[Olpc-sysadmin] Wiki spam: temporarily add captchas for IP-user edits
luke at laptop.org
luke at laptop.org
Wed Dec 17 07:28:14 EST 2008
On Dec 17, 2008, at 2:48, Mel Chua <mel at melchua.com> wrote:
> High-priority, quick implementation (<5min for someone with privs).
>
> We have been hit by a flood of publicwiki vandalism that started at
> 15:19 on 2008-12-17. The vandalism is consistent, done only by
> not-logged-in users, and continuing (approx. once every half-hour,
> often
> more frequently) and seems like the work of a bot; it comes from
> different IP addresses and usually includes the text
> "(FIELD_OTHER)" (no
> quotes) in the spam edit, though it sometimes includes single words of
> gibberish, as in here:
> http://wiki.laptop.org/index.php?title=Le_Wiki_de_OLPC&curid=5062&diff=187187&oldid=153569
> (The FIELD_OTHER and gibberish edits come from the same IP addresses,
> and those IP addresses have nothing except vandalizing edits.)
>
> Sysop Chris Leonard (cjl) first spotted the vandalism and began to
> fight
> it tonight, reverting vandalized pages en masse; Joachim Pedersen
> (joachimp) soon joined in on the effort to identify the rogue IP
> addresses, and Michael Stone (m_stone) looked for ways to stop the
> spamming at the source. #olpc logs starting from approximately 1:23am
> EST detail much of the conversation. Over an hour of constant reverts
> and blocks later, we think we've cleaned up the bulk of the spam, but
> wiki-gang should take another pass after the captcha is implemented,
> as
> well to make sure this type of thing won't happen (as easily) again.
> Thanks to Chris, Joachim, and Michael for their heroic late-night
> responses.
>
> Short term solution: add a captcha for all edits and new page
> creations
> for users who are not logged in (i.e. IP users).
>
> Long term solution: I'm at a loss for how to track this down further
> and
> stop it at the source. Can VIG advise? (Also suggest following-up on
> any
> discussion this thread my have gathered on the wiki-gang list, see
> http://lists.laptop.org/pipermail/wiki-gang/2008-December/thread.html
> and look for the subject of this email.)
>
I've been recommending OLPC implementing recaptcha for a while now; it
is a very effective means of defeating automated vandalism.
http://recaptcha.org
-lf
> To implement the short-term solution, someone with edit access to this
> file on pedal needs to add the below lines in
> /var/www/wiki.laptop.org/LocalSettings.php
>
> --- add these lines ---
>
> ## To combat wiki spam
> ## From http://www.mediawiki.org/wiki/Extension:ConfirmEdit#Configuration
> ## Puts CAPTCHAs on all edits and new page creations unless you are
> logged in
>
> $wgGroupPermissions['*' ]['skipcaptcha'] = false;
> $wgGroupPermissions['user' ]['skipcaptcha'] = true;
> $wgGroupPermissions['autoconfirmed']['skipcaptcha'] = true;
> $wgGroupPermissions['bot' ]['skipcaptcha'] = true; //
> registered bots
> $wgGroupPermissions['sysop' ]['skipcaptcha'] = true;
>
> $wgCaptchaTriggers['edit'] = true;
> $wgCaptchaTriggers['create'] = true;
> $wgCaptchaTriggers['addurl'] = true;
> $wgCaptchaTriggers['createaccount'] = true;
> $wgCaptchaTriggers['badlogin'] = true;
> _______________________________________________
> Olpc-sysadmin mailing list
> Olpc-sysadmin at lists.laptop.org
> http://lists.laptop.org/listinfo/olpc-sysadmin
More information about the Olpc-sysadmin
mailing list