[SAC] Fwd: Legit users vs. spam users

Brian M Hamlin maplabs at light42.com
Mon Nov 23 17:10:22 PST 2015 

Hi Markus, Christian, Martin --
I have contacts at the Wikimedia Foundation, since last year.. here is the chat log just now:

	dbb		hi all - our heavily used (and beloved) MediaWiki just got upgraded, and its time to take a look at the outrageous number of spam users being created daily, and spam pages
	 		dbb		I believe I will get access at every level, but I want to be careful.. 
	 		dbb		.. just looking into it now
	 		dbb		!!! the sys-admin mailing list says 16300 spam user accounts created in the last four days ?!?!?
	 		wm-bot		There is no such key, you probably want to try: !bribe, !tss,
	 		dbb		"UserMerge and BlockAndNuke have failed" .. it says here
	 		dbb		f***
	 		MaxSem		!spam
	 		wm-bot		For information about combating and handling spam in MediaWiki, see <http://www.mediawiki.org/wiki/Manual:Combating_spam> and <http://www.mediawiki.org/wiki/Anti-spam_features>. 
	 		dbb		oh - MaxSem .. hi .. Brian at OSGeo here
	 		dbb		I have a mess on my hands apparently
	 		wmat		dbb: are they actually creating content?
	 		wmat		dbb: if not, just run removeUnusedAccounts.php to delete all of them
	 		MaxSem		1) disable account creation until more measures are taken
	 		dbb		I have just opened this minutes ago
	 		dbb		yes agree - this is crazy
	 		wmat		dbb: I use a dynamic captcha + confirm account + I blow away unused accounts once a month
	 		dbb		we had a tech add LDAP login very recently, and upgrade the version
	 		dbb		we use our LDAP heavily for other sites
	 		MaxSem		I don't see LDAP auth at http://wiki.osgeo.org/wiki/Special:Version
	 		anchit		 
	 		MaxSem		anchit, mentor? are you a developer?
	 		MaxSem		dbb, meanwhile +2 accounts
	 		dbb		ugh
	 		dbb		.. 
	 		MaxSem		disable creation, then figure out what to do
	 		dbb		whats the best way to disable ?
	 		MaxSem		!access
	 		wm-bot		For information on customizing user access, see <http://www.mediawiki.org/wiki/Manual:User_rights>. For common examples of restricting access using both rights and extensions, see <http://www.mediawiki.org/wiki/Manual:Preventing_access>. 

	 		in other words, $wgGroupPermissions['*']['createaccount'] = false;

--
Brian M Hamlin
OSGeo California Chapter
blog.light42.com

More information about the Sac mailing list