Spam bot invasion

Jump to navigation Jump to search
Revision as of 26 August 2017 at 14:36.
The highlighted comment was created in this revision.

Spam bot invasion

Hi Skilgannon,

I think you have page deletion permission. We need it, since there are hundreds of spam pages whcih appeared on wiki today.

May be there is a way to get such permissions to new crop of users. Looks like many previously active advanced users are not here anymore.

    Beaming (talk)01:05, 24 August 2017

    An admin can mass-cleanup the spam by using Special:Nuke on suspicious users from Special:ActiveUsers, as well as suspicious edits from Special:RecentChanges.

    In the light of this, I would like to nominate User:Beaming and User:Cb for admin rights.

    Skilgannon's email can be found in Contacts.

    More discussion on this attack can be found here and here.

    More suggestions:

    • IP-ban these bozos.
    • Do some of the stuff mentioned here.
    • Merge all spam accounts together so we can keep track of them more easily.
    • Delete/hide spam entries from Special:RecentChanges.
      MultiplyByZer0 (talk)03:25, 24 August 2017

      I also nominating User:MultiplyByZer0 because of active presence at wiki and a lot of clean up effort coming from this user.

        Beaming (talk)14:27, 24 August 2017
         
        Edited by author.
        Last edit: 14:52, 26 August 2017

        Current time: 2017-08-26T09:51:12.423Z

        Spammers left to go: 0

          MultiplyByZer0 (talk)03:38, 24 August 2017

          Thanks for listing those bot! I think we should take action as soon as possible, e.g. disable account creation and delete spam accounts.

          Then may be we should try to add some CAPTCHA for new users?

            Xor (talk)07:57, 24 August 2017

            I made CAPTCHA suggestions here.

            I believe it is possible that these spammers are not bots, but low-paid humans working in huge "spam farms". A registration CAPTCHA should therefore require at least basic knowledge of Robocode (e.g. name one sample bot).

            In any case, nothing is going to happen until Skilgannon wakes up.

              MultiplyByZer0 (talk)09:37, 24 August 2017

              Great ideas! Thank you for your effort!

                Cb (talk)11:22, 24 August 2017
                 

                Yes registration only CAPTCHA can be easily skipped by low paid humans, however it seems that the spams are created by machines — therefore adding a CAPTCHA when creating/editing pages for new users may help ;)

                  Xor (talk)01:21, 25 August 2017

                  Given that every new spam user posts about 3 pages and then stop, I would say that bots hacked the CAPTCHA algorithm.

                  I think we should make registration harder and then we will be fine.

                    Beaming (talk)01:36, 25 August 2017

                    I suggest we use Google's nocaptch ReCaptcha, it's not only using hard problems to solve, but also browsing history & browser fingerprint and more to stop bots.

                      Xor (talk)18:11, 25 August 2017
                       
                       
                       
                       

                      I have blocked and deleted the pages of the following entries. (Move them to a bottom list or something?)

                      Abdul
                      Abhi2828
                      Abhishek.upadhyay11
                      Adamsmith
                      Ahmad1234
                      Ahmadd123
                      Ajaykapadia2
                      Akki
                      Alex
                      Alexa
                      Alexdogge1
                      Alexyokei
                      Alhaji
                      Amit8923
                      Andoralifs
                      Andrusmith1
                      Anisingh
                      Anjilajolia
                      Anjilajoliaa
                      ANNU17
                      Anshu01
                      Araja
                      Asdasd
                      Ashish12345
                      Ashish786786
                      Astrologerbaba16
                      Avisupport
                      Baba786
                      Bisafepa
                      Bitcoinsssupport
                      Blizzardbluee
                      Bookentry
                      Bradyswan
                      Brandi84
                      Bujelizala
                      Caira
                      Caleb
                      Cbkjvjvkd
                      Chorsupport
                      Chunnu7294383gulabo
                      Cooljass1
                      Cuwerokume
                      Cybertechnisdhhdh
                      Dabbu
                      Dante
                      Dasfgs
                      Dear
                      Depih12
                      Dev123
                      Dexter6789
                      Dfasffasf
                      Dfgvfgvfsd5
                      Dfjhfgj
                      Dfsdf
                      Dgdfhfgjhfgh
                      Dhanraj99
                      Dinni999
                      Dk923478
                      Dolka01
                      Dpkapadia1
                      Dsgdfhg
                      Dsgsdhjfe
                      Dykywipy
                      Ellis S Skinner
                      Emma000001
                      Emmawatson
                      Emmie2680
                      Engineer123
                      Ergugfdguf
                      Eswt
                      Faer
                      Fairsearches.pradeep
                      Faisal
                      Faulkner
                      Fdbhdf525
                      Fibarip
                      Frankgel
                      Fransis99
                      Fullsupport
                      Gakllerjohn
                      Gattu
                      Ghfdhfg
                      Ghufgt567121
                      Gibson
                      Ginjuilinhj
                      Gk707027
                      Gofyozilto
                      Gopalamj
                      Gtrtgum
                      Guwogepome
                      Hajsfdjorkgpgk12
                      Harryji
                      Hemantvar
                      Herry9
                      Ginjuilinhj
                        Chase03:20, 25 August 2017

                        Hi Chase,

                        Could you please revert back Help:Editing?

                          Beaming (talk)04:56, 25 August 2017
                           
                            Beaming (talk)14:54, 25 August 2017
                             
                             

                            Okay, it looks like GrubbmGait and Voidious are blocking spam accounts, and account creation has been disabled.

                            We still need to fix the main page, though.

                              MultiplyByZer0 (talk)20:22, 24 August 2017

                              I have located the main page here: http://robowiki.net/wiki/$$_1-855-665-7666@_HP_Service_Phone_Number_HP_Service_Phone_Number_Support_Number0572

                              Unfortunately, I do not have permissions to move it back.

                                MultiplyByZer0 (talk)20:33, 24 August 2017
                                 

                                Thanks everyone for jumping in here! I turned off account creation again (for now), blocked a bunch of accounts, and mass deleted the pages they created. Also restored the Main Page (thanks for pointing to it!). I'll continue later, but I am a little busy at work atm / today...

                                We have faced a lot of wiki spam - we have Captcha on account creation, some custom anti-spam code, no anonymous edits. But eventually we just fell too far behind. Like MultiplyByZero said, I think these may be a mix of bots and real people. Surely we could get to a decent setup with upgrading MediaWiki and finding the right plugins, we just never made time (yet).

                                And yeah, I'd love to discuss getting a new admin or two on board! We haven't added anybody new in a while and indeed all the current ones are sort of retired.

                                  Voidious (talk)20:56, 24 August 2017

                                  Thanks a lot User:Voidious, User:GrubbmGait, and User:Chase-san for cleaning the wiki. Special thanks to User:MultiplyByZer0 for tracking spamming users.

                                    Beaming (talk)04:22, 25 August 2017
                                     

                                    I have been through all the accounts of the 'Active users list' and Mass deleted and blocked the appropriate accounts. Seems that all New created pages are deleted at this moment. In that active users list still some spammers are listed, but they did more subtle things like minor edits and moving pages. Someone with a bit more knowlegde of wiki-stuff should go through their contributions and try to erase those.

                                      GrubbmGait (talk)17:33, 25 August 2017

                                      Thanks for this colossal work. I've seen you deleting non stop for at least an hour.

                                      Would you be able to revert some important pages as well? They are listed above this thread in reply to Chase-san.

                                        Beaming (talk)17:36, 25 August 2017

                                        Talk:Main Page has been restored afaik. But for the other two, without knowing where they went, it is hard for me to revert them.

                                          GrubbmGait (talk)17:47, 25 August 2017
                                           
                                           
                                           

                                          Crap... I am very sorry guys. My git sync with wiki goofed up. I incindently restored spam pages.

                                          Good news they all marked and sit in Category:Spam

                                            Beaming (talk)05:05, 26 August 2017

                                            They are removed (again), for this time I did not block you ;-) Note that a lot of new users have been created without any contributions yet, so spamming is still possible. And it would be nice if the 'Deletion log's could be hidden, now it is almost impossible to see what normal contributions have been made the last few days/weeks.

                                              GrubbmGait (talk)10:03, 26 August 2017
                                               

                                              I have scanned through 'all pages' and deleted all spampages there, luckily easy to recognize due to loooong page names. Afaik no more spam is present, just some contributions from the Active user list that I can't locate anywhere. So, my 'spamming' of deletion logs is over, so Xor and Dsekercioglu and others can now see any discussions again.

                                                GrubbmGait (talk)11:41, 26 August 2017

                                                ‎Heartgold537 just spammed. It seems we forget somebody?

                                                  Xor (talk)15:00, 26 August 2017

                                                  Those buggers are smart. They create an account and then spam from it after some time passes. This is exactly what GrubbmGait predicted above.

                                                  We just need to embrace ourself for couple weeks. I suggest to put

                                                  [[Category:Spam]]

                                                  text within the offending pages so admins have easier time to track them down.

                                                    Beaming (talk)15:12, 26 August 2017

                                                    Yes it helps. Anyway, the best way against human spammers is that we have more people than them;) At least with more admins it really helps.

                                                    MultiplyByZer0 sees the wiki very frequently, we would react to spammers much faster if he were admin as well;)

                                                      Xor (talk)15:24, 26 August 2017

                                                      Well, we just need to be patient. As much as I hate spammers, wiki will run even with spam inside. Wiki is not the twitter where everything should be immediately up-to-date.

                                                      I personally monitor Recent changes in my rss reader, so I see the invasion within couple hours. But we cannot expect admin reaction time to be much faster than a day or even week.

                                                      This is not the first spam wave (though the largest I remember) which we survived.

                                                        Beaming (talk)15:32, 26 August 2017

                                                        I may be the first one on wiki who sees the attack ;p It happens right after I edited an article. And if at that time we were to disable account creation immediately and take other actions to help, the attack won't happen at all.

                                                          Xor (talk)15:36, 26 August 2017