[Mediawiki-l] repeated spambot attacks

Muzaffer Ozakca mozakca at indiana.edu
Sun Sep 4 03:01:13 UTC 2005


Maybe we could use rate control to reduce spam. phpBB has a similar 
control I believe. I don't know how effective these schemes are but it 
might help ease the pain of reverting everything back. This probably 
requires a new table with ip addresses/user-ids and the time of last 
update. Whenever a new update is submitted:
. check the time of previous update attempt if exists in the table from 
this user or ip
. if the time between these two requests is too short, show a warning 
that the user has to wait a minute or whatever to send a new update

How long the program should wait can be determined empirically. It 
should be made sure that whenever a warning is shown, user's 
contributions are not lost. it would be really frustrating to lose it 
because of a stupid software thinking you're a bot. And this table can 
be cleared periodically, say every hour, to remove old records.

Mike Valstar wrote:
> you could:
> 1. enable blocking of ip blocks (see defaultsettings.php) then block 
> 69.50.0.0/16
> 
> 2. change your settings to only allow people who are logged in to edit
> 
> 3. run a wiki bot, give that bot the ability to block suspected spammers 
> (this is what i do)
> 
> The first will only help for a short while, there are many spammers, 
> with all the wiki-mania going on on the web spammers see a great 
> opertunity to increase their google rank
> 
> the second works pretty well (there are a few bots that get through, but 
> no plan is perfect),  but for a wiki that is starting out i concider 
> this an early death to the wiki unless you already have a good 
> readership and editorship
> 
> the 3rd works, but there are no public bots specifically made for this 
> that i know of off hand, I am currently building mine by hand and will 
> be releaseing it to the public when i feel its ready, if you want a 
> preview copy .. mail me and i'll see what i can do (my current version 
> is very rudimentary but blocks 95% of spammers, it still dosent auto 
> revert)
> 
> Mike Valstar
> http://gentoo-wiki.com
> 
> Andy Roberts wrote:
> 
>> Hi all, This is my first contribution, I have a few queries and I hope
>> somebody can help me find the solutions or information I need.
>>
>> Problem:
>> I have a mediawiki running on a hosted  web server ( ie  not on my own
>> computer ) which is being repeatedly spammed by  a bot or bots which
>> not only edits multiple pages inserting hundreds of  porn links and so
>> on, but also creates lots of new pages and talk pages.
>>
>> according to the version page, the wiki  is running on
>>    MediaWiki (http://wikipedia.sf.net/): 1.3.5    PHP 
>> (http://www.php.net/): 4.3.10 (apache)    MySQL 
>> (http://www.mysql.com/): 4.0.24-standard-log
>>
>> I can access the database using phpMyAdmin 2.6.3
>>
>> The spammer(s) use IP addresses  which vary, but always begin with 
>> 69.50.  
>> So what I can do for now, after a spam attack, is to log in as
>> WikiSysop, block the individual IP number,  go through reverting all
>> the pages and deleting the newly created ones.
>> Then I go to the  phpMyAdmin page and run a few stored scripts which
>> delete all the unwanted edits  from both 'old'  and 'recentchanges' ,
>> empty  archive , and then the database is back to normal without
>> expanding unmanageably.
>>
>> My main question is :
>>
>> How can I block the entire range of  IP addresses  like 69.50.*  ??
>>
>> Any help much appreciated, as I am determined to try and keep this
>> wiki open to all and not concede to the spambots.
>>
>>  
>>
> 
> _______________________________________________
> MediaWiki-l mailing list
> MediaWiki-l at Wikimedia.org
> http://mail.wikipedia.org/mailman/listinfo/mediawiki-l
> 



More information about the MediaWiki-l mailing list