Author Topic: Lots of spambot accounts?  (Read 27687 times)

Indirik

  • Exalted Emperor
  • ******
  • Posts: 10849
  • No pressure, no diamonds.
    • View Profile
Re: Lots of spambot accounts?
« Reply #30: August 10, 2012, 04:00:07 PM »
Right. Just making sure that was the case.
If at first you don't succeed, don't take up skydiving.

Indirik

  • Exalted Emperor
  • ******
  • Posts: 10849
  • No pressure, no diamonds.
    • View Profile
Re: Lots of spambot accounts?
« Reply #31: August 10, 2012, 04:44:32 PM »
OK, so, I'm not 100% sure how to do this, or what we should be using to try to block the spambot accounts, without unnecessarily also blocking potential real users.

The spambot accounts seem to have at least one number in the username. Usually more than one, but not always. Here's the account creation log:
http://wiki.battlemaster.org/wiki/Special:Log/newusers

Anything on there that I would consider a valid user, i.e. anything with at least one successful non-spammy edit, never even uses a single number in the username. Do we just disallow any new accounts that use a number anywhere in the username? I know that we have in the past had a couple valid users with numbers in their username. According to the activity log, we have four who have been active in the last 30 days, two of whom have usernames ending in multiple numbers.  (Antix1994 and Madmonk77)

We can make a note on the account creation page that certain patterns are not allowed, such as ending in numbers at all, or even go so far as to disallow all numbers in usernames for new accounts only. This would not affect any existing accounts in any way. We would just need to accept that this may affect the future registration of valid users. But it would drop our spambot account signups by about 90%.

Opinions?

Also, anyone with good regex knowledge want to look at the TitleBlacklist page and see if you can figure out their syntax? It looks to me like blocking useraccounts does something like:
.*(insertpatternhere).* <newaccountonly>
If at first you don't succeed, don't take up skydiving.

Tom

  • BM Dev Team
  • Exalted Emperor
  • *
  • Posts: 8228
    • View Profile
    • BattleMaster
Re: Lots of spambot accounts?
« Reply #32: August 10, 2012, 05:08:58 PM »
I don't see how numbers are adequate for the game at all, so if you ask me, we can block all accounts with numbers in them.


Indirik

  • Exalted Emperor
  • ******
  • Posts: 10849
  • No pressure, no diamonds.
    • View Profile
Re: Lots of spambot accounts?
« Reply #33: August 10, 2012, 05:11:53 PM »
So would this do that?

.*[0-9].* <newaccountonly>
If at first you don't succeed, don't take up skydiving.

Foundation

  • Honourable King
  • *****
  • Posts: 2526
  • Okay... you got me
    • View Profile
    • White Halmos
Re: Lots of spambot accounts?
« Reply #34: August 10, 2012, 05:54:28 PM »
That looks like correct regex to match any string with at least 1 number in it.  I don't understand the <newaccountonly> part though. :P
The above is accurate 25% of the time, truthful 50% of the time, and facetious 100% of the time.

Indirik

  • Exalted Emperor
  • ******
  • Posts: 10849
  • No pressure, no diamonds.
    • View Profile
Re: Lots of spambot accounts?
« Reply #35: August 10, 2012, 05:56:32 PM »
... you almost got me with that one.
If at first you don't succeed, don't take up skydiving.

Indirik

  • Exalted Emperor
  • ******
  • Posts: 10849
  • No pressure, no diamonds.
    • View Profile
Re: Lots of spambot accounts?
« Reply #36: August 10, 2012, 09:49:47 PM »
I put the line in. Let's see if it works.
If at first you don't succeed, don't take up skydiving.

Foundation

  • Honourable King
  • *****
  • Posts: 2526
  • Okay... you got me
    • View Profile
    • White Halmos
Re: Lots of spambot accounts?
« Reply #37: August 10, 2012, 11:02:29 PM »
Well, it's true!  I still don't understand what that's for. 8)
The above is accurate 25% of the time, truthful 50% of the time, and facetious 100% of the time.

Draco Tanos

  • Mighty Duke
  • ****
  • Posts: 1128
    • View Profile
    • Nova Roma
Re: Lots of spambot accounts?
« Reply #38: December 23, 2012, 10:29:06 AM »
Sorry for bumping/thread necro-ing, but...  While I am glad the spambots can't post/edit on the wiki, is there a way to curtail their massive amounts of account registrations?

Indirik

  • Exalted Emperor
  • ******
  • Posts: 10849
  • No pressure, no diamonds.
    • View Profile
Re: Lots of spambot accounts?
« Reply #39: December 23, 2012, 01:42:03 PM »
There may be some kind of captcha extension or something.
If at first you don't succeed, don't take up skydiving.

Revan

  • Noble Lord
  • ***
  • Posts: 410
    • View Profile
Re: Lots of spambot accounts?
« Reply #40: December 27, 2012, 04:13:59 PM »
http://wiki.battlemaster.org/index.php?title=Special:RecentChanges&days=30&from=&limit=2000&namespace=2

Wow. There was a steady trickle before, but it seems like wiki has basically been under all-out siege since the 18th December :-\ Looks like there's been at least 1800 new user accounts created since then alone.

Tom

  • BM Dev Team
  • Exalted Emperor
  • *
  • Posts: 8228
    • View Profile
    • BattleMaster
Re: Lots of spambot accounts?
« Reply #41: December 27, 2012, 04:40:04 PM »
Any ideas about how to counter that are more than welcome.

Also, any ideas about how to clean them out.


Fleugs

  • Mighty Duke
  • ****
  • Posts: 668
    • View Profile
Re: Lots of spambot accounts?
« Reply #42: December 27, 2012, 04:48:48 PM »
There may be some kind of captcha extension or something.

This. Isn't captcha the standard anti-bot measure?
Ardet nec consumitur.

Chenier

  • Exalted Emperor
  • ******
  • Posts: 8120
    • View Profile
Re: Lots of spambot accounts?
« Reply #43: December 27, 2012, 06:00:05 PM »
Maybe we could just have a box like for the game account creation that asks "I am an alien from Mars and I seek to destroy all humans" or something. Or a box that asks something really simple, like "what is the name of the game?". Some scripts can beat captcha, I heard, but I doubt bots could reply to simple questions that don't have the answer on the page?
Dit donc camarade soleil / Ne trouves-tu ça pas plutôt con / De donner une journée pareil / À un patron

Indirik

  • Exalted Emperor
  • ******
  • Posts: 10849
  • No pressure, no diamonds.
    • View Profile
Re: Lots of spambot accounts?
« Reply #44: December 27, 2012, 06:52:52 PM »
Do you know of any extensions that could do that sort of thing? It has to be a supported extension. Hand-coding our own modifications to MediaWiki isn't a viable solution.
If at first you don't succeed, don't take up skydiving.