Author Topic: Spambot Rampage (Read 22805 times)

Felderburg · « **on:** February 23, 2016, 05:06:03 PM »

So I went to the wiki, and noticed that the recent changes list is filled with spambot articles. I've also seen several mod deletions of spambots and their articles in the last few weeks. What's going on?

LateNights · « **Reply #1 on:** February 23, 2016, 05:24:49 PM »

You mean you missed the three pages of spam they had here yesterday?

All within an hour or so...

Felderburg · « **Reply #2 on:** February 23, 2016, 05:27:30 PM »

Apparently. Turns out the rampage is ongoing right now, as we type.

Codewalker · « **Reply #3 on:** February 23, 2016, 06:12:35 PM »

Thanks for pointing it out. The wiki is set to read-only, cleanup is ongoing and for now new user registration has been disabled.

Apologies to anyone who registered for a Titan account in the last couple days. It was impossible to separate the hundreds of spambot accounts from any real ones, so I locked out every account created in the last 2 days. If you got unintentionally swept up in it, you can use the 'reset password' feature to send an email to the address you registered with and unlock your account.

Blondeshell · « **Reply #4 on:** February 23, 2016, 08:52:14 PM »

I discovered it yesterday afternoon and started going at blocking the accounts as they kept creating new ones. Once it finally stopped, I started going about deleting the spam posts -- manually, mind you. At least 80 different accounts and 1500 articles, first showing up late Sunday night, but hitting full-force Monday morning. I planned to work on it more tonight, so I'm glad an automated process took over. My mouse-clicking hand was getting preeetty sore.

Codewalker · « **Reply #5 on:** February 23, 2016, 09:28:48 PM »

I saw that in the recent changes when I went to search to see if there were any that I'd missed. Your name came up in the delete log with about 1500 entries and my jaw dropped a little...

Vee · « **Reply #6 on:** February 24, 2016, 12:19:21 AM »

Wait, you mean there's not one phone number you can call for everything ever?

On a positive note it did lead me to discover how useful the mark all as read button is.

Aggelakis · « **Reply #7 on:** February 24, 2016, 12:23:26 AM »

Quote from: Vee on February 24, 2016, 12:19:21 AM

On a positive note it did lead me to discover how useful the mark all as read button is.

I use this every day. It's so useful. I start at the thread list of "unread posts since last visit" (here). I read pretty much everything in new efforts, then poke my head into threads at random if they've got more than a few new posts (generally indicates excitement or conflict), then mark everything else read. Especially the forum games threads. Especially.

eabrace · « **Reply #8 on:** February 24, 2016, 12:42:04 AM »

Quote from: Aggelakis on February 24, 2016, 12:23:26 AM

...then mark everything else read. Especially the forum games threads. Especially.

Felderburg · « **Reply #9 on:** February 24, 2016, 01:47:58 AM »

Is there no captcha when people create a titan account? Or is there, and it's not working?

Aggelakis · « **Reply #10 on:** February 24, 2016, 02:12:08 AM »

No. You don't even have to put in a valid email address (there is no account confirmation/validation).

JoshexProxy · « **Reply #11 on:** February 25, 2016, 04:04:52 AM »

it was probably 4chan. they do this sorta thing as a game, they roll for a target from a list of wikis to decide which one they raid with mass spam edits. they also decide what text to use by rolling from a list of texts supplied by the people taking part in the raid.

it is monstrous of them, this is the kind of trolling I don't support.

Did they remove description text on enemy types? (I was looking at some the other day and noticed orange text saying there is no description. I also noticed some images weren't loading).

Felderburg · « **Reply #12 on:** February 25, 2016, 05:01:23 AM »

Quote from: JoshexProxy on February 25, 2016, 04:04:52 AM

Did they remove description text on enemy types? (I was looking at some the other day and noticed orange text saying there is no description. I also noticed some images weren't loading).

Unlikely, as they were mostly creating new pages. If you see orange "missing information" it's there so people know to edit the page and add in the missing info. Which images weren't loading?

Also, it likely wasn't 4chan, per TonyV's post about it.

JoshexProxy · « **Reply #13 on:** March 03, 2016, 03:25:08 AM »

Quote from: Felderburg on February 25, 2016, 05:01:23 AM

Unlikely, as they were mostly creating new pages. If you see orange "missing information" it's there so people know to edit the page and add in the missing info. Which images weren't loading?

Also, it likely wasn't 4chan, per TonyV's post about it.

some of the AVs, not sure which ones now (and don't have time to go look at present), I was mainly crawling through the low level enemy group pages.

Felderburg · « **Reply #14 on:** March 03, 2016, 06:34:56 PM »

It is possible that the images were never there to begin with: http://paragonwiki.com/wiki/Category:Articles_Missing_Images

Blondeshell · « **Reply #15 on:** March 08, 2016, 10:08:41 PM »

Spammers are back. Starting to work now at shutting them down again...

Aggelakis · « **Reply #16 on:** March 08, 2016, 10:37:12 PM »

Limited this time at least. Did they get around the new login restrictions somehow? Huh.

Codewalker · « **Reply #17 on:** March 08, 2016, 10:39:37 PM »

Probably by paying somebody in a third world country less than minimum wage to solve captchas and register dummy email accounts to send the confirmation to.

At least that takes longer to do, so it's easier to keep up with and they can't mass create hundreds at a time.

Sekoia · « **Reply #18 on:** March 08, 2016, 11:10:54 PM »

They're using disposable email addresses. I'll try to update registration to block those today or tomorrow.

EDIT: Correction, only some are using disposable addresses. Others are using gmail/yahoo. Sigh.

Sekoia · « **Reply #19 on:** March 08, 2016, 11:20:56 PM »

Okay, I found an alternate solution. I'm using the autoconfirmed feature. Users are now autconfirmed after 24 hours. Prior to that, accounts have the same lack of permissions as anonymous users. After that, accounts have the normal user permissions.

So spammers will have to wait a day to spam. If that doesn't work well enough, I can increase it to a week.

Vee · « **Reply #20 on:** March 08, 2016, 11:21:54 PM »

If only there were some way to rig Mids into a captcha.

eabrace · « **Reply #21 on:** March 09, 2016, 12:13:24 AM »

Quote from: Vee on March 08, 2016, 11:21:54 PM

If only there were some way to rig Mids into a captcha.

"Which Archetype icon do you see displayed to the right?"

Blondeshell · « **Reply #22 on:** March 09, 2016, 03:57:01 AM »

Ooh, that'd be perfect!

Sekoia · « **Reply #23 on:** March 10, 2016, 09:45:28 PM »

I just force logged out everybody. Sorry if I hit anyone in the middle of anything. We got hit by another spammer whose account was created on 2/23 and whose password was blanked out, so I'm assuming they had already created a session before we cleared their password.

Aggelakis · « **Reply #24 on:** March 14, 2016, 06:07:48 PM »

Had another few spams made. Deleted & blocked spammer. Hmm.

Manga · « **Reply #25 on:** March 14, 2016, 08:30:14 PM »

You're probably going to have to set new accounts to manual approval for 7 days so the bots will give up trying.

EDIT: I'll also PM you with one of two tricks I use at another site that really did bring spammers to a complete halt.

Sekoia · « **Reply #26 on:** March 14, 2016, 10:50:25 PM »

Looks like the latest spammer registered on 3/11 and spammed on 3/14, so I guess the 24 hour delay is insufficient. I just bumped it up to a week.

Mediawiki has some anti-spam extensions that would probably help. One of them is a URL blacklist (which is actively maintained), and I suspect that would probably do the trick for us. But it didn't work when I tried to install it, I think it's incompatible with DPL somehow. So I'll have to tinker with that at some point to figure out what the problem is.

Please do send me a PM if you have some tricks you think may help. Certainly can't hurt to have more options on the table.

Manga · « **Reply #27 on:** March 15, 2016, 03:44:42 AM »

Sent! Implement that, and the spammers will have some serious difficulty registering accounts.

Sekoia · « **Reply #28 on:** March 16, 2016, 04:57:45 AM »

Okay, I just updated registration. It now forbids throw-away email accounts and it also now uses Manga's suggestion (thanks for the tip!). Hopefully that'll help cut back further on spam account registrations.

JoshexProxy · « **Reply #29 on:** March 18, 2016, 03:41:29 PM »

if you have trouble with spammers again, I have another anti-spammer thing that I was saving for if things got rough with bots in project bane. it guarantees the a human must perform the captcha.

or you could do mids captcha on stats "if you slot 4 of [set] what bonus will you get?"

Sekoia · « **Reply #30 on:** March 18, 2016, 08:05:49 PM »

A captcha is supposed to be hard for computers but relatively easy for humans.

"What archetype's icon is this?" is easy for anyone who's played the game. For someone who's new to the community, it may be difficult. I don't want to assume that everybody who registers is already familiar with the game. It's entirely possible people might recruit friends to play on Paragon Chat who never had played the game. If they can't answer the captcha, they might decide it's not worth the effort.

"What bonus do you get from slotting <whatever>?" is going to be hard for just about everybody to answer. Few people have set bonuses memorized. Even among people who played the game actively, there are going to be plenty of people who won't know where to find the answer to that on their own. For people who have never played the game, they might not even know what the question means, much less where to find the answer.

So while I appreciate those suggestions, I'm afraid I probably won't be using them. And I'd advise against using them on your own sites as well, unless you're very certain that everybody registering can easily answer the question--or unless you don't care if you deter real people from registering.

Codewalker · « **Reply #31 on:** March 18, 2016, 08:39:10 PM »

Plus I'm pretty sure that the last round were not bot registrations, but rather human registered accounts that were then handed over to a bot. So a better captcha wouldn't really help much if it's something that could be googled.

The upside of that is that it was relatively few accounts involved that could then be banned, instead of hundreds.

JoshexProxy · « **Reply #32 on:** March 19, 2016, 04:56:44 AM »

Quote from: Codewalker on March 18, 2016, 08:39:10 PM

Plus I'm pretty sure that the last round were not bot registrations, but rather human registered accounts that were then handed over to a bot. So a better captcha wouldn't really help much if it's something that could be googled.

The upside of that is that it was relatively few accounts involved that could then be banned, instead of hundreds.

the obvious fix for that is not allowing direct edits, force them all to go through mod approval.

Manga · « **Reply #33 on:** March 19, 2016, 06:04:20 AM »

Quote from: JoshexProxy on March 19, 2016, 04:56:44 AM

the obvious fix for that is not allowing direct edits, force them all to go through mod approval.

The point might be moot if the upgrade I suggested works like it should. It won't stop manually made spam accounts completely, but it will make it incredibly obnoxious to create a lot of them.

I still have an additional stage of protection that will make the posting bots suffer, but I have a feeling it won't be necessary.

JoshexProxy · « **Reply #34 on:** March 19, 2016, 06:50:28 AM »

Quote from: Manga on March 19, 2016, 06:04:20 AM

The point might be moot if the upgrade I suggested works like it should. It won't stop manually made spam accounts completely, but it will make it incredibly obnoxious to create a lot of them.

I still have an additional stage of protection that will make the posting bots suffer, but I have a feeling it won't be necessary.

post submit captcha I presume. nice.

Manga · « **Reply #35 on:** March 19, 2016, 01:52:29 PM »

Quote from: JoshexProxy on March 19, 2016, 06:50:28 AM

post submit captcha I presume. nice.

Nope. Way more evil than that.

News:

Author Topic: Spambot Rampage (Read 22805 times)