[Olpc-sysadmin] Wiki spam: temporarily add captchas for IP-user edits
Mel Chua
mel at melchua.com
Wed Dec 17 02:48:16 EST 2008
High-priority, quick implementation (<5min for someone with privs).
We have been hit by a flood of publicwiki vandalism that started at
15:19 on 2008-12-17. The vandalism is consistent, done only by
not-logged-in users, and continuing (approx. once every half-hour, often
more frequently) and seems like the work of a bot; it comes from
different IP addresses and usually includes the text "(FIELD_OTHER)" (no
quotes) in the spam edit, though it sometimes includes single words of
gibberish, as in here:
http://wiki.laptop.org/index.php?title=Le_Wiki_de_OLPC&curid=5062&diff=187187&oldid=153569
(The FIELD_OTHER and gibberish edits come from the same IP addresses,
and those IP addresses have nothing except vandalizing edits.)
Sysop Chris Leonard (cjl) first spotted the vandalism and began to fight
it tonight, reverting vandalized pages en masse; Joachim Pedersen
(joachimp) soon joined in on the effort to identify the rogue IP
addresses, and Michael Stone (m_stone) looked for ways to stop the
spamming at the source. #olpc logs starting from approximately 1:23am
EST detail much of the conversation. Over an hour of constant reverts
and blocks later, we think we've cleaned up the bulk of the spam, but
wiki-gang should take another pass after the captcha is implemented, as
well to make sure this type of thing won't happen (as easily) again.
Thanks to Chris, Joachim, and Michael for their heroic late-night responses.
Short term solution: add a captcha for all edits and new page creations
for users who are not logged in (i.e. IP users).
Long term solution: I'm at a loss for how to track this down further and
stop it at the source. Can VIG advise? (Also suggest following-up on any
discussion this thread my have gathered on the wiki-gang list, see
http://lists.laptop.org/pipermail/wiki-gang/2008-December/thread.html
and look for the subject of this email.)
To implement the short-term solution, someone with edit access to this
file on pedal needs to add the below lines in
/var/www/wiki.laptop.org/LocalSettings.php
--- add these lines ---
## To combat wiki spam
## From http://www.mediawiki.org/wiki/Extension:ConfirmEdit#Configuration
## Puts CAPTCHAs on all edits and new page creations unless you are
logged in
$wgGroupPermissions['*' ]['skipcaptcha'] = false;
$wgGroupPermissions['user' ]['skipcaptcha'] = true;
$wgGroupPermissions['autoconfirmed']['skipcaptcha'] = true;
$wgGroupPermissions['bot' ]['skipcaptcha'] = true; //
registered bots
$wgGroupPermissions['sysop' ]['skipcaptcha'] = true;
$wgCaptchaTriggers['edit'] = true;
$wgCaptchaTriggers['create'] = true;
$wgCaptchaTriggers['addurl'] = true;
$wgCaptchaTriggers['createaccount'] = true;
$wgCaptchaTriggers['badlogin'] = true;
More information about the Olpc-sysadmin
mailing list