________________________________
From: Stip <stipen.treublatt(a)gmx.net>
To: MediaWiki announcements and site admin list <mediawiki-l(a)lists.wikimedia.org>
Sent: Wednesday, May 29, 2013 9:13 AM
Subject: Re: [MediaWiki-l] Wiki spam. Stronger fightback.
Our wiki has been spam-free for over a year now, despite anonymous
editing being allowed, while keeping the inconvenience for legitimate
editors to a bare minimum. Here is what we're doing:
First, we use ConfirmEdit with QuestyCaptcha, but only for
"createaccount" and "badlogin". We ask community-specific questions,
and
the answer is not a word in the question; seems to work perfectly, we
didnt have a bot-account for over a year now (also, we dont allow
numbers in account-names, which probably helps too).
If we would require editors to be logged-in, we probably wouldnt need
any other spam-protection. Since we do want to allow anonymous editing,
we also use the Abuse-Filter-Extension with Filters that only trigger
for users that are not autoconfirmed (autoconfirmed-status is given in
our wiki once the first edit was successful).
One of the filters (probably the most important) requires users to do
something specific if they want to create a new page (most spammers try
to create new pages); if they dont, their edit is blocked. This specific
action could be anything, from adding a certain word to using specific
wiki-markup or using a certain edit-summary. Ideally, every wiki using
this concept should require a different action, just like
QuestyCaptcha-Questions will differ for every wiki. That way, spammers
cant adjust their bots to it.
And what about spammers that edit existing pages? Luckily, they almost
always add links, and they almost always delete existing text, so one
can construct filters to stop that.
In summary: Interested editors have to answer a simple question if they
want to create a new account. After that, they can do whatever they
want, without being watched by the filter. Anonymous editors have to do
something specific if they want to create a new page or add new links -
or they could just create a new account. And spammers are blocked
completely.
So, in my opinion, the following should be done to help new wikis combat
spam:
1. Bundle ConfirmEdit and AbuseFilter with each MediaWiki-Download.
2. Make QuestyCaptcha the default for ConfirmEdit. It is easy to use and
more effective than recaptcha, cause it cant be solved by paid workers
from the other side of the planet while allowing interested, legitimate
editors to pass (if your questions are good enough).
3. AbuseFilter should have a pre-installed filter (or at least a link to
a help page with examples).
4. The section about AbuseFilter on Manual:Combating_spam should contain
examples or a link to a page with examples.
examples:
!("autoconfirmed" in user_groups)
& (action == "edit")
& (article_articleid == 0)
& !("your phrase or wiki markup" in new_wikitext)
alternativly:
!("autoconfirmed" in user_groups)
& (action == "edit")
& (article_articleid == 0)
& !("your phrase" in summary)
another alternative:
!("autoconfirmed" in user_groups)
& (action == "edit")
& ((article_articleid == 0)|(length(added_links) >= 1))
& !("your phrase" in summary)
Obviously, the message telling the editor that his edit was blocked
should mention what he has to do if he wants his edit to be saved, so
the notes of the pre-installed filter should contain a link to
MediaWiki:abusefilter-disallowed.
The really important thing here is that spammers cant adjust to these
measures if every wiki asks different question and demands different
actions for edits from anonymous users.
Also, we have been using the already mentioned bot-trap from
danielwebb.us/software/bot-trap for some time now. Since legitimate
users can unblock themselves, it really doesnt hurt to use it.
Greetings
Stip
_______________________________________________
MediaWiki-l mailing list
MediaWiki-l(a)lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-l