Spam bot invasion

Jump to navigation Jump to search

Spam bot invasion

Hi Skilgannon,

I think you have page deletion permission. We need it, since there are hundreds of spam pages whcih appeared on wiki today.

May be there is a way to get such permissions to new crop of users. Looks like many previously active advanced users are not here anymore.

Beaming (talk)02:05, 24 August 2017

An admin can mass-cleanup the spam by using Special:Nuke on suspicious users from Special:ActiveUsers, as well as suspicious edits from Special:RecentChanges.

In the light of this, I would like to nominate User:Beaming and User:Cb for admin rights.

Skilgannon's email can be found in Contacts.

More discussion on this attack can be found here and here.

More suggestions:

  • IP-ban these bozos.
  • Do some of the stuff mentioned here.
  • Merge all spam accounts together so we can keep track of them more easily.
  • Delete/hide spam entries from Special:RecentChanges.
MultiplyByZer0 (talk)04:25, 24 August 2017

I also nominating User:MultiplyByZer0 because of active presence at wiki and a lot of clean up effort coming from this user.

Beaming (talk)15:27, 24 August 2017
 
Edited by author.
Last edit: 15:52, 26 August 2017

Current time: 2017-08-26T09:51:12.423Z

Spammers left to go: 0

MultiplyByZer0 (talk)04:38, 24 August 2017

Thanks for listing those bot! I think we should take action as soon as possible, e.g. disable account creation and delete spam accounts.

Then may be we should try to add some CAPTCHA for new users?

Xor (talk)08:57, 24 August 2017

I made CAPTCHA suggestions here.

I believe it is possible that these spammers are not bots, but low-paid humans working in huge "spam farms". A registration CAPTCHA should therefore require at least basic knowledge of Robocode (e.g. name one sample bot).

In any case, nothing is going to happen until Skilgannon wakes up.

MultiplyByZer0 (talk)10:37, 24 August 2017

Great ideas! Thank you for your effort!

Cb (talk)12:22, 24 August 2017
 

You do not have permission to edit this page, for the following reasons:

  • The action you have requested is limited to users in the group: Users.
  • You must confirm your email address before editing pages. Please set and validate your email address through your user preferences.

You can view and copy the source of this page.

Return to Thread:User talk:Skilgannon/Spam bot invasion/reply (10).

Given that every new spam user posts about 3 pages and then stop, I would say that bots hacked the CAPTCHA algorithm.

I think we should make registration harder and then we will be fine.

Beaming (talk)02:36, 25 August 2017

I suggest we use Google's nocaptch ReCaptcha, it's not only using hard problems to solve, but also browsing history & browser fingerprint and more to stop bots.

Xor (talk)19:11, 25 August 2017
 
 
 
 

I have blocked and deleted the pages of the following entries. (Move them to a bottom list or something?)

Abdul
Abhi2828
Abhishek.upadhyay11
Adamsmith
Ahmad1234
Ahmadd123
Ajaykapadia2
Akki
Alex
Alexa
Alexdogge1
Alexyokei
Alhaji
Amit8923
Andoralifs
Andrusmith1
Anisingh
Anjilajolia
Anjilajoliaa
ANNU17
Anshu01
Araja
Asdasd
Ashish12345
Ashish786786
Astrologerbaba16
Avisupport
Baba786
Bisafepa
Bitcoinsssupport
Blizzardbluee
Bookentry
Bradyswan
Brandi84
Bujelizala
Caira
Caleb
Cbkjvjvkd
Chorsupport
Chunnu7294383gulabo
Cooljass1
Cuwerokume
Cybertechnisdhhdh
Dabbu
Dante
Dasfgs
Dear
Depih12
Dev123
Dexter6789
Dfasffasf
Dfgvfgvfsd5
Dfjhfgj
Dfsdf
Dgdfhfgjhfgh
Dhanraj99
Dinni999
Dk923478
Dolka01
Dpkapadia1
Dsgdfhg
Dsgsdhjfe
Dykywipy
Ellis S Skinner
Emma000001
Emmawatson
Emmie2680
Engineer123
Ergugfdguf
Eswt
Faer
Fairsearches.pradeep
Faisal
Faulkner
Fdbhdf525
Fibarip
Frankgel
Fransis99
Fullsupport
Gakllerjohn
Gattu
Ghfdhfg
Ghufgt567121
Gibson
Ginjuilinhj
Gk707027
Gofyozilto
Gopalamj
Gtrtgum
Guwogepome
Hajsfdjorkgpgk12
Harryji
Hemantvar
Herry9
Ginjuilinhj
Chase04:20, 25 August 2017

Hi Chase,

Could you please revert back Help:Editing?

Beaming (talk)05:56, 25 August 2017
 
 
 

Okay, it looks like GrubbmGait and Voidious are blocking spam accounts, and account creation has been disabled.

We still need to fix the main page, though.

MultiplyByZer0 (talk)21:22, 24 August 2017

I have located the main page here: http://robowiki.net/wiki/$$_1-855-665-7666@_HP_Service_Phone_Number_HP_Service_Phone_Number_Support_Number0572

Unfortunately, I do not have permissions to move it back.

MultiplyByZer0 (talk)21:33, 24 August 2017
 

Thanks everyone for jumping in here! I turned off account creation again (for now), blocked a bunch of accounts, and mass deleted the pages they created. Also restored the Main Page (thanks for pointing to it!). I'll continue later, but I am a little busy at work atm / today...

We have faced a lot of wiki spam - we have Captcha on account creation, some custom anti-spam code, no anonymous edits. But eventually we just fell too far behind. Like MultiplyByZero said, I think these may be a mix of bots and real people. Surely we could get to a decent setup with upgrading MediaWiki and finding the right plugins, we just never made time (yet).

And yeah, I'd love to discuss getting a new admin or two on board! We haven't added anybody new in a while and indeed all the current ones are sort of retired.

Voidious (talk)21:56, 24 August 2017

Thanks a lot User:Voidious, User:GrubbmGait, and User:Chase-san for cleaning the wiki. Special thanks to User:MultiplyByZer0 for tracking spamming users.

Beaming (talk)05:22, 25 August 2017
 

I have been through all the accounts of the 'Active users list' and Mass deleted and blocked the appropriate accounts. Seems that all New created pages are deleted at this moment. In that active users list still some spammers are listed, but they did more subtle things like minor edits and moving pages. Someone with a bit more knowlegde of wiki-stuff should go through their contributions and try to erase those.

GrubbmGait (talk)18:33, 25 August 2017

Thanks for this colossal work. I've seen you deleting non stop for at least an hour.

Would you be able to revert some important pages as well? They are listed above this thread in reply to Chase-san.

Beaming (talk)18:36, 25 August 2017

Talk:Main Page has been restored afaik. But for the other two, without knowing where they went, it is hard for me to revert them.

GrubbmGait (talk)18:47, 25 August 2017
 
 
 

Crap... I am very sorry guys. My git sync with wiki goofed up. I incindently restored spam pages.

Good news they all marked and sit in Category:Spam

Beaming (talk)06:05, 26 August 2017

They are removed (again), for this time I did not block you ;-) Note that a lot of new users have been created without any contributions yet, so spamming is still possible. And it would be nice if the 'Deletion log's could be hidden, now it is almost impossible to see what normal contributions have been made the last few days/weeks.

GrubbmGait (talk)11:03, 26 August 2017
 

I have scanned through 'all pages' and deleted all spampages there, luckily easy to recognize due to loooong page names. Afaik no more spam is present, just some contributions from the Active user list that I can't locate anywhere. So, my 'spamming' of deletion logs is over, so Xor and Dsekercioglu and others can now see any discussions again.

GrubbmGait (talk)12:41, 26 August 2017

‎Heartgold537 just spammed. It seems we forget somebody?

Xor (talk)16:00, 26 August 2017

Those buggers are smart. They create an account and then spam from it after some time passes. This is exactly what GrubbmGait predicted above.

We just need to embrace ourself for couple weeks. I suggest to put

[[Category:Spam]]

text within the offending pages so admins have easier time to track them down.

Beaming (talk)16:12, 26 August 2017

Yes it helps. Anyway, the best way against human spammers is that we have more people than them;) At least with more admins it really helps.

MultiplyByZer0 sees the wiki very frequently, we would react to spammers much faster if he were admin as well;)

Xor (talk)16:24, 26 August 2017

Well, we just need to be patient. As much as I hate spammers, wiki will run even with spam inside. Wiki is not the twitter where everything should be immediately up-to-date.

I personally monitor Recent changes in my rss reader, so I see the invasion within couple hours. But we cannot expect admin reaction time to be much faster than a day or even week.

This is not the first spam wave (though the largest I remember) which we survived.

Beaming (talk)16:32, 26 August 2017

I may be the first one on wiki who sees the attack ;p It happens right after I edited an article. And if at that time we were to disable account creation immediately and take other actions to help, the attack won't happen at all.

Xor (talk)16:36, 26 August 2017