Hi Brooks and others,

* Block all edits that contain "

" tags.

I have added protection against "

* Set things so that all of Musa8's edits (as tracked by username) get ignored rather than actually applied.

With the new software, one can block single users.

* Put in an "are you human?" test for all anonymous users, and for all logged-in users who haven't been approved by the site admins. (Something like one of the "type in the numbers in this warped image" things that some sites have.)

* Change the edit page urls from "&action=edit" to "&action=editpage". My guess is that this person is using an automatic script that's aimed at bunches of MediaWiki sites, and changing the url will break his script, and he's unlikely to change it just for one site. (This trick works pretty well for weblog spam, apparently.)

Pretty neat tricks, but require more hacking than I like...

Meanwhile, is there a community of MediaWiki users somewhere that we can talk to about this?

There is the mediawiki-l mailing list, and I think that this is all. The spam problem comes up once in a while. Patrick -- ConTeXt wiki and more: http://contextgarden.net

Brooks Moses wrote:

Clearly, fixing the damage and waiting for the spammer to go away just isn't working.

The following things, in my opinion, will most likely work. I don't know which of them are possible within the MediaWiki software, however, so I'm listing everything I can think of that seems plausible. Most of them only fix this one spammer, though, not the problem in general -- but it seems that we've only had this one really problematic spammer in two years, so maybe it's enough.

* Block all edits that contain "

" tags. All of these do -- they're all using a "

"-tag block to hide links invisibly on the page. (Many of them have left out the links, but nearly all of them have included the tag.)

this is a robust measure

* Set things so that all of Musa8's edits (as tracked by username) get ignored rather than actually applied.

so, a blacklist or so btw, i wonder what would happen if an edit would have a confirmation (how do such bots handle confirmation)

* Block the five dozen or so IP addresses that he's using. (This is a temporary solution.)

* Protect the two dozen Wiki pages that he's changing -- he keeps changing the same ones, not randomly-chosen ones. (This, again, is a temporary solution.)

* Put in an "are you human?" test for all anonymous users, and for all logged-in users who haven't been approved by the site admins. (Something like one of the "type in the numbers in this warped image" things that some sites have.)

indeed, just a few pop ups and confirmation, bots don't have eyes -)

* Change the edit page urls from "&action=edit" to "&action=editpage". My guess is that this person is using an automatic script that's aimed at bunches of MediaWiki sites, and changing the url will break his script, and he's unlikely to change it just for one site. (This trick works pretty well for weblog spam, apparently.)

that was indeed my first idea, use non standard id's and actions, not even 'editpage', just a number

Meanwhile, is there a community of MediaWiki users somewhere that we can talk to about this? I'd guess that this spammer has been hitting other sites pretty hard too, and there are probably lots of other people working on figuring out good solutions to this....

- Brooks

P.S. Someone came through and put in a couple of "real" edits to the "Russian" page. I've made backups of the updated page so it can be re-updated after Patrick reverts things to an old backup of the site.

Hans ----------------------------------------------------------------- Hans Hagen | PRAGMA ADE Ridderstraat 27 | 8061 GH Hasselt | The Netherlands tel: 038 477 53 69 | fax: 038 477 53 74 | www.pragma-ade.com | www.pragma-pod.nl -----------------------------------------------------------------