Lately I've been despamming the wiki. I'm not a coder or programmer so I figure it's a good way for a player to help out a little.

We are in serious danger of losing the wiki to the spammers completely over time. Most of the spammers are passive; they just add spam to the page. Now they're deleting the data and replacing it with spam. How do I know this? Because when I open a page where I've deleted the spam before and there's no note or data left there, the only reasonable conclusion is that the spammer replaced it with their garbage. Today I found four (out of the fourteen I cleaned up) pages like that.

It's time to *seriously* lock it down. Either block the spammers or limit editing access to the page owner plus a few trusted people (who will actually stay on top of it) to whom changes can be submitted, then added. If this isn't done soon, we may as well kiss the wiki goodbye now.

I totally agree. I am really new to the emu thing and the wiki has been my best friend. I am also tired of seeing 10k+ links to garbage and other things on the pages. I am to the point I was about to get an account just to wipe out all the junk. Also on that line, if I have an account to take out the junk someone else has one to put it back in! So yes, I totally agree.

I cleaned up the rest of the spammed pages. Would it be of any help if I listed the pages and page owners here that no longer have data as I go along?

These bots, spiders, scripts, whatever... are nothing but a blight on the internet society bent on causing destruction and chaos wherever they go. None of those links or ads actually lead to anything, therefore it is safe to assume every forum that is beaten up by them is nothing shy of a Denial of Service attack.

The admins here would make a full-time career out of blocking IPs and entire subnets from accessing the site, and some innocent visitors would get caught in the cross fire. Locking the Wiki really cannot be done, from what I understand, without again screwing the casual visitor who really wants to help out by updating it properly.

It is just sad to learn more and more about the people behind these invasive, destructive actions. What little regard they have for anyone elses property or general enjoyment. There isn't even legal recourse, since they are mostly out of reach of the long arm of OUR laws.

I don't control the wiki but I believe those that do know about the issue. Think some measures were put in place a little while ago but doesn't look like it was enough.

Require a valid e-mail to auth an account for it.... 99% of the spammers WILL go away.

Meh, previously I would agree. But I run a dozen forums that - even with visual confirmation AND validation emails - they still get in. HotManSexFromRussia, anyone?

Locking the Wiki really cannot be done, from what I understand, without again screwing the casual visitor who really wants to help out by updating it properly.

Seems to me it's time ask ourselves if keeping it totally open is worth the risk of losing the whole thing. It only takes one malicious spammer, and it's already happening on a small scale. I would think/hope that *any* casual visitor would understand the need to protect the data, some of which could be their own contribution.

I do not know how this WakkaWikki thing works (I am a big MediaWiki fan and supporter). But if there were a way to lock down say, the core Wiki pages from being edited by anyone other than a dev/admin, that could help. But again, requires effort... which so far, only a few site visitors seem interested in doing.

- perhaps have a script that checks what the user adds - like unusual links or typical BOT links, something that looks odd and then put that IP on the watch list. There has to be a more smart check that would work.


GeorgeS

Fighting bots with bots... Why does that scare me a little?

WOPR says, "Would you like to play a game?"

I think more people would be interested in helping out the wiki if it was locked down to some reasonable point. People have stated that the reason they don't bother with it right now is because of the futility of the situation as is.

What if their was a block on passwords that are attempted to be reused after an account has been banned? I'd bet that the spammers' bots use the same one when they create a new account after being banned. A nice, vague message "the login information you have provided is invalid" could be displayed to dismay of the spammer, the idea being that the less you say about what didn't work means the more work they have to do to figure it out and get in. It might mean that at some point a valid user's password might not work, but what are the odds?

I'll bet that with all the programming talent around here that figuring out how to accomplish this would be cake.

Meh, previously I would agree. But I run a dozen forums that - even with visual confirmation AND validation emails - they still get in. HotManSexFromRussia, anyone?

I didn't say all... I said most, friend.

It will at least calm the storm a little and buy time to figure out a better solution.

I would agree to the wiki being controled by a few people, who have made changes and consistently do it.

However the only people able to admin the wiki is the developers, and well read he other thread about that.

If i may,

Id recommend a few clean up things with reguards to source information being released. FAQ so to speak, like our wiki. Some information needs to be updated, some of it needs to be archived etc..

Control is always a good thing, and id vote for anyone willing to be responsible enough for the Wiki to manage the wiki. We could input our changes, then the mod could review them?

I see many things also changed, the orginal members also moved on like people where saying etc.. I followed it from the beginning, and thus far am very impressed with the amount of dedication that has went into this project.

Keep up the good work you guys, many out there actually really enjoy your work. Id ignore the negitivity coming from some, and do what you do best. I for one am really enjoying the fact it has gone from stale to something obtainable. So much to catch up on.

BTW this account is redone, mine was on the old site.

Guys, we do still need to keep in mind that the Wiki is a community based system. It is there for callobration, meaning that you contribute some to a page, I contribute a little more to a page, etc. Locking down a wiki like that will be defeating the purpose of a wiki; having an up-to-date dynamic webpage.

Lets get rid of the spammers guys, not the functionallity.

For a community-based system, there is a massive shortage of community-based people willing to spend some time cleaning up spam from the wiki. If enough people cleaned up just three or four pages a day (read: 5 minutes or less on a dialup), the wiki would stay pretty clean. :)

Seems someone has the ability to keep spaming the wiki. Just checked again, full of garbage.

What steps could be taken to lock it down some? or if that is possible?

I keep saying, a simple captcha would stop it, or at least slow it down, put my captcha up there, and it will stop it hands down...

Its a very simple form that all the admins need to do is put on the registration page, and delete the spammers... Then...

Whala problem solved.

something has to be done. I just spent ten minutes deleting all spam from useful lists and GM commands. SAVE THE WIKI!

Seems someone has the ability to keep spaming the wiki. Just checked again, full of garbage.

What steps could be taken to lock it down some? or if that is possible?

Reaper + JDAM? I'm only half kidding...

Apparently it's not that important for people to be able to browse and use the wiki efficiently, so there needs not to be any whining about or chastizing of those people who choose to ask questions in the forums instead of wading through page after page after page after page of wikispam.

The problem is fixable. There's no excuse for letting it continue.

I keep saying, a simple captcha would stop it, or at least slow it down, put my captcha up there, and it will stop it hands down...

Its a very simple form that all the admins need to do is put on the registration page, and delete the spammers... Then...

first of all, talk like this does no good unless your actually providing the solution... link? it would prolly already be installed if all the information I needed were available, so now its going to have to wait until next time I get some free time... that said, almost all modern spam bots are not even phased by most captcha... but I will put it up none the less and we will see...

One thing that interests me is that obviously somebody took the time to customze their bot to specifically attack our site to circumvent my trivial-but-custom registration stuff... how can one freakin wiki be worth it????

Another option I am considering is to tie it back to a forum account... I cant easily integrate the two login databases, but I could at least check forum authentication at registration time...

In my petition systems under the DEV forum, grab the registration form from that, there is a place in there that has a form field and an inclusion for two other files in the security_image directory...

He he the info has been on the forums for quite some time =P

Tying it to the forums is a good idea... But... Make sure you lock the forum reg down with some kind of image verification...

I've found that email verification sometimes isn't enough, just like with Captcha, however the both combined is actually a ferece machine against spammers =P.

Also I stated in another forum, no one customized a bot specifically to attack our wiki...

That spam I see is the same spam that use to pollute MediaWiki for months till they put up an captcha =).

Here is what they are doing..

1. The spam the registration (so auto-banning anyone whom trys to register more than 2x in 5 mins would suffice).

2. Spamming pages and following linkes from the wiki.. One thing I use to love is how those guys would use php to make a 10 mb html page to do nothing but read out fake emails for spam harvesters =).. They would harvest it, but when it was plugged into the spam bot, he he he he... It wasn't pretty for the spammer..

I'm proposing we use the same system... Get a couple of links going on the wiki that are to domains that do not exist (or links to the same directory that do not exist) and let the spam bots have a hay day with that =).

Can you guys get an IP capture? If so, look in your phone book for the local FBI office and print out the info, along with the destoryed pages, and ask to file changes on destruction of property (it works I've done it 3 times before on hackers). This forum, the data therein, and the wiki is legally property of the community... ANY community leader can have charges filed, free to you.

Very last resort, if you cannot get the FBI to respond let me know... I have several friends that likes bragging about thier pcs and would love to show the community what a Denial of Service attack does to the IP address you tell them was spamming the wiki =).

Just an FYI post here.

I just finished deleting spam from a lot wiki pages. Eqbuilder plus a few others had nothing but spam and I'm pretty sure there was info in those previously. I don't know if it matters, but I also noticed that the spammers are taking over ownership of the wiki pages.

The wiki is the ONLY form of documentation there is for much of the features of the emu.

I would think this would be an insanely large priority to fix.

At LEAST put in a captcha system or something.... please!

I agree, losing critical information is not a good thing.

Ok I'm creating a captcha system just for the wiki...

I'll post it here in a few... if the admins take to it... thats their thing...

Simple instructions...

1. Upload the files in the zip to the directory where the wiki registration page is from http://emu.norrath.info/upload_files.zip

2. Check the form submit, and in the php file that the wiki submits to.. add the following:

require_once("securimage.php");
$img = new Securimage();
$valid = $img->check($_POST['code']);

3. Wrap the if condition around the entire php code that acceps the form data:

if ($valid == "true") {
wraping code here
} else {
echo("F***ing spammer!");
}

4. Edit the html on the form to add the following fields:

<img src="securimage_show.php?sid=<? md5(uniqid(time())) ?>">
<input type="text" name="code">

There ya go =) Problem solved =P

thanks... installed... hope it helps.

I am still interested in hearing why you think that the day of the month field did not require people to cutsomize their bots to attack it...

Looks like that captcha was a waste of time;
http://www.eqemulator.net/wiki/wikka.php?wakka=RecentChanges
seen how the newest spam bomb was at 2:30 am and FNW must have placed fix before he posted at 12:00 am

EDIT;
Maybe these are spam bot accounts already registered and need to be removed?

All cleaned up again. Some of those bot logins did look familiar. Looks like the only way to know for sure is delete 'em and see if new ones show up. I also wonder if every one of them are actually bots.

EDIT;
Maybe these are spam bot accounts already registered and need to be removed?

Could not agree more. Tight ship

I've been thinking about this, and in the Forums here we have always deleted spam and banned spam-bots. Shutting down memberships was just a move to ease the problem of deleting/banning the spam-accounts - Once done, the spam stopped.
But in Wikkis case, no one has ever banned or deleted any accounts, so there could be hundreds if not thousands of spam-bot Wikki members; this will be a problem of its own.
Might be easier/faster to delete all Wikki accounts and start over again, or just use the forum memberships instead (all Wikki posters are here anyways)- We may never see the end of Wikki spammers no matter what. One spam bot could have 50 accounts with one active (next one will pop up when you delete the first)

Deleting all accounts and starting over sounds like a good idea to me.

Yeah captcha is not going to help if the bot accounts are pre-existing.

I'm asking FNW to go ahead and delete all the current Wikki accounts , so we can just start over. I figure the ones of us who are posting Wikki data can just re-make their same account. I think this will be best, but if anyone doesn't think this is a good idea, please post now. If FNW agrees, I'll make a related anouncement.

101 Thumbs up....

LOL Bad day of month. Server is EDT, so try tomorrow (:

Today IS the 28th =P


$today = getdate(time());
$show_date = $today['mday'];

$show_date will return the day of the month =)

FNW is going for the spam-bots and not deleting the user base, 144 already deleted. If you see more active spam bots, make a list and post here.

Those who are repairing Wikki: make sure you know how to revert pages to previous versions - Edit the page and delete the spam, is not quite the right way to do it.
All original history is still there, just not visible ;
Click on the date thing to the right of "page history" at the bottom and then click on the dated link on the history list you can re-edit and re-save the older revision. Also, In your user options, you can edit the "page revision list limit", then you can always get back to pre-spam data.

Most of the above is quoted from conversation with FNW on IRC tonite.

Thanks for your help!

On the "page revision list limit", its default is 20 in my settings. What setting would be best? Also, is it ok to get to the history by just clicking on the history link next to a page on recent changes list?

I understand the reasoning behind using the history to get rid of the spam but I'm on dialup. It takes a long time for the history to load so I won't be able to clean the wiki up in one session like I was doing. I'll just have to do it bit by bit as time permits. :)

Cool! Some others are editing too so this will be done in no time! :)

I just peeked at the recent changes and it's looking pretty good! So is the captcha successful? :)

Seems ok now, at least is not that big mess we had.

Looks like its holding out =)

Knocking on wood...

The Captcha seems to be successfull, 2 full days and not ONE PIECE OF SPAM!

It is sexy =)

EDIT:

by the way, anti-captcha bots hate that bubble font I have in the captcha system ;)

I agree with you, I thought my idea was good, but yours is better. I wonder if you could make something for these forums? spam bots still make accounts, just can't post spam. I bet the database is exploding with "spambot members".

http://www.eqemulator.net/forums/showpost.php?p=138820&postcount=30

Just follow those directions for the registration page here...

under register.php find if ($do == "register") and put the if statements inside of that. I cannot see the code so I'm assuming there is an if statment asking for the do varable.