets are having their slaves use gibberish postings as a method of phoning home? That's absolutely devious, but it sounds like a logistical nightmare in comparison to current methods: You wouldn't know which gibberish string belongs to which bot unless it had already communicated its identification string to you beforehand, in which case there would be no need to phone home!
You can tell them the "gibberish string" to use, no need to have the software calling you to tell the vulnerable page list. You won't be traced by the cops for searching racrodr on google!
I'm sure the evil masterminds behind such operations could probably engineer a solution around that issue, but adding gibberish to random wikis still seems like a pretty far-out method of communication in comparison to just identifying through an IRC channel or a Web page or whatever. (The only real benefit I could see to this scheme is that it would be harder to infiltrate or break, which may now be at the top of the botmaster's concerns.)
It makes most sense. Not only did the bots post it, but it was still there when googlebot spidered that web (few or null spam-cleaning), so if they had spammed "Buy my viagra", google would have indexed it.
Karl Schmidt wrote:
Having trouble with bots placing gibberish on our site. I first want to understand the why?
It could be :
- They testing or trying to get setup to spam search engine indexes?
- They are measuring the time to rollback?
- Spy code words - pass information anonymously without traceability?
- Want to destroy search engine ranking?
- ??
Anyone have a clear understanding of this?
I've read some interesting theories and have a few of my own, but I'm more interested in stopping spam.
The gibberish spammer can be stopped by adding a line to your LocalSettings.php file. The line changes your site configuration so that people have to be registered users to edit or create new pages.
Unfortunately, I've lost the location of this page and the information. It's on the MediaWiki support site, but the anti-spam pages are poorly organized and I only found this page by accident. Perhaps somebody can provide the URL to the page I'm thinking about.
MediaWiki could improve its anti-spam pages by creating a new page that lists the kind of attacks that MediaWiki administrators are running into.
I had hoped that this fix would also stop the spambot which is creating dummy user accounts with fake Russian email addresses. I stopped the gibberish, but not the fake Russian accounts.
Chuck Munson Infoshop.org
Wikis=> OpenWiki (anarchist encyclopedia and alternative to Wikipedia) http://www.infoshop.org/wiki/index.php/Main_Page
Science Fiction & Fantasy wiki http://www.infoshop.org/sf/index.php/Main_Page
The Matrix: Anti-Capitalist Wiki http://www.infoshop.org/octo/matrix/index.php/Main_Page
Infoshop Library http://infoshop.org/library/
mediawiki-l@lists.wikimedia.org