[Mediawiki-l] repeated spambot attacks

Sat Sep 3 00:09:10 UTC 2005

Thanks for the prompt reply, Mike. 

With your information  I googled for "defaultsettings.php"  and  found
it in the  'includes'  directory.   I then copied the line

$wgSysopRangeBans		= false; # Allow sysops to ban IP ranges 

to my localsettings.php file and changed  false to true. 

This then enabled me to block 69.50.0.0/16  which I hope will get me
over one longstanding and persistent problem.

I shall remain susbscribed to this helpful mailing list  in order to
keep up with developments in the forthcoming struggles against
spambots, particularly if some kind of  shared blacklist  or bot
detection strategy evolves.

Thanks again for the help.  

Andy Roberts
http://blog.ultralab.net/~blogger/andy/
http://www.ukcider.co.uk

On 9/2/05, Mike Valstar <mikevalstar at gentoo-wiki.com> wrote:
> you could:
> 1. enable blocking of ip blocks (see defaultsettings.php) then block
> 69.50.0.0/16
> 
> 2. change your settings to only allow people who are logged in to edit
> 
> 3. run a wiki bot, give that bot the ability to block suspected spammers
> (this is what i do)
> 
> The first will only help for a short while, there are many spammers,
> with all the wiki-mania going on on the web spammers see a great
> opertunity to increase their google rank
> 
> the second works pretty well (there are a few bots that get through, but
> no plan is perfect),  but for a wiki that is starting out i concider
> this an early death to the wiki unless you already have a good
> readership and editorship
> 
> the 3rd works, but there are no public bots specifically made for this
> that i know of off hand, I am currently building mine by hand and will
> be releaseing it to the public when i feel its ready, if you want a
> preview copy .. mail me and i'll see what i can do (my current version
> is very rudimentary but blocks 95% of spammers, it still dosent auto revert)
> 
> Mike Valstar
> http://gentoo-wiki.com
> 
> Andy Roberts wrote:
> 
> >Hi all,
> >This is my first contribution, I have a few queries and I hope
> >somebody can help me find the solutions or information I need.
> >
> >Problem:
> >I have a mediawiki running on a hosted  web server ( ie  not on my own
> >computer ) which is being repeatedly spammed by  a bot or bots which
> >not only edits multiple pages inserting hundreds of  porn links and so
> >on, but also creates lots of new pages and talk pages.
> >
> >according to the version page, the wiki  is running on
> >
> >    MediaWiki (http://wikipedia.sf.net/): 1.3.5
> >    PHP (http://www.php.net/): 4.3.10 (apache)
> >    MySQL (http://www.mysql.com/): 4.0.24-standard-log
> >
> >I can access the database using phpMyAdmin 2.6.3
> >
> >The spammer(s) use IP addresses  which vary, but always begin with 69.50.
> >
> >So what I can do for now, after a spam attack, is to log in as
> >WikiSysop, block the individual IP number,  go through reverting all
> >the pages and deleting the newly created ones.
> >Then I go to the  phpMyAdmin page and run a few stored scripts which
> >delete all the unwanted edits  from both 'old'  and 'recentchanges' ,
> >empty  archive , and then the database is back to normal without
> >expanding unmanageably.
> >
> >My main question is :
> >
> >How can I block the entire range of  IP addresses  like 69.50.*  ??
> >
> >Any help much appreciated, as I am determined to try and keep this
> >wiki open to all and not concede to the spambots.
> >
> >
> >
> 
> _______________________________________________
> MediaWiki-l mailing list
> MediaWiki-l at Wikimedia.org
> http://mail.wikipedia.org/mailman/listinfo/mediawiki-l