Wiki Spam

[sfisque]

except that lalo's solution works fine for "untargetted" attacking. if someone is taking the time to sniff the site for vulnerabilities in order to hand craft their bot's attack, we can assume it is a targetted attack from a (most likely small) set of addresses which can be black listed.

security through obscurity works fine, if it is maintained (read: the dictionary of questions is modified over time to prevent staleness), for a "one off" which our wiki would be (there wont be 1000's of shrink wrapped releases of our wiki).

== sfisque

[Lalolyen]

Quote:

Originally Posted by sfisque

except that lalo's solution works fine for "untargetted" attacking. if someone is taking the time to sniff the site for vulnerabilities in order to hand craft their bot's attack, we can assume it is a targetted attack from a (most likely small) set of addresses which can be black listed.

security through obscurity works fine, if it is maintained (read: the dictionary of questions is modified over time to prevent staleness), for a "one off" which our wiki would be (there wont be 1000's of shrink wrapped releases of our wiki).

== sfisque

Yeah but come on lol, the spammer is posting advertisements. Thats not targeted in the least, thats the same as email spam; someone has a list of URLs set up in a bot to go out and advertise their websites for the search engines to pick up on. I've seen the same thing on MediaWiki quite a bit.

Image verification, even the simplest verifications will shut down the spam we have been seeing.

If someone is outright attacking the website, then the admins need to get a hold of the FBI, they DO investigate those whom intrude in networks and information systems (including gaining unauthorized access to spam the wiki).

[Theeper]

CAPTCHA will not stop spam. Bots like XRumer have proven that.

Unless our wiki software was custom written, it is just like the thousands of other sites that use it .. which is why spam bots hit us.

Regardless, why go through the trouble of making images and creating a DB of questions/answers ? Just add 1 custom field into the reg page, like a checkbox. Then, any bot would have to be programmed to submit the extra data.

I have run a few sites with phpBB on them for several years and the only thing that has ever eliminated spam on them is by slightly altering the submitted fields. Every CAPTCHA mod I tried was cracked before I even installed it. Granted, phpBB is much more widespread than this wiki software, but the principal is the same.

There is a new trick spammers use .. they set up a free porn site, harvest your CAPTCHA image, post it to the porn site, make surfers solve it to view nekked pics, then store the answer so it can solve it on your site. Even the most advanced and unreadable image can be cracked this way.

[Angelox]

I agree with you here, and I've been told this before. But I imagine they will eventually get around that too.
EqEmu Forums always has had active Mods- so the simpelest, most effective solution would be to do what we are doing in the forums now; you have to send a pm to the Admin for approval to post. In fact, probably everone who's a Wiki poster is an EqEmu member, so , clean up what you have now and start with a "forum members only" policy. May not be able to do this since the forum and Wiki are different programs, but the person that allows the user to post in these forums, can go over and sign people up for the Wiki.

Quote:

Originally Posted by Theeper

CAPTCHA will not stop spam. Bots like XRumer have proven that.

Unless our wiki software was custom written, it is just like the thousands of other sites that use it .. which is why spam bots hit us.

Regardless, why go through the trouble of making images and creating a DB of questions/answers ? Just add 1 custom field into the reg page, like a checkbox. Then, any bot would have to be programmed to submit the extra data.

I have run a few sites with phpBB on them for several years and the only thing that has ever eliminated spam on them is by slightly altering the submitted fields. Every CAPTCHA mod I tried was cracked before I even installed it. Granted, phpBB is much more widespread than this wiki software, but the principal is the same.

There is a new trick spammers use .. they set up a free porn site, harvest your CAPTCHA image, post it to the porn site, make surfers solve it to view nekked pics, then store the answer so it can solve it on your site. Even the most advanced and unreadable image can be cracked this way.

[boogerific]

You guys seem to have good ideas and solutions to getting rid of the spammers, but until something is implemented I (and hopefully a few others) will just continue to despam the Wiki manually.

[Angelox]

Quote:

Originally Posted by boogerific

You guys seem to have good ideas and solutions to getting rid of the spammers, but until something is implemented I (and hopefully a few others) will just continue to despam the Wiki manually.

Appreciate your help here - we're working on a solution to this problem, I really like the Wikki a lot, just like these forums, it has helped me very much.
I won't forget the Wikki, and we will get it fixed.

[Lalolyen]

Angel seriously put up a Captcha... Its better to have some defense than none at all, like now.

I'd suggest the captcha, get it up, ready, and when you have time, make an email verification addy as well. I'm not sure of too many bots out there that can both read images and respond to email.

I still say the easiest way is to tag it to the forum info, people dont get access to post unless they PM and get given access, this would by far be the safest way.

[Lalolyen]

Quote:

Originally Posted by mattmeck

I still say the easiest way is to tag it to the forum info, people dont get access to post unless they PM and get given access, this would by far be the safest way.

Until they start spamming the forums with signups... I'd say stop them on the wiki unless they start targeting the forums... Then I would suggest moving to phpBB 3 =P

Quote:

Originally Posted by Lalolyen

Until they start spamming the forums with signups... I'd say stop them on the wiki unless they start targeting the forums... Then I would suggest moving to phpBB 3 =P

The forums were targeted years ago, hence the admin must activate accounts.

[Lalolyen]

That is sad, but I still feel by making accounts admin activated is placing an uneeded burden you you admins a burden that can be liften with some crafty coding.

[Angelox]

Quote:

Originally Posted by Lalolyen

That is sad, but I still feel by making accounts admin activated is placing an uneeded burden you you admins a burden that can be liften with some crafty coding.

No problem for me, I live to kill spam, I always said I am Matts best guard dog for spam. I want to clean up Wikki too and so do the rest of us, this is the simplist, most effective way to do it.
I enjoy doing things for these forums, answering and verifing new users is no problem at all. Given the opportunity, I'll do the same for Wikki too.

[Lalolyen]

I just make programs that auto-bans if someone is posting too quick, createing too many accounts, creating more than 2 accounts from the same IP and stuff like that =P I kill spam at the source he he >=)