Lots of spambot accounts?

Indirik · August 10, 2012, 04:00:07 PM

Right. Just making sure that was the case.

Indirik · August 10, 2012, 04:44:32 PM

OK, so, I'm not 100% sure how to do this, or what we should be using to try to block the spambot accounts, without unnecessarily also blocking potential real users.

The spambot accounts seem to have at least one number in the username. Usually more than one, but not always. Here's the account creation log:
http://wiki.battlemaster.org/wiki/Special:Log/newusers

Anything on there that I would consider a valid user, i.e. anything with at least one successful non-spammy edit, never even uses a single number in the username. Do we just disallow any new accounts that use a number anywhere in the username? I know that we have in the past had a couple valid users with numbers in their username. According to the activity log, we have four who have been active in the last 30 days, two of whom have usernames ending in multiple numbers. (Antix1994 and Madmonk77)

We can make a note on the account creation page that certain patterns are not allowed, such as ending in numbers at all, or even go so far as to disallow all numbers in usernames for new accounts only. This would not affect any existing accounts in any way. We would just need to accept that this may affect the future registration of valid users. But it would drop our spambot account signups by about 90%.

Opinions?

Also, anyone with good regex knowledge want to look at the TitleBlacklist page and see if you can figure out their syntax? It looks to me like blocking useraccounts does something like:
.*(insertpatternhere).* <newaccountonly>

Tom · August 10, 2012, 05:08:58 PM

I don't see how numbers are adequate for the game at all, so if you ask me, we can block all accounts with numbers in them.

Indirik · August 10, 2012, 05:11:53 PM

So would this do that?

.*[0-9].* <newaccountonly>

Foundation · August 10, 2012, 05:54:28 PM

That looks like correct regex to match any string with at least 1 number in it. I don't understand the <newaccountonly> part though. :P

Indirik · August 10, 2012, 05:56:32 PM

... you almost got me with that one.

Indirik · August 10, 2012, 09:49:47 PM

I put the line in. Let's see if it works.

Foundation · August 10, 2012, 11:02:29 PM

Well, it's true! I still don't understand what that's for. 8)

Draco Tanos · December 23, 2012, 10:29:06 AM

Sorry for bumping/thread necro-ing, but... While I am glad the spambots can't post/edit on the wiki, is there a way to curtail their massive amounts of account registrations?

Indirik · December 23, 2012, 01:42:03 PM

There may be some kind of captcha extension or something.

Revan · December 27, 2012, 04:13:59 PM

http://wiki.battlemaster.org/index.php?title=Special:RecentChanges&days=30&from=&limit=2000&namespace=2

Wow. There was a steady trickle before, but it seems like wiki has basically been under all-out siege since the 18th December :-\ Looks like there's been at least 1800 new user accounts created since then alone.

Tom · December 27, 2012, 04:40:04 PM

Any ideas about how to counter that are more than welcome.

Also, any ideas about how to clean them out.

Fleugs · December 27, 2012, 04:48:48 PM

Quote from: Indirik on December 23, 2012, 01:42:03 PM
There may be some kind of captcha extension or something.

This. Isn't captcha the standard anti-bot measure?

Chenier · December 27, 2012, 06:00:05 PM

Maybe we could just have a box like for the game account creation that asks "I am an alien from Mars and I seek to destroy all humans" or something. Or a box that asks something really simple, like "what is the name of the game?". Some scripts can beat captcha, I heard, but I doubt bots could reply to simple questions that don't have the answer on the page?

Indirik · December 27, 2012, 06:52:52 PM

Do you know of any extensions that could do that sort of thing? It has to be a supported extension. Hand-coding our own modifications to MediaWiki isn't a viable solution.

News:

Lots of spambot accounts?