Difference between revisions of "The iPhone Wiki:Spam"

From The iPhone Wiki
Jump to: navigation, search
(account signup comment)
Line 6: Line 6:
   
 
:I think it's quite strange that the Captcha didn't work. For the current spam the best way would be a regular expression that detects these new pages (all look identical) and automatically denies the page creation and immediately blocks that user. But of course they can change the text and it's not solved anymore. What about their emails? Currently you don't have to provide a valid email. What if you enable the email verification? Maybe they still get around that somehow, but I think they use something highly automated and something that works on all wikis, not just here. If we would add a verification "word" in the verification email that they would have to reenter on the page, then that would be something nonstandard that might not work for them. If they still get around that, we can approve new users (best choice of your ideas), but based on what should we decide? If we just approve every new user, we also risk to approve spammers. --[[User:Http|http]] 05:00, 19 April 2011 (UTC)
 
:I think it's quite strange that the Captcha didn't work. For the current spam the best way would be a regular expression that detects these new pages (all look identical) and automatically denies the page creation and immediately blocks that user. But of course they can change the text and it's not solved anymore. What about their emails? Currently you don't have to provide a valid email. What if you enable the email verification? Maybe they still get around that somehow, but I think they use something highly automated and something that works on all wikis, not just here. If we would add a verification "word" in the verification email that they would have to reenter on the page, then that would be something nonstandard that might not work for them. If they still get around that, we can approve new users (best choice of your ideas), but based on what should we decide? If we just approve every new user, we also risk to approve spammers. --[[User:Http|http]] 05:00, 19 April 2011 (UTC)
  +
  +
::Well, CAPTCHA only does so much. I propose maybe implementing a CAPTCHA that uses a GIF animation since that breaks a lot of spambots. If not that, then maybe just account approval. [[User:LiNK|LiNK]] 05:28, 19 April 2011 (UTC)
   
 
===Invite System===
 
===Invite System===

Revision as of 05:28, 19 April 2011

Account signup has been blocked again due to spammers. Captcha didn't fix it

I propose one of three options, invites, account approval, or signup Thursdays. --geohot 03:47, 19 April 2011 (UTC)

I think account approval would be the best option (although the most work for everyone with sysop powers). People that want to sign up may have trouble asking current users for an invite, and it sounds like spammers would have no problem spamming the wiki on signup days. --Dialexio 04:20, 19 April 2011 (UTC)
I think it's quite strange that the Captcha didn't work. For the current spam the best way would be a regular expression that detects these new pages (all look identical) and automatically denies the page creation and immediately blocks that user. But of course they can change the text and it's not solved anymore. What about their emails? Currently you don't have to provide a valid email. What if you enable the email verification? Maybe they still get around that somehow, but I think they use something highly automated and something that works on all wikis, not just here. If we would add a verification "word" in the verification email that they would have to reenter on the page, then that would be something nonstandard that might not work for them. If they still get around that, we can approve new users (best choice of your ideas), but based on what should we decide? If we just approve every new user, we also risk to approve spammers. --http 05:00, 19 April 2011 (UTC)
Well, CAPTCHA only does so much. I propose maybe implementing a CAPTCHA that uses a GIF animation since that breaks a lot of spambots. If not that, then maybe just account approval. LiNK 05:28, 19 April 2011 (UTC)

Invite System

How do we combat this recent spamming of this wiki? I suggest a possible invite system or similar? --Srts 02:24, 9 November 2009 (UTC)

I have already blocked account signup, they must have had this account for a while. --geohot 02:29, 9 November 2009 (UTC)
Well if they don't stop, we can't have account creation disabled forever, defeats the purpose of the wiki. People like him are sad. Great work to all the sysops et all. keeping disruption to a minimal :D --Srts 02:34, 9 November 2009 (UTC)
Yea thanks a lot guys for putting up with this. We'll give a bit of time, and if they continue, we'll figure something out. This kid keep trying to reset my password for hosting and the wiki. Too bad he doesn't have a life. --geohot 03:10, 9 November 2009 (UTC)
An invite system might not be a bad idea actually Will Strafach 03:16, 9 November 2009 (UTC)
feel free to post their IP addresses, lol --posixninja 04:08, 9 November 2009 (UTC)
Well, if you need an extra admin to block them (and delete spam pages), I volunteer. --Dranfi
Congrats, you're an admin --geohot 13:22, 9 November 2009 (UTC)

IP ranges, approval system

How many different IPs are we dealing with? Is it within a specific range? For the time being, it may be possible to blacklist an entire subnet if they are all coming from the same place. But if a botnet is doing this, may be more difficult. Is it possible for MediaWiki to require admin approval of an edit prior to it being commited? Not well versed with MediaWiki administration, just thossing out some ideas. --tsuehpsyde 17:29, 9 November 2009 (UTC)

It is not within a specific range. On my wiki, people post almost the exact same stuff as IP's and I get from 64.*.*.* al the way to 96.*.*.* I think it is a botnet --Balloonhead66 23:13, 16 March 2011 (UTC)
We could figure out where they come from and do the same to them. Secondly, we could create a filter that unless your part of a specific group you cannot do more than this many edits in this amount of time. We could try making a period where the admins have to approve the users. Lastly, we could make it so that in the first 12 hours of a user account that user could not edit pages so it would give time for the sysops to ban the users. Revolution 00:02, 10 November 2009 (UTC)
That might not be a good idea as we could get you butts sued. --Balloonhead66
Why don't we just do this Apple-style and have a group of moderators approve of every comment, page edit or revision? I would love to be a part of such group.
The extension for mediawiki FlaggedRevs is 1.14 and above. This wiki is running 1.12 :( --Balloonhead66 23:13, 16 March 2011 (UTC)

Does this wiki currently take advantage of IP banning capability or would that just be subverted anyways? --Iemit737 03:48, 6 April 2011 (UTC)

The wiki does indeed employ IP banning. The spambots are getting around it, though. --Dialexio 04:13, 6 April 2011 (UTC)
IP bans are largely useless anyways as -Most Internet users have dynamic IP's and they could simply use a proxy anyways (It's relatively easy to create a VPN once you know where the option is in your OS). They'll also probably block innocent users. --Ryccardo 14:54, 6 April 2011 (UTC)

limitations, whitelistings

If the ones you refer to as 'they' are the pois0nhack group then 'they' don't really seem to pose much of a threat in my opinion. I agree that for the time being we could impose some kind of 12/24 hr posting limitation (maybe no more than +-300 char changes?), but no more than that since this is, after all, a public wiki. Sorry if I'm intruding on some kind of admin/mod meeting, just figured I should have my say. --adriaaan 00:27, 10 November 2009 (UTC)

I am in favor of a 12hr limit for new users, but since it's a public wiki, during this time, contributions would have to be approved by sysops. --Untagged
Personally I think it would be good to have it so that all edits by new users a thrown into a moderation pool, then once a good amount of worthwhile contributions, that user can be "whitelisted".
Maybe we could extend the Twitter-Service to display more information (i.e. "Main Page (-2,439) http://u.nu/5x2t3 " instead of "Main Page - http://u.nu/5x2t3"). That could allow fast detection (and reversal) of vandalism attempts because large edits by "unknown" would be easy to spot. May also add the username and/or the commit message, but then we'd have to check for anything Twitter might interpret or block. --CleanAir 13:58, 12 November 2009 (UTC)

Captcha

Can we add a Captcha to the logon process? I don't think all these recent spam pages are done manually. --http 06:29, 15 March 2011 (UTC)

Good idea http, add a Captcha to the logon process and the sign up process for some time --Whiteshinyapple 09:53, 16 March 2011 (UTC).
Uhm better idea http, add a Captcha when making new pages. Having to fill in a captcha at every login seems to be a pain in the ass :/ the only thing the spam is doing is making new pages, (at least as far as i see.) --IMaximusX
What I meant was for the registration process (new user), not for every login. Only geohot could implement that. --http 17:37, 16 March 2011 (UTC)
Recaptcha might work. I requires 1.8+, but only works on the sign in, edits with a new external link (anon only), and passwork cracking. --Balloonhead66 23:13, 16 March 2011 (UTC)
http im pretty sure they already have accounts, :p --IMaximusX

We have all these options but have any of them actually been implemented? Somebodys got to do something, The spam is getting out of control. --Grisolp 03:38, 9 April 2011 (UTC)

As http said, it's up to geohot to add a CAPTCHA for account creation. IP banning is in use, but it appears futile. --Dialexio 03:52, 9 April 2011 (UTC)

The spam bots are taking overhand. We will continue to clean it manually, but I suggest to add a Captcha to the new user signup process. That should be sufficient. But you might need to update mediawiki. See [1]. -- http 11:35, 1 April 2011 (UTC)

I can help to clean up the mess as well since I'm from a different timezone (UTC+8). -- nannoid 11:51, 1 April 2011 (UTC)
What does time zone have to do with it? --Balloonhead66 00:00, 6 April 2011 (UTC)
This is out of control. The captcha needs to be in place soon or eventually the recent changes will be flooded and me and the other monitors of it won't be able to keep track of it. --Balloonhead66 00:00, 6 April 2011 (UTC)

Recaptcha added, SONY sucks ass. --geohot 03:55, 14 April 2011 (UTC)

Sweet! Thanks for the reCAPTCHA addition; the (job) spam was getting tiresome. And... yeah, Sony really needs to lose its dictator mindset and treat consumers better. :\ --Dialexio 04:31, 14 April 2011 (UTC)
Thanks. And great you got back from this trial stuff without bigger damage. Signup reCAPTCHA seems to be a good way to handle the spam. The spam that came afterwards was probably from accounts created earlier. We still have 1106 existing accounts (including the already blocked ones) with the typical syntax of the spam bot accounts. Hopefully not many of those are sleeping for this purpose. I assume the automatic spam will get much lower after a few days. We'll see. -- http 22:58, 14 April 2011 (UTC)
Shit. User Gilbberg that was used from this spam bot was created new. It was not in the wiki user list I created an hour earlier. So the spam bot either knows how to read the reCAPTCHA or there sits someone entering these captchas for every spam that gets created in a semi-automated way. This means we need something better or something non-standard. Ideas? -- http 23:15, 14 April 2011 (UTC)
I cannot see when user accounts were created, as I don't have access to the database. But shortly after geohot added the reCAPTCHA to the new user signup process, I created a list of all users and saved this list. I can confirm that all spam accounts since then (Gilbberg, Giacnen, Frengra, Sarmaiz, Lyneelay, Hiruail, Zimemoor, Albuend, Audpep, Furmayt) were created after that. This means that they must use a semi-automated way to spam (or found a way around the reCAPTCHA). New ideas wanted. -- http 08:26, 16 April 2011 (UTC)
Why don't we add a captcha to the new page / editing submission? Once per session or whatever. Also captcha on signin. It's OTT but there aren't many alternatives =/ --blackthund3r 13:25, 16 April 2011 (UTC)