[dev-context] Options that will work for blocking this spammer.

Hans Hagen pragma at wxs.nl
Tue Oct 11 09:35:13 CEST 2005 

Brooks Moses wrote:

> Clearly, fixing the damage and waiting for the spammer to go away just 
> isn't working.
>
> The following things, in my opinion, will most likely work.  I don't 
> know which of them are possible within the MediaWiki software, 
> however, so I'm listing everything I can think of that seems 
> plausible.  Most of them only fix this one spammer, though, not the 
> problem in general -- but it seems that we've only had this one really 
> problematic spammer in two years, so maybe it's enough.
>
> * Block all edits that contain "<div ...>" tags.  All of these do -- 
> they're all using a "<div ...>"-tag block to hide links invisibly on 
> the page.  (Many of them have left out the links, but nearly all of 
> them have included the tag.)

this is a robust measure

> * Set things so that all of Musa8's edits (as tracked by username) get 
> ignored rather than actually applied.

so, a blacklist or so

btw, i wonder what would happen if an edit would have a confirmation 
(how do such bots handle confirmation)

> * Block the five dozen or so IP addresses that he's using.  (This is a 
> temporary solution.)
>
> * Protect the two dozen Wiki pages that he's changing -- he keeps 
> changing the same ones, not randomly-chosen ones.  (This, again, is a 
> temporary solution.)
>
> * Put in an "are you human?" test for all anonymous users, and for all 
> logged-in users who haven't been approved by the site admins.  
> (Something like one of the "type in the numbers in this warped image" 
> things that some sites have.)
>
indeed, just a few pop ups and confirmation, bots don't have eyes -)

> * Change the edit page urls from "&action=edit" to 
> "&action=editpage".  My guess is that this person is using an 
> automatic script that's aimed at bunches of MediaWiki sites, and 
> changing the url will break his script, and he's unlikely to change it 
> just for one site.  (This trick works pretty well for weblog spam, 
> apparently.)
>
that was indeed my first idea, use non standard id's and actions, not 
even 'editpage', just a number

> Meanwhile, is there a community of MediaWiki users somewhere that we 
> can talk to about this?  I'd guess that this spammer has been hitting 
> other sites pretty hard too, and there are probably lots of other 
> people working on figuring out good solutions to this....
>
> - Brooks
>
>
> P.S. Someone came through and put in a couple of "real" edits to the 
> "Russian" page.  I've made backups of the updated page so it can be 
> re-updated after Patrick reverts things to an old backup of the site.

Hans 

-----------------------------------------------------------------
                                          Hans Hagen | PRAGMA ADE
              Ridderstraat 27 | 8061 GH Hasselt | The Netherlands
     tel: 038 477 53 69 | fax: 038 477 53 74 | www.pragma-ade.com
                                             | www.pragma-pod.nl
-----------------------------------------------------------------

More information about the dev-context mailing list