Editing Spam

Jump to navigation Jump to search

Warning: You are not logged in. Your IP address will be publicly visible if you make any edits. If you log in or create an account, your edits will be attributed to your username, along with other benefits.

The edit can be undone. Please check the comparison below to verify that this is what you want to do, and then save the changes below to finish undoing the edit.

Latest revision Your text
Line 1: Line 1:
* {{mergefrom|How Should We Deal With Spam}}
+
Page for discussion of possible solutions.
* {{mergefrom|Spam Attack 2011}}
 
* {{mergefrom| spammer ip}}
 
 
 
 
 
''(FIXME: summarize all the ideas in a nice list)''
 
 
 
 
 
Possible solutions and what is currently being done to combat the growing spam problem.
 
Note:  if you have been blocked, and think it is a mistake, please contact one of the system administrators [[russ_hensel]], [[User:DavidCary]] or others ?
 
 
 
== Spam Blacklist Extension ==
 
 
 
The first way that we can decrease the spam problem is by using a ''blacklist'' filtering approach. There is a widely used MediaWiki extension called [http://www.mediawiki.org/wiki/Extension:SpamBlacklist Spam Blacklist] that checks instances of URLs in new posts against a shared blacklist. If a match is found, posting is prevented.
 
 
 
On the OpenCircuits server, this extension is currently configured to use:
 
 
 
# the global blacklist [http://meta.wikimedia.org/wiki/Spam_blacklist Mediawiki Spam Blacklist].
 
# the English wikipedia blacklist: http://en.wikipedia.org/wiki/MediaWiki:Spam-blacklist
 
# the local OpenCircuits blacklist [[MediaWiki:Spam-blacklist]].
 
 
 
== reCAPTCHA Extension ==
 
 
 
An additional method of preventing spam is to prevent automated posting. One method of doing this is through a [http://en.wikipedia.org/wiki/Captcha CAPTCHA]. A CAPTCHA is a [http://en.wikipedia.org/wiki/Reverse_Turing_test reverse Turing Test] that determines whether submissions and new user requests are coming from a human or not.
 
 
 
The implementation that has been put in place for Open Circuits makes use of the [http://recaptcha.net/ reCAPTCHA] plugin. From the reCAPTCHA site:
 
 
 
By default, CAPTCHAs are triggered on the following events:
 
 
*New user registration
 
*Anonymous edits that contain new external links
 
*Brute-force password cracking
 
 
 
: reCAPTCHA has been compromised and is completely ineffective for stopping automated bots.[http://www.allspammedup.com/2011/01/google-recaptcha-cracked/]  [[User:WarlordRaptor|Warlord Raptor]] ([[User talk:WarlordRaptor|talk]]) 05:01, 25 March 2014 (PDT)
 
 
 
:: That is disappointing. Ah well, we now have our own custom OpenCircuits captcha running now. At the moment it seems to be working pretty good at keeping out automated bots. --[[User:DavidCary|DavidCary]] ([[User talk:DavidCary|talk]]) 08:49, 30 September 2014 (PDT)
 
 
 
== Other Suggestions ==
 
  
 
[[russ_hensel]] suggests that a first step is to require all users to register, when they spam ( hopefully never ) delete them.
 
[[russ_hensel]] suggests that a first step is to require all users to register, when they spam ( hopefully never ) delete them.
 
I suggest that registred users that been around a longer time without spam incidents should not be subject to captcha. When doing lot's of edits, it's a real pain. [[User:Freqmax|Freqmax]] 16:04, 29 February 2008 (PST)
 
 
More material, perhaps should be merged?
 
[[How Should We Deal With Spam]]
 
 
-------------------------------------------------------
 
 
 
5.7.2007 ... we sure do need an anti-vandalism bot. Also maybe not allow anonymous editing.
 
 
 
== spammers ==
 
 
I think I know how to dramatically reduce the amount of linkspam on the website i think if the administrators on this site protect pages that are frequently spammed such as [[Open Circuits talk:Community Portal]] that will reduce the amount of spam on this site because the spammers will not be able to edit those pages.--[[User:71.234.233.163|71.234.233.163]] 08:21, 2 June 2007 (PDT)
 
 
:I just signed up a few minutes ago and noticed that there seems to be a lot of linkspam being placed by unregistered users. I don't want to exclude folk, but would only allowing registered users to edit cut down some of the spam? [[User:Autarch|Autarch]] 09:53, 13 June 2007 (PDT)
 
 
::You are right.
 
::Certainly that is one way to cut down on spam, and perhaps I will be forced to do that soon.
 
 
Another way, as you can see from [[Special:Ipblocklist]], I've been banning a bunch of anonymous spammers.
 
 
:But is there another, better way to reduce spam?
 
 
:I want to avoid a problem I am starting to notice.
 
:Sometimes I see a tiny little typo or technopropisms or some other tiny little thing that I could easily fix
 
:( http://communitywiki.org/WhyWikiWorks ).
 
:But someone has built a huge barrier that prevents me from helping.
 
:We want a system in a way that makes it very easy for anyone to help us.
 
:Certainly too much spam is leaking through just now, but I don't want to go to the opposite extreme and make people go through a big complicated procedure in order to improve a schematic or fix a typo.
 
:--[[User:DavidCary|DavidCary]] 21:39, 21 June 2007 (PDT)
 
 
::That's a very noble way of thinking. I also like to be able to edit anonymously... There are enough sites you have to register for already. --SebDE
 
 
::I know how to greatly reducethe amount of spam without stopping anomyomus ips from editing you can install a spam filter [http://wiki.cotch.net/index.php/Spam_filter like the one at my website EvoWiki] we usually dont get much spam at EvoWiki because we have a spam filter.--[[User:71.234.233.163|71.234.233.163]] 15:01, 22 June 2007 (PDT)
 
 
:::Indeed, a black list based on words is the way to go here. BTW this seems to be an extension you need to install from [http://meta.wikimedia.org/wiki/SpamBlacklist_extension there]
 
:::And an easy way to monitor for spam can help, too. The spam cops around here might want to check out those [http://en.wikipedia.org/wiki/Wikipedia:Tools/Editing_tools wiki editing tools] ;) --SebDE
 
::::Bummer, they recently moved the BalckList Extension to the Extension namespace http://www.mediawiki.org/wiki/Extension:SpamBlacklist
 
::::Anyways, if you've problem with installing that or in doubt of maintaining - I run several mediawikis for private use and am quite advanced with regexes, although only very simple ones are needed for the BlackList.
 
::::--SebDE
 
:::::Well I just digged through the code of the Extension and spotted a spam filter option that is already there in the MediaWiki software. It would involve edititing the configuration for any new spam pattern, tough. --SebDE
 
 
'''Anonymous Edits?'''
 
Aloha from Honolulu David,
 
I just got an email saying my page had been edited by an anonymous user.  I don't know who this is, there is nothing his/her page.  I would not be complainig if the edits had improved things, but all they did was delete information.  Perhaps it is their sense of humor.
 
I am glad there is the record of changes made, so I can try to recover what was removed.  Just to let you know that apparently spammers are not all you have to worry about.
 
 
Roger
 
[[User:RogerAF|RAF]] 05:58, 9 July 2007 (PDT)
 
 
P. S.
 
 
I just finished replacing what had been rmoved.  Again, I'm grateful for the changes records.  I also left a note to whoever did it.  I think possibly it was unintentional.  I hope that's the case.
 
 
It occurred to me that perhaps editing should not be allowed by anonymous users.  Perhaps there could be a special page that allowed anonimity, but require identification from anyone who wants to perform edits on pages that others have posted.
 
 
I don't know how you'd acomplish it.  I'm just a bit po'd that this can happen.  He could have easily deleted the whole page.  I'm glad it was easy to repair, but I will be moving come the middle of August and I may not have email for a week or two, possibly longer.  So if something like this happened then, I would not know for some time.  Then it would be a problem.  Forgive my rant, but see my point?  I'll leave it at that and check back later.
 
 
[[User:RogerAF|RAF]] 06:23, 9 July 2007 (PDT)
 
 
I'm sorry that your page was damaged.
 
Certainly, blocking "ip users" would have stopped this particular problem.
 
But is there a better solution?
 
One that doesn't force people to go through a "identification process" before fixing a little typo?
 
--[[User:DavidCary|DavidCary]] 14:45, 9 July 2007 (PDT)
 
:Yes, there is, I already posted this. http://www.mediawiki.org/wiki/Extension:SpamBlacklist
 
:4 simple steps:
 
:* Create an article for spam phrases -- I'll pop up more often (even create an account) and help maintaining this list ;)
 
:* Protect this Article against anonymous edits
 
:* Install the Extension
 
:* Configure the extension to use the just created Article (in this example [[spam blacklist]]):
 
<pre>
 
require_once( "$IP/extensions/SpamBlacklist/SpamBlacklist.php" );
 
$wgSpamBlacklistFiles = array(
 
  "DB: $wgDBname spam_blacklist",
 
);
 
</pre>
 
:--SebDE
 
 
 
== Spam ==
 
 
Do you have adminstrative priviligies?, anyway I have summerized the [[Spammer ip|spammers ip here]] and noticed, that the same networks. And esp same edit comment and content tend to stay the same. It would benefitial to be able to block these rougue networks and aswell block submission of any page that contains these phrases in their edit summary. Or spammer links.
 
 
''I'm a "sysop" now.''
 
''I've banned a bunch of individual IPs,''
 
''but I hope that fine-tuning the "$wgSpamRegex" will not only save me time, but also avoid annoying people sincerely trying to help.''
 
''(Please use the [[Sandbox]] to post words/phrases/URLs that ought to go into the "$wgSpamRegex").''
 
 
:Amen to that.
 
 
''And I see that someone recently installed the''
 
''[[Special:Contributions/Spam cleanup script]]''
 
''on 30 July 2007.''
 
''I'm guessing that's the same''
 
''[http://www.wikia.com/wiki/Spam_cleanup_script script that Tim Starling wrote].''
 
''--[[User:DavidCary|DavidCary]] 01:23, 3 August 2007 (PDT)''
 
 
:Well, as with the banning of IPs, the spam problem could be adressed earlier, so it not even appears in the history. $wgSpamRegex is the better choice in my opinion. I'll come up with a regex somewhen this weekend or so ;)
 
 
I suggest that ip blocks (see [[Spammer ip]]) like 217.141.249.0/24 (Interbusiness Italy) are used for any ip that spam on sight. And that users from such address blocks are blocked from doing any edits. But may create a user account and then edit. This is due that most spam is made from accountless ip addresses. This will allow everybody to still edit while preventing most spam. Maybe it could be made possible for people without sysop access to add ip-ban?
 
[[User:Freqmax|Freqmax]] 11:55, 12 August 2007 (PDT)
 
 
:Did it came to your mid that this might not be the ultimative solution to a spam problem? Did it ever occur to you that the same kind of spam comes from (regional) totally independent IP ranges? Have you noticed that spam can origin virtually everywhere? Do you want to block every IP in the internet? :)
 
 
::I have noticed that certain countries like China, Russia, Italy etc.. tend to be overrepresented. And ofcourse one should block ranges not individual IPs. Other than that pattern matching (regex) is proberbly the way. Most spam seems to contain full qualified links to domains that tend to reoccour. My hope is we can improve such that we don't need spend so much time on cleaning up.
 
 
: Wow, this spam is getting quite nasty. I'm all for openess and such, but perhaps it's time to change the settings so only verified users can make edits. I'd rather spend my time designing a nifty new circuit than removing spam. Spam me if I've suggested the unthinkable.--[[User:Yzf600|Yzf600]] 17:25, 28 August 2007 (PDT)
 
::Indeed, if you want to enable anonymous editing, you have to use advanced spam fighting methods. This site is of no use in the current state. --SebDE
 
 
::: Yes, this spam is nasty. The $wgSpamRegex seems to be broken today -- sorry. I hope this gets fixed soon. --[[User:DavidCary|DavidCary]] 23:31, 30 August 2007 (PDT)
 
 
I have written a quick guide on how to remove spam [[How to delete spam]] to help people avoid deleting good edits. [[User:Freqmax|Freqmax]] 17:33, 8 September 2007 (PDT)
 
 
Thank you, Freqmax.
 
--[[User:DavidCary|DavidCary]] 22:29, 22 September 2007 (PDT)
 
 
'''Aloha from Oviedo, Florida'''  Yesterday I changed my email in My Preferences, to reflect my current address.  I waited for the confirmation email, but it didn't arrive for several hours.  I tried re-sending it a few times, but eventually stopped watching for it.  So of course, this morning there were several confirmation emails sitting in my inbox.  Most had expired, but one was still valid and so I am confirmed.  I found a message that my Talk page had changed.  Someone had replaced your first reply with a bunch of gay porn sites.  I was able to get the proper text back in place and noticed you had been doing the same over the last several weeks.  I just wanted to thank you and say I hope to be able to do more of my own weeding in this area.  I guess I should check the rest of my posts.
 
 
Keep up the good work.--[[User:RogerAF|RAF]] 07:55, 24 October 2007 (PDT)
 
 
: Thank you. I hope to get better spam filters installed Real Soon Now. Meanwhile, I hope we can get a bunch of volunteers to scare away spammers by using the [[How to delete spam]] technique. --[[User:DavidCary|DavidCary]] 16:43, 24 October 2007 (PDT)
 
 
----
 
 
Just looking around again to suggest an other extension. You know, since there is not much effort to maintain the software around here there might be a one shot thing to get rid of spam. Seems to work nice on the [http://wpkg.org/ WPKG wiki]... Extension is: [http://www.mediawiki.org/wiki/Extension:ConfirmEdit ConfirmEdit] Not as userfriendly as a spam blacklist, but what do I care anymore? :) --SebDE
 
 
Thank you for the suggestion.
 
Yes, annoying.
 
But certainly better than what we have now.
 
Let me look into it ...
 
--[[User:DavidCary|DavidCary]] 08:30, 29 October 2007 (PDT)
 
 
:The Spam on this site is out of control (in three days i've done about 200 edits to delete spam) the captcha is really necesary, or any other system that stop machine editings (they dont get tired, never) [[User:Garrocha|Garrocha]] 03:29, 30 December 2007 (PST)
 
 
Now we have reCaptcha enabled.
 
Did that work?
 
--[[User:DavidCary|DavidCary]] 14:06, 11 March 2008 (PDT)
 
 
 
 
 
 
== Anti-Vandalism Bot ==
 
It is my opinion that this should be the top goal for this site to accomplish.
 
 
: ''We recently updated the $wgSpamRegex ( http://www.mediawiki.org/wiki/Manual:%24wgSpamRegex ). It should block nearly all of the kinds of spam we've been seeing in the past. (Use [[Meta:Sandbox]] for testing). --[[User:DavidCary|DavidCary]] 08:46, 6 June 2007 (PDT)''
 
::The problem is, that this is not a one time thing. It must be updated regulary, so it also works for new kinds of spam --SebDE
 
<div style="clear:both;border:1px dotted #333;padding:10px;background:#FFE400;color:#333;margin-top:10px;margin-bottom:10px;">We're actually using the [http://meta.wikimedia.org/wiki/Spam_blacklist Mediawiki Spam Blacklist] now, so this should be pulling from the community edited list of spam triggers. -- [[User:Chazegh|Chazegh]] 00:10, 11 March 2008 (PDT)</div>
 
 
 
Seeing a lot of stubborn spammers. Can we implement some kind of ip blocking mechanism?, that blocks repeated spam ip's for a week or so. Here's a list of known [[spammer ip]].
 
:Blocking based on IPs might be usefull if it uses a maintained black or gray list, but the kind of IP blocking is used around here doesn't help much. --SebDE
 
::Let's call this a future investigation for now (see discussion on reCAPTCHAs)? Does anyone disagree? -- [[User:Chazegh|Chazegh]] 00:10, 11 March 2008 (PDT)</div>
 
 
Disabling edits from users that aren't logged in might help a lot:  http://www.mediawiki.org/wiki/Manual:Faq#How_can_I_prevent_editing_by_anonymous_users.3F --[[User:Mzandrew|Mzandrew]] 14:16, 8 September 2007 (PDT)
 
:[[User:DavidCary|DavidCary]] wrote: "We want a system in a way that makes it very easy for anyone to help us." on his User Discussion page.
 
:But it wouldn't hurt if the creation of new sites would be logged in users only. (Would reduce the need to delete certain articles over and over again) --SebDE
 
 
Or if someone's not logged in, could we enable a captcha so that the spammers would at least have to do it manually?
 
Here's the ReCAPTCHA extension for mediawiki sites:  http://www.mediawiki.org/wiki/Extension:ReCAPTCHA
 
There's also the ConfirmEdit extension.  http://www.mediawiki.org/wiki/Extension:ConfirmEdit
 
--[[User:Mzandrew|Mzandrew]] 13:38, 9 September 2007 (PDT)
 
:That is way to overdesigned if you know what I mean. And just btw it is hell for accessibility. I would rather see the use other techniques like wgSpamRegex and the use of a maintained IP black list first before using such ugly things... --SebDE
 
<div style="clear:both;border:1px dotted #333;padding:10px;background:#FFE400;color:#333;margin-top:10px;margin-bottom:10px;">We're using the [http://recaptcha.net/ reCAPTCHA] plugin now. The nice thing about this framework is that audio captchas are easily supported so accessibility for the visually impaired shouldn't be too adversely affected. -- [[User:Chazegh|Chazegh]] 00:10, 11 March 2008 (PDT)</div>
 
 
::Obviously other methods are not working, I think captcha could be a hell for accessibility, but it is only when editing. I think is much worst for accesibility the incredible amount of spam that is attacking the wiki than captcha (think seriously about it)[[User:Garrocha|Garrocha]] 10:43, 27 December 2007 (PST)
 
 
I have a whole bunch of PIC projects and things I think I can do to contribute to this Wiki, but the spam here is way way out of control.  I'm looking at the change logs and I'm seeing 20+ spam edits per day. I'm not so sure I want to contribute if my contributions are going to be destroyed in a matter or days.  I think requiring a logon to make changes would cut out most of the spam.  At this point, the problem is so bad that making things alittle harder for people to make changes is probably worth the benefits.
 
 
Also, this isn't directly related to spam, but it would be nice if the site didn't put nofollow on all the URLs.  I think more people would be willing to add project info pages to the wiki if they new it would make them more visable in search engines.  The wiki is small enough at this point that if people start abusing this it would be easy to ban or delete their account( assuming the change is made to require a login to make edits)
 
[[User:Mzoran|Mzoran]] 21:42, 14 October 2007 (PDT)
 
<div style="clear:both;border:1px dotted #333;padding:10px;background:#FFE400;color:#333;margin-top:10px;margin-bottom:10px;">DONE! -- [[User:Chazegh|Chazegh]] 00:10, 11 March 2008 (PDT)</div>
 
 
== List of anti-spam features ==
 
 
As of 2014-03-16, here are the anti-spam features installed and enabled on OpenCircuits:
 
 
built-in anti-spam features:
 
* GroupPermissions is set so no one can edit unless they are logged in (sorry, anonymous users)
 
* EmailConfirmToEdit is currently enabled
 
* [http://www.mediawiki.org/wiki/Manual:Combating_spam#DNSBL EnableDnsBlacklist]
 
* [https://www.mediawiki.org/wiki/Manual:Autoconfirmed_users Autoconfirmed users] have some [https://www.mediawiki.org/wiki/Manual:$wgRateLimits RateLimits] set up; how can I tell if it's set too high or too low?
 
 
anti-spam extensions:
 
* [https://www.mediawiki.org/wiki/Extension:ConfirmEdit ConfirmEdit] (<s>reCaptcha</s> QuestyCaptcha)
 
* [https://www.mediawiki.org/wiki/Nuke Nuke]
 
* [https://www.mediawiki.org/wiki/Extension:SpamBlacklist SpamBlacklist] [[MediaWiki:Spam-blacklist|OpenCircuits SpamBlacklist Page]]
 
* [https://www.mediawiki.org/wiki/Checkuser CheckUser]
 
 
other extensions:
 
* Gadgets
 
* Math
 
* ParserFunctions
 
* Renameuser
 
* Vector
 
* WikiEditor
 
 
other built-in features:
 
* UseInstantCommons is enabled (so you can use pictures of electronics on http://commons.wikimedia.org without re-uploading them)
 
 
=== EmailConfirmToEdit ===
 
 
The EmailConfirmToEdit seems to work for people who have email addresses at:
 
* gmail.com
 
* mailismagic.com
 
 
Alas, it appears that "EmailConfirmToEdit" doesn't work for people who use an email address at "outlook.com" or "hotmail.com", because Outlook and Hotmail are blocking email from us.
 
* outlook.com
 
* hotmail.com
 
* live.com
 
* comcast.net
 
I see we're not the only ones who [https://discussion.dreamhost.com/thread-45444.html can't send email to Hotmail].
 
 
What can we do to allow those people to make good edits,
 
without opening the floodgates to spammers?
 
--[[User:DavidCary|DavidCary]] ([[User talk:DavidCary|talk]]) 20:54, 19 March 2014 (PDT)
 
 
=== Delayed confirmation ===
 
 
On 2014-03-22,
 
I tweaked the settings such that no one is allowed to edit until
 
(1) a person creates an account with an email address,
 
(2) the email confirmation confirms a valid email address, and
 
(3) the sysops confirm the account, usually within 24 hours.
 
 
--[[User:DavidCary|DavidCary]] ([[User talk:DavidCary|talk]]) 17:06, 22 March 2014 (PDT)
 
 
 
[[Category:Community]]
 

Please note that all contributions to OpenCircuits may be edited, altered, or removed by other contributors. If you do not want your writing to be edited mercilessly, then do not submit it here.
You are also promising us that you wrote this yourself, or copied it from a public domain or similar free resource (see OpenCircuits:Copyrights for details). Do not submit copyrighted work without permission!

Cancel Editing help (opens in new window)

Template used on this page: