Spammers

From OAFsWiki
Jump to: navigation, search

Anti-Spam Measures

Wikis are vulnerable to spam. Too bad. Typical countermeasures we can (or do) use:

Measure Status
Project Honeypot, to help populate the worldwide list of known spammers. Implemented March, 2008
Automatic rejection of edits from IP addresses in the world list of known spam sources. Implemented March, 2008
Allow only registered users to edit the wiki. Implemented May 13, 2008
Allow only registered users whose email address has been validated by a send-respond message to edit the wiki. (This gives a much more reliable path back to the spammer, so their illegal actions can be reported to their ISPs and to the authorities in their home countries.) Implemented Sept 4, 2008
Install "spam blacklist" extension that rejects edits that try to link to sites on a global blacklist or a local blacklist. Add, to the local blacklist, the warcraft site that our parasite attacker has been spamming. If you have a legitimate URL rejected by the spam filter, you can ask to have it whitelisted. September 4, 2008
Moderate new users first few wiki changes before giving them free editing rights.
CAPTCHA challenges - "copy the word in this image here" things that make it harder for automated robots to fill out registration and comment pages.
Moderation of any pages or comments containing any external links.
Others? I'm constantly participating in discussions in the anti-spam forums on measures to take. Suggestions or references are welcome.

Anti-Spam Journal

This is an informal journal page of our battle with parasite scum (spammers).

September 27, 2009 Spammers have been putting links in calendar entries in our event calendar.  Turned on "must be registered to edit calendar".
Various dates 2008 and 2009, forgot to journal them here, occasional talk-page edits with attempts to deposit links to web sites.  Most blocked by filters at this point, occasionally need to manually clean one out.
September 18, 2008 User LvHuaJangs added a page of spammed warcraft cheat codes. Updated blacklist, deleted user, deleted page.
September 4, 2008 Upgraded wiki version and installed several anti-spam extensions. Also reconfigured so that only users with confirmed email addresses can edit pages. Set pre-existing known users to "confirmed" for their convenience.
September 4, 2008 Two more users "DearJinlio", and "BeatyMili", recently created, created a spam page full of links to stolen World of Warcraft software. Pages deleted and these users permanently banned. Their IP address has been entered in the international database of known spammers so that spam filters can take appropriate action, and has been reported to both their internet service provider and that provider's upstream bandwidth provider.
August 28, 2008 User "Webrlin", recently created, created a spam page full of links to stolen World of Warcraft software. Page deleted and this user permanently banned. Their IP address has been entered in the international database of known spammers so that spam filters can take appropriate action, and has been reported to both their internet service provider and that provider's upstream bandwidth provider.
July 11-12, 2008 User "RAjd Bonjdf", recently created, created a spam page full of links to stolen World of Warcraft software. Page deleted and this user permanently banned. Their IP address has been entered in the international database of known spammers so that spam filters can take appropriate action, and has been reported to both their internet service provider and that provider's upstream bandwidth provider.
May 13, 2008 Second comment spammer arrived today.

With OAFs permission via a poll, enabled "log in required" to edit the wiki, so spammers must at least register with a userid (that we can then ban). This stops the most trivial of the automated spam attacks.

May 8, 2008 The first spammer has arrived on our web/wiki. An IP address in Vietnam, and listed as a known spammer in anti-spam databases, edited one of our pages and deposited a bunch of random links to non-existent URLs. This is a typical reconnaissance mission before doing actual SPAM. I deleted it and blocked the IP permanently.
March 21, 2008 Linked a deep page in the wiki to a "Project Honeypot" trap. Humans will not encounter this, but the automated crawlers that spammers use to harvest email addresses will find fake email addresses and fake comment forms and, when they send them spam, their IP address is automatically added to a database of known spam sources. Interested parties can see the statistics for this honeypot here.
  • Update: As of July 12, 2008, this honeypot has contributed to the identification of 12 spam harvesters.
Personal tools