The Castle Doctrine Forums
Discuss the massively-multiplayer home defense game.
You are not logged in.
- Topics: Active | Unanswered
Pages: 1
#1 2013-04-23 07:25:31
- CastlePi
- Member
- Registered: 2013-04-22
- Posts: 6
Wiki get's spammed
I did not find any emailaddresse so I am posting it here. Wiki pages are spammed by some stupid bot.
Offline
#2 2013-04-26 14:29:12
- jasonrohrer
- Administrator
- Registered: 2013-04-01
- Posts: 1,235
Re: Wiki get's spammed
Yeah, this is a HUGE problem.
The daily backup for the wiki is now 25MB compressed. (the forum is 400K compressed, for comparison).
This is all being caused by "account spam" where someone makes an account and then posts spam on their user page, and then leaves. Hundreds (and thousands?) of accounts have been created so far.
I'm hoping that someone can look into media wiki and help me figure out how to stop this from happening. I know they say "just use a captcha," but that clearly didn't work on the forum (because the spammers are human).
I may have to mod the media wiki source to ask a real question.... but I'm hoping there's an out-of-the-box solution.
Offline
#3 2013-04-26 20:02:24
- jasonrohrer
- Administrator
- Registered: 2013-04-01
- Posts: 1,235
Re: Wiki get's spammed
At the start, the Wiki database was about 500 MiB in size.
Spent all afternoon dealing with this mess, which was less than ideal, but it's done now.
4300+ accounts and spam-laden User and User Talk pages deleted.
And how to prevent this from happening in the future?
It's strange that the spammers don't ever touch any of the "real" pages in the wiki. They always make their own, new pages. Probably to stay under the radar, while still showing up in search engines somehow, maybe even through the Random Page link. Orphaned pages are actually a lot harder to deal with (and delete) than wayward edits on the real pages.
So, the first step was to disable page creation, but only for accounts that have never made at least one edit. And no account is needed at all to make edits (though you can't create pages without an account). This seems like the thinnest, weakest spam prevention imaginable. Any anonymous person---or bot---can edit anything on the site! But it seems to work, because the spammers don't want to actually edit something.
This stopped the spam pages cold. But new accounts were still flowing in. About 10 accounts every 30 minutes or so. Yeah, they weren't able to DO anything, but the were still clogging up the changelog (and taking space in the database).
So, I put a simple question in front of the account creation screen (how much does the gun cost?), and the spam account creation has stopped completely (much like it did on this forum with that simple question, when even a CAPTCHA wasn't working).
This experience has been absolutely baffling. How can MediaWiki, the most widely-used wiki software on the planet, ship with a default setup that is an absolute spam sponge? How can it NOT have any way of mass-deleting accounts, at all, not even with an extension? I had 4000+ accounts to delete, and the only way to do it was to muck around in the database. At least there was an extension (Nuke) that helped me bulk-delete the posts. But they still lingered (archived!) in the database until I cleared them manually from the command line, and even then, parts of them still lingered (search indexed!) until I mucked around in the database some more.
Have the anti-spam features turned on by default, please.
After all this: total wiki database size, uncompressed, is 7 MiB.
I wouldn't exactly call it a "good feeling" though.
Offline
Pages: 1