Wiki Spam

Wiki Resource Management & Use (Documentation)

Moderators: OpenUru.org Moderators, Wiki Resource Managers

Post Reply
User avatar
Mac_Fife
Member
Posts: 1239
Joined: Fri Dec 19, 2008 12:38 am
Location: Scotland
Contact:

Wiki Spam

Post by Mac_Fife »

Over the past week or two, the OpenURU.org wiki, along with a number of other mediawiki-based sites, have been subject to spurious account creation in an attempt to post pharmaceutical spamming links. The usernames have always been in the form "[number] buy [product]" and then the User: page for the account is loaded with a link to a Russian website.

Initially, I was simply erasing the spam content and banning the user accounts and IPs, but our user list was filling up with these ugly account names and got to the point where 50% of the accounts were bogus. Mediawiki does not provide a built-in tool for deleting accounts, for reasons of database integrity.

JW_Platt and I have been working to try to better manage this problem:
  • There was weakness in our security: While an account with an unauthenticated e-mail address could not edit a page it could still create a new one. We've closed that loophole.
  • We've added an extension to the wiki software that allows us to effectively delete unwanted accounts by merging them into another one. All the spam accounts have now been merged into an account named +BlockedUsers+.
  • To minimize spambot activity, we've added a reCAPTCHA to the sign up page.
The only snag is that this particular spam campaign doesn't involve bots: A bit of research shows that these accounts are actually being created by real people, who are selecting "high quality landing zones" to indirectly link to their spam sites as a way of bypassing spam filters/blocks. I suppose we could take that as a back-handed compliment :?. Looking through the internet, I find that spammers are advertising for people to solve reCAPTCHAs with the going rate being US$0.95 - US$1.00 per 1000 correct solutions.

The human input means the reCAPTCHA test is being passed and the account created, but because the email authentication is not being completed, the spam links can no longer be posted. At least I no longer have to delete anything nor bother with blocking accounts as I simply sweep them into +BlockedUsers+ as they appear, which only takes seconds.

The actions we've taken will make us less attractive to the spammers, so hopefully we'll drop off their target list soon. If not, we may need to consider some further action. I don't want to over complicate the sign-up process, but we may need to add further steps to deter the spammers - "time is money" after all: You don't need to have the best security in the world; you just need better security than the guy next door ;).
Mac_Fife
OpenUru.org wiki wrangler
Post Reply

Return to “Wiki (MediaWiki)”