v50 Steam/Premium information for editors
- v50 information can now be added to pages in the main namespace. v0.47 information can still be found in the DF2014 namespace. See here for more details on the new versioning policy.
- Use this page to report any issues related to the migration.
This notice may be cached—the current version can be found here.
Editing Dwarf Fortress Wiki talk:Spambot attacks
Jump to navigation
Jump to search
Warning: You are not logged in.
Your IP address will be recorded in this page's edit history.
The edit can be undone. Please check the comparison below to verify that this is what you want to do, and then save the changes below to finish undoing the edit.
Latest revision | Your text | ||
Line 7: | Line 7: | ||
::You're right about the clutter. I read your suggestions and while the general ideas are good, one problem is that we want our solutions to be as unique as possible. So it's not just a matter of using a new captcha or something, it's a matter of using a technique *not* used (or solvable) by the same means as those on every other site. The idea is that, if everyone is using the same few anti-spam plugins/captchas/whatever, they'll take the time to make a program (or trick people into) bypassing them. But the more unique we can make our signup pages and such, the less likely they'll be able to do anything on this one site (because we're not big enough for them to bother with). Right now, I've traced the spam to see that they mostly target MediaWikis. I think we'd get a lot of mileage out of changing even trivial things, like the id fields on the forms (input id="wpSave" name="wpSave" type="submit"). Even a rename of a few fields on, say, the sign up page might confuse them enough to make signups fail more often. Parsing HTML is a pain in the rear and if we have nice, *unique* stuff, we'll make it not worth their time to change their code just to spam one small wiki, when they have zillions of others that they can attack. [[User:Uristocrat|Uristocrat]] 08:32, 9 February 2011 (UTC) | ::You're right about the clutter. I read your suggestions and while the general ideas are good, one problem is that we want our solutions to be as unique as possible. So it's not just a matter of using a new captcha or something, it's a matter of using a technique *not* used (or solvable) by the same means as those on every other site. The idea is that, if everyone is using the same few anti-spam plugins/captchas/whatever, they'll take the time to make a program (or trick people into) bypassing them. But the more unique we can make our signup pages and such, the less likely they'll be able to do anything on this one site (because we're not big enough for them to bother with). Right now, I've traced the spam to see that they mostly target MediaWikis. I think we'd get a lot of mileage out of changing even trivial things, like the id fields on the forms (input id="wpSave" name="wpSave" type="submit"). Even a rename of a few fields on, say, the sign up page might confuse them enough to make signups fail more often. Parsing HTML is a pain in the rear and if we have nice, *unique* stuff, we'll make it not worth their time to change their code just to spam one small wiki, when they have zillions of others that they can attack. [[User:Uristocrat|Uristocrat]] 08:32, 9 February 2011 (UTC) | ||
:::We have considered the whole new page thing, I told Briess to do it, I'm not sure if he actually set it up or not. Also, like he said above, only about 0.5% of the registration attempts have been successful. There've been around 17000 attempts, and around 100 have made it through. We're not going to do much better than that unfortunately. Hopefully they give up attacking us once they realize its not doing them any good. [[user:Emi|<span style="color:#8a4e4e">Emi</span>]] [[user_talk:Emi|<span style="color:#6a3e4e">[T]</span>]] 08:46, 9 February 2011 (UTC) | :::We have considered the whole new page thing, I told Briess to do it, I'm not sure if he actually set it up or not. Also, like he said above, only about 0.5% of the registration attempts have been successful. There've been around 17000 attempts, and around 100 have made it through. We're not going to do much better than that unfortunately. Hopefully they give up attacking us once they realize its not doing them any good. [[user:Emi|<span style="color:#8a4e4e">Emi</span>]] [[user_talk:Emi|<span style="color:#6a3e4e">[T]</span>]] 08:46, 9 February 2011 (UTC) | ||
− | |||
− | |||
− | |||
===Anything we can do?=== | ===Anything we can do?=== | ||
Line 23: | Line 20: | ||
Can you ban IP addresses, instead of waiting for the accounts to be made? Or are they too random, or shared with actual users? --[[User:DeMatt|DeMatt]] 03:28, 9 February 2011 (UTC) | Can you ban IP addresses, instead of waiting for the accounts to be made? Or are they too random, or shared with actual users? --[[User:DeMatt|DeMatt]] 03:28, 9 February 2011 (UTC) | ||
:When we block the accounts, we've been also disabling account creation on the IPs associated with the account. They've just got a ton of IPs. [[user:Emi|<span style="color:#8a4e4e">Emi</span>]] [[user_talk:Emi|<span style="color:#6a3e4e">[T]</span>]] 03:41, 9 February 2011 (UTC) | :When we block the accounts, we've been also disabling account creation on the IPs associated with the account. They've just got a ton of IPs. [[user:Emi|<span style="color:#8a4e4e">Emi</span>]] [[user_talk:Emi|<span style="color:#6a3e4e">[T]</span>]] 03:41, 9 February 2011 (UTC) | ||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− |