- v50 information can now be added to pages in the main namespace. v0.47 information can still be found in the DF2014 namespace. See here for more details on the new versioning policy.
- Use this page to report any issues related to the migration.
Dwarf Fortress Wiki talk:Spambot attacks
One Possible Solution[edit]
The spambots are really getting out of hand. Do we know if they're targeting us specifically? If not, it might help to put something like a nonce on the signup page: just a text box where it forces you to type "magma" to sign up or something else unique to this site to thwart bots. The spammers won't adapt their software to spam us unless it's worth the effort, and if they're just hunting down random wikis to spam, it's probably not worth their effort and they'll go away. Uristocrat 04:09, 31 January 2011 (UTC)
- I've already added several things to help deter spambots, which has stemmed a large percentage (we're actually only seeing about .5% of the attacks make it to an actual account registration and post). I'll see about incorporating that as well here in the near future. --Briess 05:02, 31 January 2011 (UTC)
- Good to know. I saw another thread about a different spam attack on this wiki when I was looking around and I sent a contact at Google's anti-spam division some ideas about how to combat wiki-spam like what happened here, given that it apparently made it into Google's index at one point. No clue if they'll do anything, but they did make an algorithm change recently, so you never know. And anything that kills their incentive for spamming us is good. I've heard good things about making your site unique (even via dead-simple tests, so long as too many people aren't using the exact same thing), so hopefully that helps get rid of that last 0.5%. I see that we're already using rel=nofollow and such, so best of luck combating the spambot menace. Uristocrat 05:26, 31 January 2011 (UTC)
- I mentioned several possible solutions here: Dwarf_Fortress_Wiki_talk:Spamreport, but nobody seemed to notice. Even though actual SPAM has been practically eliminated, all this SPAM and (Deletion log) / (Block log) really clutters up the Recent changes list. In addition, have you considered restricting new members (those that seem to pass the spambot tests) so that they must make at least a few content edits before they (automatically) get permission to start a new page? --Thundercraft 07:14, 9 February 2011 (UTC)
- You're right about the clutter. I read your suggestions and while the general ideas are good, one problem is that we want our solutions to be as unique as possible. So it's not just a matter of using a new captcha or something, it's a matter of using a technique *not* used (or solvable) by the same means as those on every other site. The idea is that, if everyone is using the same few anti-spam plugins/captchas/whatever, they'll take the time to make a program (or trick people into) bypassing them. But the more unique we can make our signup pages and such, the less likely they'll be able to do anything on this one site (because we're not big enough for them to bother with). Right now, I've traced the spam to see that they mostly target MediaWikis. I think we'd get a lot of mileage out of changing even trivial things, like the id fields on the forms (input id="wpSave" name="wpSave" type="submit"). Even a rename of a few fields on, say, the sign up page might confuse them enough to make signups fail more often. Parsing HTML is a pain in the rear and if we have nice, *unique* stuff, we'll make it not worth their time to change their code just to spam one small wiki, when they have zillions of others that they can attack. Uristocrat 08:32, 9 February 2011 (UTC)
- We have considered the whole new page thing, I told Briess to do it, I'm not sure if he actually set it up or not. Also, like he said above, only about 0.5% of the registration attempts have been successful. There've been around 17000 attempts, and around 100 have made it through. We're not going to do much better than that unfortunately. Hopefully they give up attacking us once they realize its not doing them any good. Emi [T] 08:46, 9 February 2011 (UTC)
- Well, one problem is that they'll probably never realize it's not doing them any good, unless perhaps the whole system of theirs is undermined. My real point, though, was to focus on simple, unique ways of making the site different, rather than adding complex solutions like a new captcha module that a lot of sites might use. The more people that do that, the more work we create for the spambot's owner. Uristocrat 19:16, 9 February 2011 (UTC)
- Just make a trickier question. Like "The most famous dwarf name in Dwarf Fortress", or best metal for swords etc. I've seen websites use these slightly trickier questions, and they seem to be very effective. Not everyone is interested in registering on the wiki anyway so I don't think we'll have that many people asking "What's the answer to the question? =(((". OH and btw, are you guys able to edit the HTML of this website at all, considering it's not your web host? --- qvazzler 09:59, 22 July 2012 (UTC)
- However, AdaSPOILERS is some minor spoilers, so how about What is the solution? A: Magma --Spy227X 15:43, 9 March 2013 (UTC)
- Well, one problem is that they'll probably never realize it's not doing them any good, unless perhaps the whole system of theirs is undermined. My real point, though, was to focus on simple, unique ways of making the site different, rather than adding complex solutions like a new captcha module that a lot of sites might use. The more people that do that, the more work we create for the spambot's owner. Uristocrat 19:16, 9 February 2011 (UTC)
- We have considered the whole new page thing, I told Briess to do it, I'm not sure if he actually set it up or not. Also, like he said above, only about 0.5% of the registration attempts have been successful. There've been around 17000 attempts, and around 100 have made it through. We're not going to do much better than that unfortunately. Hopefully they give up attacking us once they realize its not doing them any good. Emi [T] 08:46, 9 February 2011 (UTC)
- You're right about the clutter. I read your suggestions and while the general ideas are good, one problem is that we want our solutions to be as unique as possible. So it's not just a matter of using a new captcha or something, it's a matter of using a technique *not* used (or solvable) by the same means as those on every other site. The idea is that, if everyone is using the same few anti-spam plugins/captchas/whatever, they'll take the time to make a program (or trick people into) bypassing them. But the more unique we can make our signup pages and such, the less likely they'll be able to do anything on this one site (because we're not big enough for them to bother with). Right now, I've traced the spam to see that they mostly target MediaWikis. I think we'd get a lot of mileage out of changing even trivial things, like the id fields on the forms (input id="wpSave" name="wpSave" type="submit"). Even a rename of a few fields on, say, the sign up page might confuse them enough to make signups fail more often. Parsing HTML is a pain in the rear and if we have nice, *unique* stuff, we'll make it not worth their time to change their code just to spam one small wiki, when they have zillions of others that they can attack. Uristocrat 08:32, 9 February 2011 (UTC)
Anything we can do?[edit]
I'm watching some spambots attack right now and you guys don't appear to be online to banish them at the moment. I've blanked out the spam I could find and replaced it with the deletion template. I also marked the two user pages for the confirmed spammers with the same template. I don't really know if that helps or not, but is there anything we normal users can do to help kick these spammers out? Uristocrat 07:12, 7 February 2011 (UTC)
- What you are doing is extremely helpful (marking them, marking pages for deletion, etc.) Remember that we're only seeing less than .5% of the spam attacks attempted against the wiki, we're working on solutions to kick out the last few successful attacks (we are under rather heavy attack at the moment.) --Briess 12:39, 7 February 2011 (UTC)
- I assume you want us to use the AIV page that I now see in announcements as a place to report this stuff? Also, I traced the spam from here to a bunch of other MediaWiki/Drupal sites. They're building an entire web of spam links across random pages as a sort of blackhat SEO trick. Most of the links in their spam pages point to compromised Wikis and such; you can follow them via that. I can't trace this by hand any more. There are too many dead wikis out there and only maybe one in ten or twenty appears to be fighting back. A quick check of "recent changes" on most of them shows that all recent edits are spam. As near as I can tell, the attacks started around 27 JAN 2011, but I only looked at a few sites, so maybe I didn't go far enough back. If you can, check the logs to see if there are any suspicious search queries; that might tell us how they found us. Anyhow, I'll keep tagging them if I find them. Uristocrat 20:42, 7 February 2011 (UTC)
- Yeah listing accounts to be blocked/deleted on AIV is the idea. Still mark pages with {{del|spam}} though. Emi [T] 00:13, 8 February 2011 (UTC)
- I'm seeing lots of users joining (probably spambots), but I'm not seeing more spam pages. That's good. Except for the fact that they're still trying to break in, I guess you have it under control now? Uristocrat 10:52, 8 February 2011 (UTC)
- Yeah listing accounts to be blocked/deleted on AIV is the idea. Still mark pages with {{del|spam}} though. Emi [T] 00:13, 8 February 2011 (UTC)
- I assume you want us to use the AIV page that I now see in announcements as a place to report this stuff? Also, I traced the spam from here to a bunch of other MediaWiki/Drupal sites. They're building an entire web of spam links across random pages as a sort of blackhat SEO trick. Most of the links in their spam pages point to compromised Wikis and such; you can follow them via that. I can't trace this by hand any more. There are too many dead wikis out there and only maybe one in ten or twenty appears to be fighting back. A quick check of "recent changes" on most of them shows that all recent edits are spam. As near as I can tell, the attacks started around 27 JAN 2011, but I only looked at a few sites, so maybe I didn't go far enough back. If you can, check the logs to see if there are any suspicious search queries; that might tell us how they found us. Anyhow, I'll keep tagging them if I find them. Uristocrat 20:42, 7 February 2011 (UTC)
IP bans[edit]
Can you ban IP addresses, instead of waiting for the accounts to be made? Or are they too random, or shared with actual users? --DeMatt 03:28, 9 February 2011 (UTC)
- When we block the accounts, we've been also disabling account creation on the IPs associated with the account. They've just got a ton of IPs. Emi [T] 03:41, 9 February 2011 (UTC)
A fellow victim[edit]
I hope you do not regard this as spam but I run a wiki at www dot livingcontrol dot com slash wiki and we have just seen an increase in spambot attacks. I hope you do not mind if I join in here to help find ways to defeat them. 2.102.214.196 09:38, 6 December 2011 (UTC)
Hey, I'm an admin from the Dungeon Crawl: Stone Soup wiki. Last year we were getting hammered with nearly a hundred spam accounts and posts a day, and eventually we just turned off account registration to the public entirely. Now, to get an account, they simply send the admins an email and we make the account for 'em. It's much less work than constantly deleting spam and blocking accounts, and we haven't seen a single instance of the stuff since. You could even remove the obnoxious CAPTCHA images entirely. Just a suggestion... --MoogleDan 16:40, 23 July 2012 (UTC)
Good, but it kind of makes signing up inconvenient. Let's say 100 people want an account. Can the admins go through all that in a day? --Spy227X 15:45, 9 March 2013 (UTC)
I seriously doubt that MagmaWiki gets 100 legitimate new accounts registered in a month. There are not very many actual wiki contributors. Right now, looking at the Recent changes page, I see hundreds of new accounts registered per day! That's a new account every few minutes. I'm sure about 99.9% are either Spambots or people wanting to spread Spam. It's already a hassle and nuisance, I'm sure. And it sucks up bandwidth. I've participated on forums where registration involves sending an email to an administrator or moderator with the requirement that the request include a short message with the reason why they want to join. From what I've heard, this stops Spam and Spambots cold. Don't worry: You will not get hundreds of hand-written email requests to register because that's too much of a hassle for spammers. Apparently, they just leave in favor of finding easier targets. MoogleDan's suggest is valid. It is a proven technique. So why not try something like this? You can always revert back to the old system if it's unsatisfactory. If nothing else, changing things will force the spammers to change their tactics. And if it takes a week or two for a moderator to get around to approving a registration, so what? Explain this to people with a warning that approval may take some time and they'll understand. If not, I suspect they probably would not have contributed anything. --Thundercraft (talk) 10:14, 11 December 2013 (UTC)
- While it's true that we don't get hundreds of non-spambots daily, requiring users to email the admins to create an account would open that avenue to spammers as well. It would probably also keep IP's from editing, and that hasn't been received well in the past. Anyway, there have only been around five successful spam edits in the past few months, which is pretty easy to revert.
- I do agree that the account creations make Special:RecentChanges less useful, though, so I'd like to find a way to keep spambots from registering (or at least from showing up on the list – user accounts don't take up very much space in the database). I've found a couple methods that may work, and I'll keep you updated. --Lethosor (talk) 21:36, 11 December 2013 (UTC)