v50 Steam/Premium information for editors
- v50 information can now be added to pages in the main namespace. v0.47 information can still be found in the DF2014 namespace. See here for more details on the new versioning policy.
- Use this page to report any issues related to the migration.
This notice may be cached—the current version can be found here.
Dwarf Fortress Wiki talk:Spambot attacks
One Possible Solution
The spambots are really getting out of hand. Do we know if they're targeting us specifically? If not, it might help to put something like a nonce on the signup page: just a text box where it forces you to type "magma" to sign up or something else unique to this site to thwart bots. The spammers won't adapt their software to spam us unless it's worth the effort, and if they're just hunting down random wikis to spam, it's probably not worth their effort and they'll go away. Uristocrat 04:09, 31 January 2011 (UTC)
- I've already added several things to help deter spambots, which has stemmed a large percentage (we're actually only seeing about .5% of the attacks make it to an actual account registration and post). I'll see about incorporating that as well here in the near future. --Briess 05:02, 31 January 2011 (UTC)
- Good to know. I saw another thread about a different spam attack on this wiki when I was looking around and I sent a contact at Google's anti-spam division some ideas about how to combat wiki-spam like what happened here, given that it apparently made it into Google's index at one point. No clue if they'll do anything, but they did make an algorithm change recently, so you never know. And anything that kills their incentive for spamming us is good. I've heard good things about making your site unique (even via dead-simple tests, so long as too many people aren't using the exact same thing), so hopefully that helps get rid of that last 0.5%. I see that we're already using rel=nofollow and such, so best of luck combating the spambot menace. Uristocrat 05:26, 31 January 2011 (UTC)
- I mentioned several possible solutions here: Dwarf_Fortress_Wiki_talk:Spamreport, but nobody seemed to notice. Even though actual SPAM has been practically eliminated, all this SPAM and (Deletion log) / (Block log) really clutters up the Recent changes list. In addition, have you considered restricting new members (those that seem to pass the spambot tests) so that they must make at least a few content edits before they (automatically) get permission to start a new page? --Thundercraft 07:14, 9 February 2011 (UTC)
- You're right about the clutter. I read your suggestions and while the general ideas are good, one problem is that we want our solutions to be as unique as possible. So it's not just a matter of using a new captcha or something, it's a matter of using a technique *not* used (or solvable) by the same means as those on every other site. The idea is that, if everyone is using the same few anti-spam plugins/captchas/whatever, they'll take the time to make a program (or trick people into) bypassing them. But the more unique we can make our signup pages and such, the less likely they'll be able to do anything on this one site (because we're not big enough for them to bother with). Right now, I've traced the spam to see that they mostly target MediaWikis. I think we'd get a lot of mileage out of changing even trivial things, like the id fields on the forms (input id="wpSave" name="wpSave" type="submit"). Even a rename of a few fields on, say, the sign up page might confuse them enough to make signups fail more often. Parsing HTML is a pain in the rear and if we have nice, *unique* stuff, we'll make it not worth their time to change their code just to spam one small wiki, when they have zillions of others that they can attack. Uristocrat 08:32, 9 February 2011 (UTC)
- We have considered the whole new page thing, I told Briess to do it, I'm not sure if he actually set it up or not. Also, like he said above, only about 0.5% of the registration attempts have been successful. There've been around 17000 attempts, and around 100 have made it through. We're not going to do much better than that unfortunately. Hopefully they give up attacking us once they realize its not doing them any good. Emi [T] 08:46, 9 February 2011 (UTC)
- You're right about the clutter. I read your suggestions and while the general ideas are good, one problem is that we want our solutions to be as unique as possible. So it's not just a matter of using a new captcha or something, it's a matter of using a technique *not* used (or solvable) by the same means as those on every other site. The idea is that, if everyone is using the same few anti-spam plugins/captchas/whatever, they'll take the time to make a program (or trick people into) bypassing them. But the more unique we can make our signup pages and such, the less likely they'll be able to do anything on this one site (because we're not big enough for them to bother with). Right now, I've traced the spam to see that they mostly target MediaWikis. I think we'd get a lot of mileage out of changing even trivial things, like the id fields on the forms (input id="wpSave" name="wpSave" type="submit"). Even a rename of a few fields on, say, the sign up page might confuse them enough to make signups fail more often. Parsing HTML is a pain in the rear and if we have nice, *unique* stuff, we'll make it not worth their time to change their code just to spam one small wiki, when they have zillions of others that they can attack. Uristocrat 08:32, 9 February 2011 (UTC)
Anything we can do?
I'm watching some spambots attack right now and you guys don't appear to be online to banish them at the moment. I've blanked out the spam I could find and replaced it with the deletion template. I also marked the two user pages for the confirmed spammers with the same template. I don't really know if that helps or not, but is there anything we normal users can do to help kick these spammers out? Uristocrat 07:12, 7 February 2011 (UTC)
- What you are doing is extremely helpful (marking them, marking pages for deletion, etc.) Remember that we're only seeing less than .5% of the spam attacks attempted against the wiki, we're working on solutions to kick out the last few successful attacks (we are under rather heavy attack at the moment.) --Briess 12:39, 7 February 2011 (UTC)
- I assume you want us to use the AIV page that I now see in announcements as a place to report this stuff? Also, I traced the spam from here to a bunch of other MediaWiki/Drupal sites. They're building an entire web of spam links across random pages as a sort of blackhat SEO trick. Most of the links in their spam pages point to compromised Wikis and such; you can follow them via that. I can't trace this by hand any more. There are too many dead wikis out there and only maybe one in ten or twenty appears to be fighting back. A quick check of "recent changes" on most of them shows that all recent edits are spam. As near as I can tell, the attacks started around 27 JAN 2011, but I only looked at a few sites, so maybe I didn't go far enough back. If you can, check the logs to see if there are any suspicious search queries; that might tell us how they found us. Anyhow, I'll keep tagging them if I find them. Uristocrat 20:42, 7 February 2011 (UTC)
- Yeah listing accounts to be blocked/deleted on AIV is the idea. Still mark pages with {{del|spam}} though. Emi [T] 00:13, 8 February 2011 (UTC)
- I'm seeing lots of users joining (probably spambots), but I'm not seeing more spam pages. That's good. Except for the fact that they're still trying to break in, I guess you have it under control now? Uristocrat 10:52, 8 February 2011 (UTC)
- Yeah listing accounts to be blocked/deleted on AIV is the idea. Still mark pages with {{del|spam}} though. Emi [T] 00:13, 8 February 2011 (UTC)
- I assume you want us to use the AIV page that I now see in announcements as a place to report this stuff? Also, I traced the spam from here to a bunch of other MediaWiki/Drupal sites. They're building an entire web of spam links across random pages as a sort of blackhat SEO trick. Most of the links in their spam pages point to compromised Wikis and such; you can follow them via that. I can't trace this by hand any more. There are too many dead wikis out there and only maybe one in ten or twenty appears to be fighting back. A quick check of "recent changes" on most of them shows that all recent edits are spam. As near as I can tell, the attacks started around 27 JAN 2011, but I only looked at a few sites, so maybe I didn't go far enough back. If you can, check the logs to see if there are any suspicious search queries; that might tell us how they found us. Anyhow, I'll keep tagging them if I find them. Uristocrat 20:42, 7 February 2011 (UTC)
IP bans
Can you ban IP addresses, instead of waiting for the accounts to be made? Or are they too random, or shared with actual users? --DeMatt 03:28, 9 February 2011 (UTC)