BattleMaster Community

BattleMaster => Marketing => Wiki => Topic started by: Indirik on July 04, 2012, 08:03:15 PM

Title: Lots of spambot accounts?
Post by: Indirik on July 04, 2012, 08:03:15 PM
Over the past two days, a lot of new user accounts have been created, almost certainly by spambots. None of them have made any edits. So far as I know, this doesn't affect anything. Since they didn't edit, they couldn't have slipped any links in or anything, correct? Here's a sample of the new accounts:

10:03, 4 July 2012 Ramyez6mh (Talk | contribs | block) created a user account
03:25, 4 July 2012 Bennie0137 (Talk | contribs | block) created a user account
02:30, 4 July 2012 Dallas7738 (Talk | contribs | block) created a user account
23:29, 3 July 2012 Coa002vq (Talk | contribs | block) created a user account
23:06, 3 July 2012 3jbv64ijh5 (Talk | contribs | block) created a user account
22:38, 3 July 2012 Jjkvwbvev (Talk | contribs | block) created a user account
22:00, 3 July 2012 Rauzh484 (Talk | contribs | block) created a user account
21:23, 3 July 2012 LanJ8Liex (Talk | contribs | block) created a user account
21:20, 3 July 2012 Revo70 (Talk | contribs | block) created a user account
10:43, 3 July 2012 Liniwhzd (Talk | contribs | block) created a user account
07:40, 3 July 2012 Xbvsjd357c (Talk | contribs | block) created a user account
05:59, 3 July 2012 Jianhydwd (Talk | contribs | block) created a user account
04:21, 3 July 2012 4tcy1vh1o (Talk | contribs | block) created a user account
04:05, 3 July 2012 Vtwsbl98 (Talk | contribs | block) created a user account
01:23, 3 July 2012 MVSdG8jae (Talk | contribs | block) created a user account
Title: Re: Lots of spambot accounts?
Post by: Zakilevo on July 04, 2012, 08:07:02 PM
Yay spambots! Please do get rid of them before they go crazy.
Title: Re: Lots of spambot accounts?
Post by: Tom on July 04, 2012, 10:28:56 PM
Might be preparing, testing our defenses, or tried to edit and couldn't. Wiping them would certainly be good.

Title: Re: Lots of spambot accounts?
Post by: Indirik on July 04, 2012, 10:51:16 PM
I presume that locking would be good enough.
Title: Re: Lots of spambot accounts?
Post by: Cren on July 05, 2012, 10:06:28 AM
Get them before they wipe out our works, plant links and cause mayhem.
Title: Re: Lots of spambot accounts?
Post by: egamma on July 06, 2012, 04:58:22 PM
Quote from: Cren on July 05, 2012, 10:06:28 AM
Get them before they wipe out our works, plant links and cause mayhem.

We do not talk about Project Mayhem.
Title: Re: Lots of spambot accounts?
Post by: Lanyon on July 07, 2012, 12:50:37 AM
revo70 is my actual wiki account so don't wipe that.
Title: Re: Lots of spambot accounts?
Post by: Indirik on July 07, 2012, 01:19:49 AM
If you have made a valid edit, then it won't be locked. That's how I usually tell if it's a spambot account.
Title: Re: Lots of spambot accounts?
Post by: Tom on July 29, 2012, 11:05:32 AM
There's lots of spam bot accounts created every day, but they don't seem to be making any edits.

Anyone got a clue to
a) what's going on
and
b) can we stop this crap in some easy way?

Title: Re: Lots of spambot accounts?
Post by: Cren on July 29, 2012, 01:07:39 PM
Maybe you can create some code to link our BM a/c to wiki a/c, so that those who don't have a BM a/c can't create an wiki a/c? Not the best idea though.
Title: Re: Lots of spambot accounts?
Post by: Tom on July 29, 2012, 01:21:46 PM
Quote from: Cren on July 29, 2012, 01:07:39 PM
Maybe you can create some code to link our BM a/c to wiki a/c, so that those who don't have a BM a/c can't create an wiki a/c? Not the best idea though.

If someone knows enough about MediaWiki extensions to help me out, I'll consider it.
Title: Re: Lots of spambot accounts?
Post by: Indirik on July 29, 2012, 01:56:40 PM
I've been watching. The accounts get created, but they never do any edits. Probably broken spambots?
Title: Re: Lots of spambot accounts?
Post by: Tom on July 30, 2012, 10:30:37 PM
Does anyone know if it is possible to, say, prevent the creation of users with numbers in the username? That would weed out 90% of the spambots right there.

Maybe one can configure BadBehaviour to do that? I have that installed (it might be what's preventing them from actually posting spam).

Title: Re: Lots of spambot accounts?
Post by: Indirik on July 30, 2012, 10:44:47 PM
Due to the way BadBehavior works, I very much doubt that it can monitor/police usernames.


However, this may be applicable: http://www.mediawiki.org/wiki/Extension:TitleBlacklist

"The Title Blacklist extension allows wiki administrators to block the creation, movement and upload of pages which title matches one or more regular expressions, as well as blocking creation of accounts with matching usernames."
Title: Re: Lots of spambot accounts?
Post by: House Talratheon on August 04, 2012, 01:55:47 PM
I have a somewhat of a simple solution, goes along with the wiki team idea.

In order to make an account it has to be approved by a wiki Administrator, you would be encouraged to make an account in accordance with your battle master family last name or Forum name for verification before being approved.

so let the spam bots make away it'll never get approved without proper verification.
Title: Re: Lots of spambot accounts?
Post by: Cren on August 04, 2012, 04:39:55 PM
Quote from: House Talratheon on August 04, 2012, 01:55:47 PM
I have a somewhat of a simple solution, goes along with the wiki team idea.

In order to make an account it has to be approved by a wiki Administrator, you would be encouraged to make an account in accordance with your battle master family last name or Forum name for verification before being approved.

so let the spam bots make away it'll never get approved without proper verification.

Good Idea. +1
Title: Re: Lots of spambot accounts?
Post by: Foundation on August 04, 2012, 06:20:30 PM
Seems like a lot of work for the administrator, as well as slower access time for legitimate users.  Any comments on these two aspects?
Title: Re: Lots of spambot accounts?
Post by: House Talratheon on August 04, 2012, 06:46:07 PM
Well not entirely, for pure example say a wiki account tries to register named Velax since it has to be the forum name or the family name I message him on the forums asking if it's him, he verifies then I approve the account that entire process will take more than likely less than 24 hours.

At most I e-mail him in which case it could be handled slightly above 24 hours.

It's not like account making is the Mexico/US border I wouldn't expect it to be that busy.
Title: Re: Lots of spambot accounts?
Post by: Foundation on August 04, 2012, 09:15:45 PM
It's not a lot of work for the person registering, but it's a pain and an unnecessary hassle to have to wait a few days depending on the activity of the administrator to edit a wiki, especially a wiki that is not high traffic as you stated.

It is a lot of work for the administrator.  It will quickly turn to a boring and repetitive task, with no real purpose.  If they want to spend that time they might as well look for better ways to fix the spam detection or manually delete the spam accounts.

I still do not see the benefit of adding another layer of administration.  Having the players re-register on different sites (forum, game, wiki) is onerous enough.
Title: Re: Lots of spambot accounts?
Post by: Indirik on August 04, 2012, 09:45:29 PM
Tom's Bad Behavior extension blocks a ridiculous amount of wiki spam. I imagine it's the reason all those spambot accounts never manage to actually get any spam onto the wiki.
Title: Re: Lots of spambot accounts?
Post by: Tom on August 04, 2012, 10:54:54 PM
If there were a way to link the various sites... but I've tried several, even writing my own. :-(

Title: Re: Lots of spambot accounts?
Post by: Azerax on August 05, 2012, 02:33:31 AM
I've been running on-line services for 15 years and in my experience the best way to combat 95% of spam bots is to simply block the /24 ip range at the firewall.

Another idea, check the referring url, if the person is signing up for an account, but the referring url is not from the wiki, it's a bot.  A few lines of php can do this.
Title: Re: Lots of spambot accounts?
Post by: Indirik on August 09, 2012, 05:23:34 PM
The number of junk accounts signing up too the wiki is pretty amazing. BadBehaviour is doing an exceptional job of keeping out the edits, though. Tom, have you considered implementing the TitleBlacklist extension? A regex that forbids an account name from ending in two or more numbers would really cut down on the number of junk accounts.
Title: Re: Lots of spambot accounts?
Post by: Tom on August 09, 2012, 06:35:30 PM
Installed. Configurable here:
http://wiki.battlemaster.org/wiki/MediaWiki:Titleblacklist

I've also included the public blacklist here:
http://meta.wikimedia.org/w/index.php?title=Title_blacklist

Title: Re: Lots of spambot accounts?
Post by: Indirik on August 09, 2012, 07:13:06 PM
Well, let's give it a day or two and see what happens. I'm not all that good with regexes.
Title: Re: Lots of spambot accounts?
Post by: egamma on August 10, 2012, 06:57:23 AM
Quote from: Indirik on August 09, 2012, 07:13:06 PM
Well, let's give it a day or two and see what happens. I'm not all that good with regexes.

I hate them...but I can do pretty well with them. Let me know if you need help.
Title: Re: Lots of spambot accounts?
Post by: Azerax on August 10, 2012, 03:26:45 PM
Quote from: Indirik on August 09, 2012, 07:13:06 PM
Well, let's give it a day or two and see what happens. I'm not all that good with regexes.

This will match only the last 2 digits if they are numbers:

/[0-9]{2}$/

So it may look like this:
Code: [Select]
$username="fish23";

if (preg_match_all('/[0-9]{2}$/i', $username, $result)==1)
{
echo "Match found";
}
else
{
echo "no match found";
}
Title: Re: Lots of spambot accounts?
Post by: Indirik on August 10, 2012, 03:32:43 PM
What I was thinking may be useful would be for the string to match if the username ends in two or more numbers. Not exactly two, but two or more.


Quote from: Tom on August 09, 2012, 06:35:30 PM
I've also included the public blacklist here:
http://meta.wikimedia.org/w/index.php?title=Title_blacklist

Does that mean that the regexes on the wikimedia page will also be used by our wiki?
Title: Re: Lots of spambot accounts?
Post by: Anaris on August 10, 2012, 03:34:46 PM
in that case, /[0-9][0-9]+$/i should do the trick.
Title: Re: Lots of spambot accounts?
Post by: Tom on August 10, 2012, 03:46:43 PM
Quote from: Indirik on August 10, 2012, 03:32:43 PM
Does that mean that the regexes on the wikimedia page will also be used by our wiki?

Yes. We're not the only wiki getting spams, so why not profit from other peoples' experiences?
Title: Re: Lots of spambot accounts?
Post by: Indirik on August 10, 2012, 04:00:07 PM
Right. Just making sure that was the case.
Title: Re: Lots of spambot accounts?
Post by: Indirik on August 10, 2012, 04:44:32 PM
OK, so, I'm not 100% sure how to do this, or what we should be using to try to block the spambot accounts, without unnecessarily also blocking potential real users.

The spambot accounts seem to have at least one number in the username. Usually more than one, but not always. Here's the account creation log:
http://wiki.battlemaster.org/wiki/Special:Log/newusers

Anything on there that I would consider a valid user, i.e. anything with at least one successful non-spammy edit, never even uses a single number in the username. Do we just disallow any new accounts that use a number anywhere in the username? I know that we have in the past had a couple valid users with numbers in their username. According to the activity log, we have four who have been active in the last 30 days, two of whom have usernames ending in multiple numbers.  (Antix1994 and Madmonk77)

We can make a note on the account creation page that certain patterns are not allowed, such as ending in numbers at all, or even go so far as to disallow all numbers in usernames for new accounts only. This would not affect any existing accounts in any way. We would just need to accept that this may affect the future registration of valid users. But it would drop our spambot account signups by about 90%.

Opinions?

Also, anyone with good regex knowledge want to look at the TitleBlacklist page and see if you can figure out their syntax? It looks to me like blocking useraccounts does something like:
.*(insertpatternhere).* <newaccountonly>
Title: Re: Lots of spambot accounts?
Post by: Tom on August 10, 2012, 05:08:58 PM
I don't see how numbers are adequate for the game at all, so if you ask me, we can block all accounts with numbers in them.

Title: Re: Lots of spambot accounts?
Post by: Indirik on August 10, 2012, 05:11:53 PM
So would this do that?

.*[0-9].* <newaccountonly>
Title: Re: Lots of spambot accounts?
Post by: Foundation on August 10, 2012, 05:54:28 PM
That looks like correct regex to match any string with at least 1 number in it.  I don't understand the <newaccountonly> part though. :P
Title: Re: Lots of spambot accounts?
Post by: Indirik on August 10, 2012, 05:56:32 PM
... you almost got me with that one.
Title: Re: Lots of spambot accounts?
Post by: Indirik on August 10, 2012, 09:49:47 PM
I put the line in. Let's see if it works.
Title: Re: Lots of spambot accounts?
Post by: Foundation on August 10, 2012, 11:02:29 PM
Well, it's true!  I still don't understand what that's for. 8)
Title: Re: Lots of spambot accounts?
Post by: Draco Tanos on December 23, 2012, 10:29:06 AM
Sorry for bumping/thread necro-ing, but...  While I am glad the spambots can't post/edit on the wiki, is there a way to curtail their massive amounts of account registrations?
Title: Re: Lots of spambot accounts?
Post by: Indirik on December 23, 2012, 01:42:03 PM
There may be some kind of captcha extension or something.
Title: Re: Lots of spambot accounts?
Post by: Revan on December 27, 2012, 04:13:59 PM
http://wiki.battlemaster.org/index.php?title=Special:RecentChanges&days=30&from=&limit=2000&namespace=2

Wow. There was a steady trickle before, but it seems like wiki has basically been under all-out siege since the 18th December :-\ Looks like there's been at least 1800 new user accounts created since then alone.
Title: Re: Lots of spambot accounts?
Post by: Tom on December 27, 2012, 04:40:04 PM
Any ideas about how to counter that are more than welcome.

Also, any ideas about how to clean them out.

Title: Re: Lots of spambot accounts?
Post by: Fleugs on December 27, 2012, 04:48:48 PM
Quote from: Indirik on December 23, 2012, 01:42:03 PM
There may be some kind of captcha extension or something.

This. Isn't captcha the standard anti-bot measure?
Title: Re: Lots of spambot accounts?
Post by: Chenier on December 27, 2012, 06:00:05 PM
Maybe we could just have a box like for the game account creation that asks "I am an alien from Mars and I seek to destroy all humans" or something. Or a box that asks something really simple, like "what is the name of the game?". Some scripts can beat captcha, I heard, but I doubt bots could reply to simple questions that don't have the answer on the page?
Title: Re: Lots of spambot accounts?
Post by: Indirik on December 27, 2012, 06:52:52 PM
Do you know of any extensions that could do that sort of thing? It has to be a supported extension. Hand-coding our own modifications to MediaWiki isn't a viable solution.
Title: Re: Lots of spambot accounts?
Post by: Chenier on December 27, 2012, 06:54:59 PM
Quote from: Indirik on December 27, 2012, 06:52:52 PM
Do you know of any extensions that could do that sort of thing? It has to be a supported extension. Hand-coding our own modifications to MediaWiki isn't a viable solution.

Sorry, I don't know much of extensions for wikis. Just thought maybe it'd exist somewhere.
Title: Re: Lots of spambot accounts?
Post by: Draco Tanos on December 28, 2012, 01:28:27 AM
http://www.mediawiki.org/wiki/Extension:ConfirmEdit

Not entirely sure if it goes to account creation (which I hope it does/can), but this might work.

Edit:  It does!
There are five "triggers" on which CAPTCHAs can be displayed:
'edit' - triggered on every attempted page save
'create' - triggered on page creation
'addurl' - triggered on a page save that would add one or more URLs to the page
'createaccount' - triggered on creation of a new account
'badlogin' - triggered on the next login attempt after a failed one. Requires $wgMainCacheType to be set to something other than CACHE_NONE.