June 12, 200917 yr We are getting a series of Wiki spams lately, all but one from the same source. Here's a sample of the 'warfare' from the RecentChanges page: (periods and slashes in all links have been replaced with colons) 2009-06-12 * (diff) (hist) . . User:848 buy deluxe handheld plasma whi?; 10:03:13 . . (-5,964) . . RobJ (Talk | contribs) (removed - spam) * (diff) (hist) . . User:227 buy levitra?; 10:02:34 . . (-5,201) . . RobJ (Talk | contribs) (removed - spam) * (diff) (hist) . . User:391 buy levitra?; 10:02:00 . . (-4,801) . . RobJ (Talk | contribs) (removed - spam) * (diff) (hist) . . N User:848 buy deluxe handheld plasma whi?; 07:54:53 . . (+5,978) . . 848 buy deluxe handheld plasma whi (Talk | contribs) (Created page with '<br /> <br /> <center> =<font color="red">[http:::jolar:ru/2839/wiki CLICK HERE TO BUY DELUXE HANDHELD PLASMA WHITENING TOOL]</font>= <br /> =<font color="#009900">[http:::jolar....') * (User creation log); 07:54:50 . . 848 buy deluxe handheld plasma whi (Talk | contribs) New user account * (diff) (hist) . . N User:227 buy levitra?; 03:13:07 . . (+5,215) . . 227 buy levitra (Talk | contribs) (Created page with '<br /> <br /> <center> =<font color="red">[http:::jolar:ru/162/wiki CLICK HERE TO BUY LEVITRA]</font>= <br /> =<font color="#009900">[http:::jolar:ru/162/wiki Effective ED drug l...') * (User creation log); 03:13:04 . . 227 buy levitra (Talk | contribs) New user account * (diff) (hist) . . N User:391 buy levitra?; 02:21:57 . . (+4,815) . . 391 buy levitra (Talk | contribs) (Created page with '<br /> <br /> <center> =<font color="red">[http:::jolar:ru/162/wiki CLICK HERE TO BUY LEVITRA]</font>= <br /> =<font color="#009900">[http:::jolar:ru/162/wiki Absolutely Anonymou...') * (User creation log); 02:21:54 . . 391 buy levitra (Talk | contribs) New user account 2009-06-11 * (diff) (hist) . . User:357 buy cialis?; 16:14:03 . . (-5,356) . . RobJ (Talk | contribs) (removed - spam) * (diff) (hist) . . N User:357 buy cialis?; 10:14:45 . . (+5,370) . . 357 buy cialis (Talk | contribs) (Created page with '<br /> <br /> <center> =<font color="red">[http:::jolar:ru/156/wiki CLICK HERE TO BUY CIALIS]</font>= <br /> =<font color="#009900">[http:::jolar:ru/156/wiki We accept VISA, Mast...') * (User creation log); 10:14:42 . . 357 buy cialis (Talk | contribs) New user account * (diff) (hist) . . User:768 buy cialis?; 10:07:46 . . (-5,288) . . RobJ (Talk | contribs) (removed - spam) * (diff) (hist) . . User:Verycleveruser40076?; 10:07:01 . . (-1,579) . . RobJ (Talk | contribs) (removed - spam) * (diff) (hist) . . User:206 buy viagra?; 10:05:58 . . (-6,192) . . RobJ (Talk | contribs) (removed - spam) * (diff) (hist) . . User:122 buy viagra?; 10:05:01 . . (-7,740) . . RobJ (Talk | contribs) (removed - spam) * (diff) (hist) . . N User:768 buy cialis?; 09:24:01 . . (+5,302) . . 768 buy cialis (Talk | contribs) (Created page with '<br /> <br /> <center> =<font color="red">[http:::jolar:ru/156/wiki CLICK HERE TO BUY CIALIS]</font>= <br /> =<font color="#009900">[http:::jolar:ru/156/wiki The best way is to v...') * (User creation log); 09:23:58 . . 768 buy cialis (Talk | contribs) New user account * (diff) (hist) . . N User:Verycleveruser40076?; 08:20:08 . . (+1,593) . . Verycleveruser40076 (Talk | contribs) (Created page with '? ?: ??: ??-??? ?????: ??? ???? ???: ??, ???, ??...') * (User creation log); 08:19:18 . . Verycleveruser40076 (Talk | contribs) New user account * (diff) (hist) . . N User:206 buy viagra?; 08:02:51 . . (+6,206) . . 206 buy viagra (Talk | contribs) (Created page with '<br /> <br /> <center> =<font color="red">[http:::jolar:ru/188/wiki CLICK HERE TO BUY VIAGRA]</font>= <br /> =<font color="#009900">[http:::jolar:ru/188/wiki Cheapest website to ...') * (User creation log); 08:02:48 . . 206 buy viagra (Talk | contribs) New user account * (diff) (hist) . . N User:122 buy viagra?; 07:13:33 . . (+7,754) . . 122 buy viagra (Talk | contribs) (Created page with '<br /> <br /> <center> =<font color="red">[http:::jolar:ru/188/wiki CLICK HERE TO BUY VIAGRA]</font>= <br /> =<font color="#009900">[http:::jolar:ru/188/wiki Discreet shipping wo...') * (User creation log); 07:13:29 . . 122 buy viagra (Talk | contribs) New user account This has been ongoing now, for 4 of the last 5 days. Common characteristics: * user name is a 3 digit number followed by " buy " and a drug or product name in lowercase (almost always a drug name) * about 3 seconds after user name is created in wiki system, user talk page is saved (!), of about 4500 to 6000 characters of pre-crafted spam * user name and page appear to be a one-off event, as no further access of page or user name ever seems to occur, so blocking the user is useless * spam pages all appear the same, begin with several headings and lots of white space * spam page headings always include a link to the http:::jolar:ru website * spam page body consists of a long series of computer generated short sentences, one per line, begin with one of a small set of sentence beginnings, almost always include the spam product name, and usually end with a city name, American or European * spam page ends with 5 or 6 links to similarly spammed wiki user talk pages, links are always different, but appear to be MediaWiki sites too * the constant repetition of the product name is obviously designed to 'impress' Google and other search engines I went to one of the links, geekgirltina.net, and found a small MediaWiki set of pages created last November, but apparently unused since. Three different spammers appear to be using her site, including the one that is trying to use ours. She had no restrictions at all, and without creating a login, I was able to zap the spam pages. Clearly, some sort of user qualification and permitting is going to be needed on wiki sites, as well as live monitoring, now that spammers are trying to take advantage of wiki sites. The 5 or 6 links at the bottom of each are a real vulnerability to the spammer, an opportunity for one of us, because the links create an inter-connected network of the spammers sites. It seems to this untrained user, that a script could be crafted that would capture those links and begin crawling each, identifying the spammed pages, capturing their links, zapping the pages, and crawling on to the next linked site. There are very identifiable traits of these spam pages, which should make the 'zapper' quite safe. The script could be made to be easily customizable, to adapt to the changes the spammer may attempt in the future. There is one other spammer above, Verycleveruser40076, who also appears to be Russian. Spam page appeared to be in Russian. I would be happy to see others helping to squash this spam, by monitoring the RecentChanges page. Since deleting or blocking a spamming user is pointless, except as after-the-fact cleanup, we probably need Tom to tighten the user creation process. -------- and now my little contribution, freely quotable --------- Steps to Dealing with Spam-related Temptation If you find that you are tempted to click on ANYTHING in a piece of spam, then please follow these steps: 1. If email, click the [Report Spam] button, or destroy the email. If in browser or popup, close browser or popup. Turn off computer, and do not use again. 2. Either cut up your credit cards, or give them to your spouse or child. Even your youngest child is safer with them than you are. 3. Check in at nearby clinic. Tell them you are an idiot, and ask if that can be fixed. 4. Continue checking into every clinic and fix-it place you can find. The money you spend will help grow your local economy, and not destroy the Internet for the rest of us. -------- no attribution needed, please post in front of anyone who may be susceptible --------- I guess I'm fed up with these tactics, that take advantage of unsuspecting or ignorant users, and waste so much time and bandwidth for the rest of us, all because of a very few people who can't resist clicking on an obvious spam message. If this little social method of attacking can help even a little bit, by decreasing the clicks a little, perhaps in a small way it can help to make spam an economically unsound practice. We need to make it universally known to every user, that it is STUPID to respond to any item of spam. If the product is so attractive, then first destroy the spam, then find a legitimate source for the product.
June 13, 200917 yr Thanks for being so on top of this. Now that school has ended for the quarter I can hopefully get back to editing and helping you out. I was so busy with school stuff that I just did not have the time to devote to much/any wiki stuff. RobJ, if there is anything specific you would like me to do regarding the wiki hit my up via PM and we can talk.
June 14, 200917 yr Author RobJ, if there is anything specific you would like me to do regarding the wiki I know you were not intending to imply that I have any special wiki authority, but I thought I should make it clear to all that I am just another user, who enjoys adding to the wiki knowledge base, and have no special power to tell others what to contribute. But I certainly appreciate you and others participating in its growth and integrity. And the more people we have monitoring it for abuse, the better. Plus, the more users that monitor wiki changes, the more likely that incorrect information will be quickly fixed. Since I have no special powers, all I can do now is watch all changes, and replace all spam pages with "removed - spam". Anyone could do that or better. I would really like to see a few more users given the power to zap the spammers directly, even if in cases like this, it does not really solve the problem. But the quicker we remove the pages, the less chance they can benefit by 'impressing' Google with their phony 'page relevance'. There is a lot of unfinished work on the wiki, often my fault - projects started but never completed. Perhaps we should create a To Do page, listing known incomplete pages and sections, as well as a wish list of things that someone would like to see added to the wiki.
June 14, 200917 yr I know you were not intending to imply that I have any special wiki authority, but I thought I should make it clear to all that I am just another user, who enjoys adding to the wiki knowledge base, and have no special power to tell others what to contribute. But I certainly appreciate you and others participating in its growth and integrity. And the more people we have monitoring it for abuse, the better. Plus, the more users that monitor wiki changes, the more likely that incorrect information will be quickly fixed. Since I have no special powers, all I can do now is watch all changes, and replace all spam pages with "removed - spam". Anyone could do that or better. I would really like to see a few more users given the power to zap the spammers directly, even if in cases like this, it does not really solve the problem. But the quicker we remove the pages, the less chance they can benefit by 'impressing' Google with their phony 'page relevance'. There is a lot of unfinished work on the wiki, often my fault - projects started but never completed. Perhaps we should create a To Do page, listing known incomplete pages and sections, as well as a wish list of things that someone would like to see added to the wiki. yup, I was not trying to imply anything like that. I know that you are one of the driving forces/person that helps with the wiki and since I have been utterly absent in trying to help with the wiki because of school I just wanted to get your input on were it was and what needs to be worked on. If we were to come up with a list of things for the wiki I would be willing to help knock things off the list.
June 14, 200917 yr God mediawiki user control sucks. I blocked the IP of all those users, heres hoping that helps.... I suspect it will be an ongoing battle
June 15, 200917 yr Author Thanks NAS! Fighting these guys is ALWAYS an ongoing battle. It would be nice if we had a way to automatically set an infinite block on user names matching a given pattern. Spammers always adapt though, but it could provide a wildcard way to zap a group of them. You know, we are not the only ones being attacked like this. I'll bet there are MediaWiki discussion threads out there, and perhaps some tips and tools for the fight. If there is someone here with some time, this would be a useful bit of research and liaison, especially if something useful could be passed on to Tom, save him the time of researching it.
June 15, 200917 yr I will keep searching for better options. Mediawiki user management is unbelievably basic for such a large project. The type of bans in place now seem to imply that if these users try to edit again the new IP will be automagically banned ad nausium. This will probably help alot but what we really need is manual escalation of editing rights. i.e. someone registers and asks for perms to edit via this forum. This is the route XBMC had to go in the end to deal with spammers and attacks and whilst it is manual it is 100% reliable.
June 18, 200917 yr Author Can someone who knows any Russian at all check the RecentChanges page for the wiki, and check the new user page, and tell us whether it is spam or not. I don't want to zap a valid page, and although chances seem small, it conceivably *could* be a user's page, completely in Russian. I hope it goes without saying that you should be very careful with the links there.
June 18, 200917 yr It was just a matter of time before this happened. Policing non English stuff is going to be way tricky. I suspect this is spam but have same doubts as you.
June 19, 200917 yr The WikiSpammer were back at it this morning. I have taken care of it for now and will continue to monitor the page. Also I found these coupld of links that might help in the attempt to stop the spammers: http://www.mediawiki.org/wiki/Anti-spam_features http://www.mediawiki.org/wiki/Spam_Filter Hope that helps and I will keep searching for new stuff.
June 19, 200917 yr Blocked a few more users. I had a quick look at those anti spam features but I reckon you need code access to implement any of the good ones.
June 19, 200917 yr Author Thanks NAS. I have to apologize to you, when I started this thread, I completely forgot that you had already started another thread for reporting spam. I did some Googling of links in Vasili-'s user page, and got 3 hits - all to near-identical user pages on wikis around the world, with the user name of Verycleveruser- (name ended in different number each time), whom we had already blocked earlier for a spam page, so we can conclude this is a spammer too, a sneaky one. I zapped his page. You are welcome to block him and User:870-. I too looked at the spam tools available, and yes, Tom would have to be involved. The ones I liked best were the BadBehavior tool and either the simple ConfirmEdit extension or the reCAPTCHA plugin. They can be set to pop up only on account creation and edits that include new URL's, and not bother you for all other edits. The BadBehavior tool just released version 2.0.28 which was enhanced to block very recent types of wiki spammers. It does not name them, but it sounds like what we are getting. However, it has been known to block a few valid users in the past, so it has a whitelist to 'exception' them. That would need someone with the rights to edit it once in awhile perhaps, and I don't know if that would be a problem or not. I thought for sure that Google would turn up some discussion of 'jolar' and spam, but found nothing except Mediawiki pages with jolar spam, like ours. Perhaps it is too soon for their indices. Incidentally, it is already starting to 'mutate', 3 of the 7 new spams were conamore:ru, the other 4 were still jolar:ru. I noticed quite a few Spam Blacklists online for MediaWiki, another possible approach. Some were very short, some were very very long. Here is one that looks like they are getting the same stuff we are. You will notice recent additions of the hp*.ru and acer*.ru spam links that we had in the Verycleveruser spam page, and then in the last line, added on 6/14, they decided to block all edits that include any links with a .ru extension! That seems a little too drastic, but I think I saw another site doing something similar. Perhaps Russia would begin to crack down on all of their spammers, if their citizens start complaining enough about being banned in too many places!
June 19, 200917 yr It seems that if Tom could bump me one more level as per this: http://lime-technology.com/wiki/index.php/Special:ListGroupRights I could edit user rights which in theory could make it so we manually validate users to be allowed to edit. Not a huge fan of that idea except that so far its only about a dozen users that really edit. I say this would be a good short term easily implemented measure that would 100% remove all spam.
July 6, 200916 yr Another thing that needs to be done, upgrade to the latest Mediawiki. 1.14 is what's running on the system now, 1.15.0 is the current incarnation. Usually there are holes that are plugged with each release. As for user permissions, one of the best ways I've found yet to limit Wiki spam on one of my systems, is use the forums logins for permissions on the wiki database. I use Mediawiki, and PHPBB, and there's a mod for MW that lets you use the PHPBB userlist for access control. Just give the PHPBB user access to the mediawiki 'group' on PHPBB, and they have edit privs on the wiki. I've not found a spammer yet that made that connection (at least on the wiki side), although fighting spammers on the forums side is a bit more fun (good capatcha's, questions in the signup forms, and all that do help a good bit also). Not sure if there's a module for SMF for mediawiki though (I've never had to manage SMF so I'm not sure).
July 6, 200916 yr It's pretty sad, All the effort that goes into creating spam could be used to create better software the whole world could use. There seem to be some talented (yet misdirected) people out there!
July 15, 200916 yr The Wiki got hit hard again last night. I have managed to removed all of the spam for now but this is getting pretty ridiculous.
July 15, 200916 yr Tom can you change the permissions or bump me up one level so I can do it. We want user to have to ask for write permissions via the forum. Since we are here so often this will be a minor inconvenience for them and 100% reliable spam countermeasure. To deal with last nights spam attack will take at least 200 page manual loads aka complete waste if time
July 31, 200916 yr I agree, I work with other projects and on all of them you have to ask for permission to edit the wiki otherwise you'll be fighting a never-ending battle with spammers.
August 12, 200916 yr We got hit hard again today with the wiki spam. I just went through and cleaned it up but this is getting completely out of control. Granted it only took me about 5 minutes to get all of them "cleaned up" because of my keyboard macro I have set up, but still... NAS, I understand that you have a little higher privilege then us other mortals but that you also need more access. Perhaps it is time for you to send an e-mail off to Tom (if you have not already) and figure something out. I don't mind trying to keep the wiki clean, but really this is completely out of control.
August 12, 200916 yr Nice work that man ! I have send Tom a PM briefly detailing the issues and suggestion and pointed to this thread. If i dont hear from him in a week I will try some other means to track him down. How did you go about doing the shortcut?
August 12, 200916 yr Nice work that man ! I have send Tom a PM briefly detailing the issues and suggestion and pointed to this thread. If i dont hear from him in a week I will try some other means to track him down. How did you go about doing the shortcut? I have a program on my Apple computer called Typinator. I can assign short stints of text to be expanded upon completion. For the wiki i have created a couple and for general forum use I have created a couple. The one I use for the wiki and removing spam is "R_S" which then gets expanded into "removed - spam" and likewise i have a couple that are one like MRS (motherboard rating system) that forms a URL to the link in the wiki. I also have for hardware compatibility page, topical index, userbenchmarks page, and a couple others that don't immediately come to mind. I could also if i really wanted to assign them to a function key on my keyboard and make it even easier but i use the function keys for other things. If your on a windows machine i would suggest googling around for a program that does text expansion as it really is incredibly useful for forum related stuff.
August 22, 200916 yr Author We got hit hard again today with the wiki spam. I just went through and cleaned it up but this is getting completely out of control. Granted it only took me about 5 minutes to get all of them "cleaned up" because of my keyboard macro I have set up, but still... NAS, I understand that you have a little higher privilege then us other mortals but that you also need more access. Perhaps it is time for you to send an e-mail off to Tom (if you have not already) and figure something out. I don't mind trying to keep the wiki clean, but really this is completely out of control. I want to say thanks too, that was a lot of work. I can't help noticing how much faster you are than me! You are occasionally zapping them in 8 seconds flat! I still think the best method to recommend to Tom is to add the Bad Behavior and reCAPTCHA tools with ConfirmEdit (discussed further here, with links), and update to MediaWiki 1.15. I believe the Bad Behavior tool will specifically block spammers like those we are getting, and is easy to install (by Tom), and does not need additional maintenance or monitoring (I think). And ConfirmEdit with reCAPTCHA blocks new bot users and bot-originated pages with external links. There is no reCAPTCHA for ordinary wiki edits, just those with external links, and spam pages cannot exist without those. If that turns out to be still not enough, then we request permission to moderate all new users. I think it would be good if there were a few more users with Sysop privileges, Prostuff1 and JoeL and myself to start with, but there are certainly others who also have the same strong interest in this Wiki and its welfare.
August 22, 200916 yr I want to say thanks too, that was a lot of work. I can't help noticing how much faster you are than me! You are occasionally zapping them in 8 seconds flat! hehe, yeah, my little application TextExpander really helps me get through the wiki spam. I really really like it as I have shortcuts set up to create links to things like the Hardware Compatibility Page, Motherboard Rating System, Topical Index, Best of the Forums, User_Benchmarks Page, and Add-on's and also the Third Party Boot Flash Architecture as this structure is what we (the community) are trying to move towards. It allows the knowledgeable members to assist in diagnosing problems. That took me all of 30 seconds to do, most of it was spent remembering the abbreviations. If your interested in something similar for windows take a look at Texter.
September 4, 200916 yr I don't mean to sound like a broken record or anything but this wiki spam is getting very very annoying. I just cleaned up some more but we really need to get this blocked before it even happens. Has anyone heard from Tom about this?
Archived
This topic is now archived and is closed to further replies.