Forum:It is possible to stop spambots

From Uncyclomedia, the UnMeta-wiki
Jump to: navigation, search
Forum: Home > It is possible to stop spambots

Hello. Something needs to be done with all this spam. I just can't believe that we should keep seeing them being created and just keep watching. I mean, there are spammers on every wiki. Range block should work on slowing them down. Even if not stopping completely, they would help a lot. We have spam on Wikimedia wikis too and that is why checkusers have to range block sometimes. This wiki doesn't seem to have abuse filter, so we can work with range blocks anyway.

What has to be done: you have to check all spambots. You can also check their ranges which makes things a lot easier to identify and block. If more than one IP from a same range is used, this range have to be blocked. Otherwise, they will keep coming. If you check carefully, you will notice that the same range is repeated constantly and that is why a range block works. And it is in general not a problem to block them as these spam ranges are used only for spam most of the times. However, if you still want to be sure, you can add a note on block summary with an e-mail address. This e-mail will be used by those that are not spammers request unblock (ex: If you are not a spambot, please send mail to teleswiki [at] gmail.com). For example, I just blocked about 50 accounts here as I am starting to implement it there. As I said, the ranges are repeated and as I block them, they will slowing down.

I am sure that this will help to reduce in a large ammount the spam that is affecting this wiki. It just makes me sad to see that spammers are winning the "battle" here, while we are not even trying. I just saw one of them spamming porn here and they can spam anything even worse than that. So, ignoring them is not an option. Thanks for your time. —Teles «Talk to me˱@ C˲» 08:08, 10 March 2013 (UTC)

I wonder if this project is still alive as there is no user to answer, nobody to get help from...—Teles «Talk to me˱@ C˲» 02:50, 18 March 2013 (UTC)
Special:Globalblock on IP addresses has been tried. It looks like the mw:extension:VisualMathCaptcha needs to be replaced with something stronger or fixed, as it clearly is not keeping out spam registrations. If the answer to a CAPTCHA is just a number, a spammer is likely to just try random numbers until one works. This is a bug. Perhaps a useful change would to provide a mechanism to block (or global block) an IP after too many failed attempts? I'd also suggested that some means be provided to import the globalblocking table from another wiki (such as Wikimedia) as it is visible on api.php there. Carlb (talk) 13:36, 18 March 2013 (UTC)
  • Talk to ChrisP from SWFTools Wiki. He did something and significantly reduced the attacks by wikinet:Wiki Spam Bots. He tried to explain to me, but I am quite ignorant about the working of FTP Access in wikis. Cthulhu.fhtagn (talk) 01:37, 20 March 2013 (UTC)
  • He's using mw:Extension:QuestyCaptcha which has the limitation that there are only a finite number of questions, but which would use a different question list on each wiki on which it is installed. Kamelopedia/Stupededia use this too. He may also be using mw:Manual:removeUnusedAccounts.php to delete accounts which register and then never edit. Carlb (talk) 02:38, 20 March 2013 (UTC)
Thanks for your thoughts. Improving CAPTCHA could be, indeed, the best solution as (most of the) accounts would be stopped without the need of admin activity. What are the chances of this be implemented here in a reasonable time?—Teles «Talk to me˱@ C˲» 18:38, 22 March 2013 (UTC)
You might want to look at nl:, which switched to mw:extension:KeyCAPTCHA. It's an annoying puzzle and doesn't work properly without Flash (or HTML5) but seems to stop most of the spam. I doubt I'd want to put it on every wiki on the server (as it does make the site less usable), but for the few with the worst spam problems it might be an option. Carlb (talk) 19:21, 22 March 2013 (UTC)
That is interesting and may stop spambots. Seems to be better than the one we have here... seriously, yesterday I added a topic on other page here and I had to use calculator to solve CAPTCHA.—Teles «Talk to me˱@ C˲» 07:17, 23 March 2013 (UTC)
Since the installation of that puzzle, the site is completely clean of spambot creations. Side-effect is however that every anon and user had to solve it after installation because of an insert flaw. Roye7777777 ~ Talk 15:15, 2 April 2013 (UTC)
Awesome! Congrats for the one that did the job.—Teles «Talk to me˱@ C˲» 08:27, 12 April 2013 (UTC)
But, well, I still see some spambot-like account creation...—Teles «Talk to me˱@ C˲» 08:28, 12 April 2013 (UTC)
Is it installed anyway? You can test it by placing an external link as an anonymous user for example. Those automized bots cannot do things like that. Unless a human controls them. Roye7777777 ~ Talk 11:15, 15 April 2013 (UTC)
  • Judging by the large number of spambots recently created, it is safe to say that it is not working. I think you should block everyone, check and block the range, like is done in several wikis (example).—Teles «Talk to me˱@ C˲» 15:31, 14 August 2013 (UTC)
It should work. The only way when this should not work is when a page is created without a URL in it. Bots should neither make accounts since there is a puzzle that needs to be finished. I think it has to do otherwise with settings in it, or so. Roye7777777 ~ Talk 17:16, 14 August 2013 (UTC)

== don't get any spambots in anymore. Becuse of the keyCAPTCHA. Only, Carl maid a fold, every new user or anon have to solve the puzzle everytime... Tiz (talk) 18:00, 28 March 2013 (UTC)

I have sent that the way how it was, creating that flaw. That can be fixed anyway by changing a few things in the permissions. Should be this, if I adjusted the first version of it correctly:
global $wgExtensionFunctions, $wgGroupPermissions;	
$wgGroupPermissions['*']['skipcaptcha'] = false;
$wgGroupPermissions['user']['skipcaptcha'] = true;
$wgGroupPermissions['autoconfirmed']['skipcaptcha'] = true;
$wgGroupPermissions['bot']['skipcaptcha'] = true;
$wgGroupPermissions['sysop']['skipcaptcha'] = true;
$wgGroupPermissions['emailconfirmed']['skipcaptcha'] = false;
$wgAvailableRights[] = 'skipcaptcha';
global $ccAllowConfirmedEmail;
$ccAllowConfirmedEmail = false;	
$wgCaptchaTriggers = array();
$wgCaptchaTriggers['edit'] = false;
$wgCaptchaTriggers['create'] = false;
$wgCaptchaTriggers['sendemail'] = true;
$wgCaptchaTriggers['addurl'] = true;
$wgCaptchaTriggers['createaccount'] = true;
$wgCaptchaTriggers['badlogin'] = true;
Whilst meaning:
Editing Creating page Placing URL Send e-mail
Anon No Yes Yes Yes (if possible anyway)
User No No Yes Yes
Roye7777777 ~ Talk 15:08, 2 April 2013 (UTC)

Ranges blocked[edit]

I have been blocking ranges used by spambots since August 29th. I think it is already possible to notice the decreasing number of spambot creation. It is not finished yet and the blocks are going to be done as long as accounts are being created and detected. Recent changes may become flooded with blocks, but that tends to reduce with time.—Teles «Talk to me˱@ C˲» 01:55, 27 September 2013 (UTC)

MediaWiki:Titleblacklist[edit]

On simple: and be:, where the spam was really bad, I added a line to the title blacklist page that blocks creation of all accounts with usernames 10 characters (unaccented Latin letters) or longer, and I added some entries to block specific page titles (e.g. electric wheelchairs). Since I did that the spam went way down. On be: I also added a line that blocks creation of pages with Latin characters in their titles, since Belarusian is written in Cyrillic and therefore most, if not all, article titles should be also, and if they are not they are most likely spam.

I thought this might be helpful in some way. Llwy ar lawrlogimalpedie:en:be:ga:la:ru:sco: 23:44, 13 October 2013 (UTC)

Have you though about the number of false positives we will have? I think it is too much.—Teles «Talk to me˱@ C˲» 16:50, 27 October 2013 (UTC)

Change Kaptcha[edit]

This is ridiculous. Change the kaptcha from 3 to 4 characters and we're done with it. Only: who will do it? I think only Carlb can do this. D. G. Neree (talk) 17:47, 25 October 2013 (UTC)

Spambot account creation[edit]

One way of stopping spam-bot account creation is to use a server-side error redirect for requests with no defined user-agent. Depending on your particular situation, as many as 1/4 to 1/2 of all spambot account creations are done with requests that have an empty string as the user-agent.

For the spambots which still get through, an AbuseFilter that blocks spambot name patterns might be the best route. Granted, a regexp for spambot patterns may catch some legitimate attempts to create user-names, but in my experience, if a user is presented with a nice warning that the user-name they attempted to create fits a disallowed pattern, please try again ("or feel free to contact an active admin about the issue, because we're really stupid!"), they'll probably try again instead of just giving up after one try. Spambots usually just give up after one try, and the ones that don't are easy to pick out -- they try to create the account Fyodor1900 five times, or whatismyipaddress.com lists them on a spam blacklist.

The main problems with using an AbuseFilter is that (a) you can accidentally shut out real users, and thus (b) you have to check the log every day for users who have been stymied by it repeatedly. 96.31.64.186 19:57, 24 December 2013 (UTC)

Also, I'd like to note that using more advanced image CAPTCHAs doesn't seem to do the trick; Wikia has been using the actual ReCAPTCHA extension for a while now, and they're collecting spam-bot accounts like nobody's business. Uncyclopedia.co and Illogicopedia.org have been using white-text-on-black-background, and they still had to resort to the AbuseFilter route. 96.31.64.186 20:01, 24 December 2013 (UTC)
This may be a good idea. By the way what's your login? Rhubella beach.jpgRhubella Marie, the rat sockpreppie 2,347 preppieditsRhubella.jpg 21:27, 24 December 2013 (UTC)
I have panicked in another wiki where I was placed as bureaucrat and everybody else vanished. I'm now blocking everything, because it seems there's no way to stop the spambots unless we can rangeblock 0.0.0.0/0 Right now, for every aggressive spambot (any that creates a page) I do a rangeblock x.y.0.0/13, through eight blocks x.y.0.0/16 to x.(y+7).0.0/16. It doesn't seem to work: http://wiki.swftools.org/wiki/Special:RecentChanges Cthulhu.fhtagn (talk) 01:30, 25 December 2013 (UTC)
Wikia is collecting spam accounts? Strange. I've never seen any there. I thought they kept spam account creation out by making new users confirm their email address (which they definitely do) and I thought this was something we should try too, but it doesn't work, then, it sounds like. I thought all their spam was done by IPs.
You may also want to see my comment above about title blacklists. I've decided that blocking everything 10 or more letters long is excessive, and have modified the title blacklists I have access to to block all FirstnameLastname type accounts (CamelCase, two words). This seems to work pretty well too and would have fewer false positives. If you notice another really specific username pattern on a particular wiki you can block that too.
I hope that helps. Llwy ar lawrlogimalpedie:en:be:ga:la:ru:sco: 03:43, 25 December 2013 (UTC)

SWFtools wiki experience[edit]

In SWFTools wiki http://wiki.swftools.org/wiki/Main_Page , the spambot flux was cancelled after a renewal of the QuestyCaptcha. Can this be done in the projects of Uncyclomedia?

Before that, what significantly reduced the attacks was my method of "overkilling" the spambots: after each attack, I not only did a x.y.0.0/16 rangeblock to infinity, but also extended the rangeblock three more bits (8 ranges for each attack). There were about one or two (in average) attacks per day, much less than what we see here: http://wiki.swftools.org/wiki/Special:BlockList Cthulhu.fhtagn (talk) 14:24, 12 February 2014 (UTC)

Don't indef ips or ip ranges, please.
As for solutions, I don't know what you mean to renew the QuestyCaptcha but I think the best solution that has been found so far is the thing being used on English Uncyclopedia that is used by the abuse filter. For more information try Lyrithya or Legoktm. Llwy ar lawrlogimalpedie:en:be:ga:la:ru:sco: 22:08, 12 February 2014 (UTC)
It worked in that wiki. It was a desperate measure. Cthulhu.fhtagn (talk) 15:02, 13 February 2014 (UTC)
Yes, and it also worked to block all accounts that were more than 10 letters long. Does that mean those things are necessarily a good idea? I don't think so. Llwy ar lawrlogimalpedie:en:be:ga:la:ru:sco: 01:17, 14 February 2014 (UTC)
But what is the alternative? Allowing the wiki to become a spambot farm is obviously not anything we wish. We must strike them, and strike them hard. Cthulhu.fhtagn (talk) 15:24, 14 February 2014 (UTC)