[Mediawiki-l] Malicious content deleting bots

Jim Hu jimhu at tamu.edu
Thu Apr 12 03:45:12 UTC 2007 

 From my limited experience managing a couple of bbs systems (2 phpBB  
and one vBulletin), the captcha reduces but does not come close to  
eliminating spammers.  While I don't know for sure that these are  
bots, I suspect that they are based on how they show up on the  
different unrelated bbs systems at the same time even though some are  
on different servers.  I believe there are at least two approaches  
that are known to defeat captchas.  One involves image analysis while  
the other involves mirroring the captcha onto a page promising free  
"stuff".  Alas, I imagine that vandals have access to the same  
technology as spammers.

Jim

On Apr 11, 2007, at 10:07 PM, Eric K wrote:

> These bots are striking wikis everywhere. This extension should be  
> made part of Mediawiki. Almost every website having public account  
> creation has some sort of captcha. Image capchas are the best -  
> people are used to doing that. The image capcha is there yea, but  
> its harder to install. I'm just gonna do with the text captha.
>
>   Here's the link everyone, protect your wikis. These bots are  
> searching the net for wikis to do their damage:
>
>   http://www.mediawiki.org/wiki/Extension:ConfirmEdit
>
>   Thanks to Rob C. for giving this link.
>
>
>
>
>
> Tels <nospam-abuse at bloodgate.com> wrote:
>   -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Moin,
>
> On Wednesday 11 April 2007 18:00:57 Mike Wheeler wrote:
>> I too have noticed what appear to be malicious bots deleting content
>> from wikis over the past couple days.
>>
>> From what I have seen they delete page content starting at the first
>> ampersand through the end of the page.
>>
>> Here is one page they hit:
>>
>> http://www.archiplanet.org/w/index.php?
>> title=Notre_Dame_Cathedral&diff=550682&oldid=547840
>>
>> I have seen this on multiple unrelated wikis which do not require
>> registration for editing. In the above case it was done by a newly
>> registered user with a six character alphanumeric username, as
>> described by the first person to report this on the list. Other
>> instances have been done by unregistered users recorded only by IP
>> number:
>>
>> http://www.archiplanet.org/w/index.php?
>> title=Gunter_Behnisch&diff=550666&oldid=548133
>>
>> Thankfully they have only hit a few of our pages so far, but we would
>> obviously like to put an end to it before they do more widespread
>> damage.
>
> First steps: Allow only registered user to edit, put a captcha on  
> account
> registration and require an email verification.
>
> All the best,
>
> Tels
>
>
> - --
> Signed on Wed Apr 11 20:21:14 2007 with key 0x93B84C15.
> Get one of my photo posters: http://bloodgate.com/posters
> PGP key on http://bloodgate.com/tels.asc or per email.
>
> "The campaign should combat the messages of pornography by putting  
> signs
> on buses saying sex with children is not OK."
>
> -- Mary Anne Layden in ttp://tinyurl.com/6a9cy
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.2 (GNU/Linux)
>
> iQEVAwUBRh1DY3cLPEOTuEwVAQIrWAf+JWbDz5cfKyql383iPefhiMY7qwIrNSrS
> HMnEIA7nnkBzTkkljWAy5h6kIruTQkb1Bt3g5WOJf9RwuM49D3BbVLQpab6hHnrr
> B4Lr3yxhrbn4/nCVr+W9qVrjZm4F0C7opPNUjHqe9Wfe/YZ6L/hiA4+/jhr4ix3t
> DGHh5u96mnXwO28sCX0OUNWnM8cKVa9CBH35og5/s7Wp9CV43rxwZM/R6hYlObz9
> hA+GvBRcEWGQY6L/NJ/f5RfYMvq/KPeNHDdIKk+MGWWo3YeNl46aejkvorW7ZLTy
> 1hW2wq9A0iB/XDp+2VxiQMZwdWA1gjVEiX3TIymQC9rtBopd29Gyng==
> =iFx8
> -----END PGP SIGNATURE-----
>
> _______________________________________________
> MediaWiki-l mailing list
> MediaWiki-l at lists.wikimedia.org
> http://lists.wikimedia.org/mailman/listinfo/mediawiki-l
>
>
>
> ---------------------------------
> Don't be flakey. Get Yahoo! Mail for Mobile and
> always stay connected to friends.
> _______________________________________________
> MediaWiki-l mailing list
> MediaWiki-l at lists.wikimedia.org
> http://lists.wikimedia.org/mailman/listinfo/mediawiki-l

=====================================
Jim Hu
Associate Professor
Dept. of Biochemistry and Biophysics
2128 TAMU
Texas A&M Univ.
College Station, TX 77843-2128
979-862-4054

More information about the MediaWiki-l mailing list