[SAC] Fwd: Legit users vs. spam users
Markus Neteler
neteler at osgeo.org
Tue Nov 24 01:08:52 PST 2015
Hi Brian,
On Tue, Nov 24, 2015 at 2:10 AM, Brian M Hamlin <maplabs at light42.com> wrote:
> Hi Markus, Christian, Martin --
> I have contacts at the Wikimedia Foundation, since last year.. here is the chat log just now:
>
> dbb hi all - our heavily used (and beloved) MediaWiki just got upgraded, and its time to take a look at the outrageous number of spam users being created daily, and spam pages
> dbb I believe I will get access at every level, but I want to be careful..
> dbb .. just looking into it now
> dbb !!! the sys-admin mailing list says 16300 spam user accounts created in the last four days ?!?!?
--> no, maybe over the past 2 years.
But since the recent updates it gots way worth.
I may note that in the previous version I made a local modification to
ConfirmEdit which notably decreased the amount of spam.
This was not (yet) migrated to the actual installation we have.
> wm-bot There is no such key, you probably want to try: !bribe, !tss,
> dbb "UserMerge and BlockAndNuke have failed" .. it says here
I have installed both.
But BlockAndNuke ignores the whitelist.txt which is rather annoying.
Question for them:
I have a list of 2800 blocked accounts but how to delete them?
> dbb f***
> MaxSem !spam
> wm-bot For information about combating and handling spam in MediaWiki, see <http://www.mediawiki.org/wiki/Manual:Combating_spam> and <http://www.mediawiki.org/wiki/Anti-spam_features>.
... I studies these pages for a few hours...
> dbb oh - MaxSem .. hi .. Brian at OSGeo here
> dbb I have a mess on my hands apparently
> wmat dbb: are they actually creating content?
> wmat dbb: if not, just run removeUnusedAccounts.php to delete all of them
Done but they don't disappear from the newusers log wiki page. Why??
> MaxSem 1) disable account creation until more measures are taken
... probably a good idea.
> dbb I have just opened this minutes ago
> dbb yes agree - this is crazy
> wmat dbb: I use a dynamic captcha + confirm account + I blow away unused accounts once a month
I suspect that they spamers/spam bots bypass all this and inject code somewhere.
> dbb we had a tech add LDAP login very recently, and upgrade the version
> dbb we use our LDAP heavily for other sites
Please teach us how to connect our Wiki to LDAP. Martin Spott could
not figure that out.
> MaxSem I don't see LDAP auth at http://wiki.osgeo.org/wiki/Special:Version
Yes, we don't have it yet since we don't know how to implement the
connection between our Wiki and our LDAP.
> anchit
> MaxSem anchit, mentor? are you a developer?
> MaxSem dbb, meanwhile +2 accounts
> dbb ugh
> dbb ..
> MaxSem disable creation, then figure out what to do
> dbb whats the best way to disable ?
> MaxSem !access
> wm-bot For information on customizing user access, see <http://www.mediawiki.org/wiki/Manual:User_rights>. For common examples of restricting access using both rights and extensions, see <http://www.mediawiki.org/wiki/Manual:Preventing_access>.
>
> in other words, $wgGroupPermissions['*']['createaccount'] = false;
Time to switch that on?
Markus
More information about the Sac
mailing list