[Mediawiki-l] repeated spambot attacks
Muzaffer Ozakca
mozakca at indiana.edu
Sun Sep 4 03:01:13 UTC 2005
Maybe we could use rate control to reduce spam. phpBB has a similar
control I believe. I don't know how effective these schemes are but it
might help ease the pain of reverting everything back. This probably
requires a new table with ip addresses/user-ids and the time of last
update. Whenever a new update is submitted:
. check the time of previous update attempt if exists in the table from
this user or ip
. if the time between these two requests is too short, show a warning
that the user has to wait a minute or whatever to send a new update
How long the program should wait can be determined empirically. It
should be made sure that whenever a warning is shown, user's
contributions are not lost. it would be really frustrating to lose it
because of a stupid software thinking you're a bot. And this table can
be cleared periodically, say every hour, to remove old records.
Mike Valstar wrote:
> you could:
> 1. enable blocking of ip blocks (see defaultsettings.php) then block
> 69.50.0.0/16
>
> 2. change your settings to only allow people who are logged in to edit
>
> 3. run a wiki bot, give that bot the ability to block suspected spammers
> (this is what i do)
>
> The first will only help for a short while, there are many spammers,
> with all the wiki-mania going on on the web spammers see a great
> opertunity to increase their google rank
>
> the second works pretty well (there are a few bots that get through, but
> no plan is perfect), but for a wiki that is starting out i concider
> this an early death to the wiki unless you already have a good
> readership and editorship
>
> the 3rd works, but there are no public bots specifically made for this
> that i know of off hand, I am currently building mine by hand and will
> be releaseing it to the public when i feel its ready, if you want a
> preview copy .. mail me and i'll see what i can do (my current version
> is very rudimentary but blocks 95% of spammers, it still dosent auto
> revert)
>
> Mike Valstar
> http://gentoo-wiki.com
>
> Andy Roberts wrote:
>
>> Hi all, This is my first contribution, I have a few queries and I hope
>> somebody can help me find the solutions or information I need.
>>
>> Problem:
>> I have a mediawiki running on a hosted web server ( ie not on my own
>> computer ) which is being repeatedly spammed by a bot or bots which
>> not only edits multiple pages inserting hundreds of porn links and so
>> on, but also creates lots of new pages and talk pages.
>>
>> according to the version page, the wiki is running on
>> MediaWiki (http://wikipedia.sf.net/): 1.3.5 PHP
>> (http://www.php.net/): 4.3.10 (apache) MySQL
>> (http://www.mysql.com/): 4.0.24-standard-log
>>
>> I can access the database using phpMyAdmin 2.6.3
>>
>> The spammer(s) use IP addresses which vary, but always begin with
>> 69.50.
>> So what I can do for now, after a spam attack, is to log in as
>> WikiSysop, block the individual IP number, go through reverting all
>> the pages and deleting the newly created ones.
>> Then I go to the phpMyAdmin page and run a few stored scripts which
>> delete all the unwanted edits from both 'old' and 'recentchanges' ,
>> empty archive , and then the database is back to normal without
>> expanding unmanageably.
>>
>> My main question is :
>>
>> How can I block the entire range of IP addresses like 69.50.* ??
>>
>> Any help much appreciated, as I am determined to try and keep this
>> wiki open to all and not concede to the spambots.
>>
>>
>>
>
> _______________________________________________
> MediaWiki-l mailing list
> MediaWiki-l at Wikimedia.org
> http://mail.wikipedia.org/mailman/listinfo/mediawiki-l
>
More information about the MediaWiki-l
mailing list