New User Flood

Jump to navigation Jump to search
Revision as of 2 October 2014 at 03:15.
The highlighted comment was created in this revision.

New User Flood

There seems to be a flood of new users, I can only guess that these are not people interested in robocode, but rather some kind of spam bot (or spam bots). We need some way to captcha user creation I think.

While we are at it, remove some of those "new users" without any edits.

    Chase15:07, 30 September 2014

    I wonder why create spam bots when you can create Robocode bots. :P

      MN (talk)00:30, 1 October 2014
       

      Speaking of user removal. How many active admins do we have?

        Beaming (talk)01:57, 1 October 2014

        Well a few, for example I don't have access to actual site stuff (so I can't add a captcha).

        We could just go through and manually delete them all, but there is no bulk method way to do that (that I know of).

          Chase02:20, 1 October 2014
           

          List of those with mediawiki "administrator" access:
          AW‏‎, Chase-san‏‎, Darkcanuck‏, David Alves‏‎, GrubbmGait‏‎, Jdev‏‎, MN‏‎, PEZ‏‎, Rednaxela‏‎, Sheldor‏‎, Skilgannon, Skotty‏‎, Voidious, Wompi

          List of those with server shell access:
          David Alves‏‎, Rednaxela‏‎, Skilgannon, Voidious

          The one whose name the server name is under:
          David Alves‏‎

          The one whose name the domain name is under:
          PEZ

          The last several times the server needed config maintnance I've dealt with that. I know Skilgannon is also checking in wiki sometimes. Voidious less often recently to my knowledge.

            Rednaxela (talk)20:03, 1 October 2014
             

            For future reference, you can see who's a wiki administrator or bureaucrat by using the "Group:" filter on the user list page.

              Sheldor (talk)23:29, 1 October 2014
               

              Hate to break it to you Chase, but we already have a captcha on user creation. In fact, we have *TWO* captchas (reCaptcha, plus a simple math question presented as an image) required for user creation, and the bots involved in these user creations seem to crack crack both. I tend to wonder if they're using a "mechanical turk" type of system to outsource bulk captcha breaking to humans.

              Only reason they very rarely succeed at actually posting content these days, is because of a custom Mediawiki extension I added, which blocks any edits which add new external URL links if the user account was created within X hours of the attempt. (Note, it does not block external URLs that are not formatted as Mediawiki links, such as the participants page of course)

              Perhaps I should augment this extension to remove users whose only attempted edits during a 1 week period were blocked in this fashion?

                Rednaxela (talk)19:48, 1 October 2014

                My experience with captcha locked registration, is that at some point someone, most likely a human, provides an answer to at least one question. After this bots will register like crazy. On my site I had non googlable question, which holds bots for a month or two, but sooner or letter they will come.

                The only way to deal with it, is to remove old questions and generate new ones.

                  Beaming (talk)22:38, 1 October 2014
                   

                  "Perhaps I should augment this extension to remove users whose only attempted edits during a 1 week period were blocked in this fashion?"

                  That policy sounds pretty reasonable, as long as it is clearly written somewhere new users would see.

                    Sheldor (talk)23:12, 1 October 2014

                    Make it 3 days and that'll do it for me. We should also nuke users without any posts that registered more then 3 days ago as well (and were not added by an admin), or something.

                      Chase02:36, 2 October 2014
                       

                      Actually, now that I think about it. I think Voidious used Asirra to prevent issues on the berrybots wiki. Now asirra is closing down this year, so we can't use that. But there should be some other image based captcha's around.

                      As we all know, classification is a very difficult AI problem, but is almost trivial for us humans. :)

                        Chase02:52, 2 October 2014

                        Usually, it is sufficient to ask what is "2+2", may be in the form "two plus two" so it is not that obvious for a parser. Since, we are fighting attacks not designed against this particular wiki, it will be sufficient. Once, a traitor give the answer to this question to a bot net, we will ask what is 2+3, and so on.

                          Beaming (talk)04:15, 2 October 2014