[Mediawiki-l] spam, spam, spam, and spam

Daniel Friesen lists at nadir-seen-fire.com
Thu Apr 14 14:44:45 UTC 2011


On 11-04-14 04:28 AM, Anne Wilson wrote:
> On Wednesday 13 April 2011 22:29:35 Daniel Friesen wrote:
>> On 11-04-13 10:42 AM, Anne Wilson wrote:
>>> On Wednesday 13 April 2011 18:01:30 Kilian wrote:
>>>> On 04/13/2011 06:57 PM, Hiram Clawson wrote:
>>>>> The spam is getting really tiresome.  I turned on ConfirmAccount and
>>>>> the spammers continue to ask for accounts even through that mechanism.
>>>>> It is a real pain...
>>>> Read this: http://www.mediawiki.org/wiki/Manual:Combating_spam
>>>>
>>>> http://www.mediawiki.org/wiki/Extension:ConfirmEdit works well for me,
>>>> with the QuestyCaptcha CAPTCHA type.
>>> What I'd really like to see is the ability to say that you can't make any
>>> edits until you have been registered for a period of time, unless you are
>>> a member of a higher group.  I doubt if the spammers would bother
>>> creating an account and coming back to post their spam three months
>>> later.  I haven't seen anyone suggest that it actually is possible,
>>> though.
>>>
>>> Anne
>> ^_^ That would be our autoconfirmed feature... and guess what, spambots
>> that know how to register, wait for the autoconfirmed time to elapse,
>> and then come back, already exist. There are also ones that know how to
>> confirm their own e-mail. And ones that know how to upload images.
>>
>> ~Daniel Friesen (Dantmn, Nadir-Seen-Fire) [http://daniel.friesen.name]
> Our sysadmin appears to be of the same opinion.  That's sad.  I had hoped that 
> autoconfirm with a delay of only one day would be fine, especially if we 
> blogged about contacting us on IRC to speed it up when necessary.
>
> I don't know if others have the same experience, but I'm finding that usually 
> the new user is registered, the page and its image posted, all within a 
> minute.  That seems very fast for a user, even if the text was already 
> prepared.  It was the fact that it happens instantaneously that made me think 
> that some sort of delay may be useful.
I use an AbuseFilter rule to prevent most of the instantaneous spam.
http://wiki.commonjs.org/wiki/Special:AbuseFilter/1
Be wary though that I use it on a registered-only wiki where it can take
at least 18s for a human who was logged in, logged out in another tab,
created an account, went through the captcha, and then saved twice in
the other tab (for the session warning) to create a new article as a
brand new user. This filter will NOT work right on a anon editable wiki.
> How do the spambots know what delay is set?  (You'll realise that the 
> technical side of this is not my expertise :-) )
The ones I see just wait a fixed period of time as a guess.
> Anne
~Daniel Friesen (Dantman, Nadir-Seen-Fire) [http://daniel.friesen.name]


-- 
~Daniel Friesen (Dantman, Nadir-Seen-Fire) [http://daniel.friesen.name]




More information about the MediaWiki-l mailing list