Over the past two days, a lot of new user accounts have been created, almost certainly by spambots. None of them have made any edits. So far as I know, this doesn't affect anything. Since they didn't edit, they couldn't have slipped any links in or anything, correct? Here's a sample of the new accounts:
10:03, 4 July 2012 Ramyez6mh (Talk | contribs | block) created a user account
03:25, 4 July 2012 Bennie0137 (Talk | contribs | block) created a user account
02:30, 4 July 2012 Dallas7738 (Talk | contribs | block) created a user account
23:29, 3 July 2012 Coa002vq (Talk | contribs | block) created a user account
23:06, 3 July 2012 3jbv64ijh5 (Talk | contribs | block) created a user account
22:38, 3 July 2012 Jjkvwbvev (Talk | contribs | block) created a user account
22:00, 3 July 2012 Rauzh484 (Talk | contribs | block) created a user account
21:23, 3 July 2012 LanJ8Liex (Talk | contribs | block) created a user account
21:20, 3 July 2012 Revo70 (Talk | contribs | block) created a user account
10:43, 3 July 2012 Liniwhzd (Talk | contribs | block) created a user account
07:40, 3 July 2012 Xbvsjd357c (Talk | contribs | block) created a user account
05:59, 3 July 2012 Jianhydwd (Talk | contribs | block) created a user account
04:21, 3 July 2012 4tcy1vh1o (Talk | contribs | block) created a user account
04:05, 3 July 2012 Vtwsbl98 (Talk | contribs | block) created a user account
01:23, 3 July 2012 MVSdG8jae (Talk | contribs | block) created a user account
Yay spambots! Please do get rid of them before they go crazy.
Might be preparing, testing our defenses, or tried to edit and couldn't. Wiping them would certainly be good.
I presume that locking would be good enough.
Get them before they wipe out our works, plant links and cause mayhem.
Quote from: Cren on July 05, 2012, 10:06:28 AM
Get them before they wipe out our works, plant links and cause mayhem.
We do not talk about Project Mayhem.
revo70 is my actual wiki account so don't wipe that.
If you have made a valid edit, then it won't be locked. That's how I usually tell if it's a spambot account.
There's lots of spam bot accounts created every day, but they don't seem to be making any edits.
Anyone got a clue to
a) what's going on
and
b) can we stop this crap in some easy way?
Maybe you can create some code to link our BM a/c to wiki a/c, so that those who don't have a BM a/c can't create an wiki a/c? Not the best idea though.
Quote from: Cren on July 29, 2012, 01:07:39 PM
Maybe you can create some code to link our BM a/c to wiki a/c, so that those who don't have a BM a/c can't create an wiki a/c? Not the best idea though.
If someone knows enough about MediaWiki extensions to help me out, I'll consider it.
I've been watching. The accounts get created, but they never do any edits. Probably broken spambots?
Does anyone know if it is possible to, say, prevent the creation of users with numbers in the username? That would weed out 90% of the spambots right there.
Maybe one can configure BadBehaviour to do that? I have that installed (it might be what's preventing them from actually posting spam).
Due to the way BadBehavior works, I very much doubt that it can monitor/police usernames.
However, this may be applicable: http://www.mediawiki.org/wiki/Extension:TitleBlacklist
"The Title Blacklist extension allows wiki administrators to block the creation, movement and upload of pages which title matches one or more regular expressions, as well as blocking creation of accounts with matching usernames."
I have a somewhat of a simple solution, goes along with the wiki team idea.
In order to make an account it has to be approved by a wiki Administrator, you would be encouraged to make an account in accordance with your battle master family last name or Forum name for verification before being approved.
so let the spam bots make away it'll never get approved without proper verification.
Quote from: House Talratheon on August 04, 2012, 01:55:47 PM
I have a somewhat of a simple solution, goes along with the wiki team idea.
In order to make an account it has to be approved by a wiki Administrator, you would be encouraged to make an account in accordance with your battle master family last name or Forum name for verification before being approved.
so let the spam bots make away it'll never get approved without proper verification.
Good Idea. +1
Seems like a lot of work for the administrator, as well as slower access time for legitimate users. Any comments on these two aspects?
Well not entirely, for pure example say a wiki account tries to register named Velax since it has to be the forum name or the family name I message him on the forums asking if it's him, he verifies then I approve the account that entire process will take more than likely less than 24 hours.
At most I e-mail him in which case it could be handled slightly above 24 hours.
It's not like account making is the Mexico/US border I wouldn't expect it to be that busy.
It's not a lot of work for the person registering, but it's a pain and an unnecessary hassle to have to wait a few days depending on the activity of the administrator to edit a wiki, especially a wiki that is not high traffic as you stated.
It is a lot of work for the administrator. It will quickly turn to a boring and repetitive task, with no real purpose. If they want to spend that time they might as well look for better ways to fix the spam detection or manually delete the spam accounts.
I still do not see the benefit of adding another layer of administration. Having the players re-register on different sites (forum, game, wiki) is onerous enough.
Tom's Bad Behavior extension blocks a ridiculous amount of wiki spam. I imagine it's the reason all those spambot accounts never manage to actually get any spam onto the wiki.
If there were a way to link the various sites... but I've tried several, even writing my own. :-(
I've been running on-line services for 15 years and in my experience the best way to combat 95% of spam bots is to simply block the /24 ip range at the firewall.
Another idea, check the referring url, if the person is signing up for an account, but the referring url is not from the wiki, it's a bot. A few lines of php can do this.
The number of junk accounts signing up too the wiki is pretty amazing. BadBehaviour is doing an exceptional job of keeping out the edits, though. Tom, have you considered implementing the TitleBlacklist extension? A regex that forbids an account name from ending in two or more numbers would really cut down on the number of junk accounts.
Installed. Configurable here:
http://wiki.battlemaster.org/wiki/MediaWiki:Titleblacklist
I've also included the public blacklist here:
http://meta.wikimedia.org/w/index.php?title=Title_blacklist
Well, let's give it a day or two and see what happens. I'm not all that good with regexes.
Quote from: Indirik on August 09, 2012, 07:13:06 PM
Well, let's give it a day or two and see what happens. I'm not all that good with regexes.
I hate them...but I can do pretty well with them. Let me know if you need help.
Quote from: Indirik on August 09, 2012, 07:13:06 PM
Well, let's give it a day or two and see what happens. I'm not all that good with regexes.
This will match only the last 2 digits if they are numbers:
/[0-9]{2}$/
So it may look like this:
$username="fish23";
if (preg_match_all('/[0-9]{2}$/i', $username, $result)==1)
{
echo "Match found";
}
else
{
echo "no match found";
}
What I was thinking may be useful would be for the string to match if the username ends in two or more numbers. Not exactly two, but two or more.
Quote from: Tom on August 09, 2012, 06:35:30 PM
I've also included the public blacklist here:
http://meta.wikimedia.org/w/index.php?title=Title_blacklist
Does that mean that the regexes on the wikimedia page will also be used by our wiki?
in that case, /[0-9][0-9]+$/i should do the trick.
Quote from: Indirik on August 10, 2012, 03:32:43 PM
Does that mean that the regexes on the wikimedia page will also be used by our wiki?
Yes. We're not the only wiki getting spams, so why not profit from other peoples' experiences?
Right. Just making sure that was the case.
OK, so, I'm not 100% sure how to do this, or what we should be using to try to block the spambot accounts, without unnecessarily also blocking potential real users.
The spambot accounts seem to have at least one number in the username. Usually more than one, but not always. Here's the account creation log:
http://wiki.battlemaster.org/wiki/Special:Log/newusers
Anything on there that I would consider a valid user, i.e. anything with at least one successful non-spammy edit, never even uses a single number in the username. Do we just disallow any new accounts that use a number anywhere in the username? I know that we have in the past had a couple valid users with numbers in their username. According to the activity log, we have four who have been active in the last 30 days, two of whom have usernames ending in multiple numbers. (Antix1994 and Madmonk77)
We can make a note on the account creation page that certain patterns are not allowed, such as ending in numbers at all, or even go so far as to disallow all numbers in usernames for new accounts only. This would not affect any existing accounts in any way. We would just need to accept that this may affect the future registration of valid users. But it would drop our spambot account signups by about 90%.
Opinions?
Also, anyone with good regex knowledge want to look at the TitleBlacklist page and see if you can figure out their syntax? It looks to me like blocking useraccounts does something like:
.*(insertpatternhere).* <newaccountonly>
I don't see how numbers are adequate for the game at all, so if you ask me, we can block all accounts with numbers in them.
So would this do that?
.*[0-9].* <newaccountonly>
That looks like correct regex to match any string with at least 1 number in it. I don't understand the <newaccountonly> part though. :P
... you almost got me with that one.
I put the line in. Let's see if it works.
Well, it's true! I still don't understand what that's for. 8)
Sorry for bumping/thread necro-ing, but... While I am glad the spambots can't post/edit on the wiki, is there a way to curtail their massive amounts of account registrations?
There may be some kind of captcha extension or something.
http://wiki.battlemaster.org/index.php?title=Special:RecentChanges&days=30&from=&limit=2000&namespace=2
Wow. There was a steady trickle before, but it seems like wiki has basically been under all-out siege since the 18th December :-\ Looks like there's been at least 1800 new user accounts created since then alone.
Any ideas about how to counter that are more than welcome.
Also, any ideas about how to clean them out.
Quote from: Indirik on December 23, 2012, 01:42:03 PM
There may be some kind of captcha extension or something.
This. Isn't captcha the standard anti-bot measure?
Maybe we could just have a box like for the game account creation that asks "I am an alien from Mars and I seek to destroy all humans" or something. Or a box that asks something really simple, like "what is the name of the game?". Some scripts can beat captcha, I heard, but I doubt bots could reply to simple questions that don't have the answer on the page?
Do you know of any extensions that could do that sort of thing? It has to be a supported extension. Hand-coding our own modifications to MediaWiki isn't a viable solution.
Quote from: Indirik on December 27, 2012, 06:52:52 PM
Do you know of any extensions that could do that sort of thing? It has to be a supported extension. Hand-coding our own modifications to MediaWiki isn't a viable solution.
Sorry, I don't know much of extensions for wikis. Just thought maybe it'd exist somewhere.
http://www.mediawiki.org/wiki/Extension:ConfirmEdit
Not entirely sure if it goes to account creation (which I hope it does/can), but this might work.
Edit: It does!
There are five "triggers" on which CAPTCHAs can be displayed:
'edit' - triggered on every attempted page save
'create' - triggered on page creation
'addurl' - triggered on a page save that would add one or more URLs to the page
'createaccount' - triggered on creation of a new account
'badlogin' - triggered on the next login attempt after a failed one. Requires $wgMainCacheType to be set to something other than CACHE_NONE.