Main Menu

Spambot Rampage

Started by Felderburg, February 23, 2016, 05:06:03 PM

Felderburg

So I went to the wiki, and noticed that the recent changes list is filled with spambot articles. I've also seen several mod deletions of spambots and their articles in the last few weeks. What's going on?
I used CIT before they even joined the Titan network! But then I left for a long ol' time, and came back. Now I edit the wiki.

I'm working on sorting the Lore AMAs so that questions are easily found and linked: http://paragonwiki.com/wiki/Lore_AMA/Sorted Tell me what you think!

Pinnacle: The only server that faceplants before a fight! Member of the Pinnacle RP Congress (People's Elf of the CCCP); formerly @The Holy Flame

LateNights

#1
You mean you missed the three pages of spam they had here yesterday?

All within an hour or so...

Felderburg

Apparently. Turns out the rampage is ongoing right now, as we type.
I used CIT before they even joined the Titan network! But then I left for a long ol' time, and came back. Now I edit the wiki.

I'm working on sorting the Lore AMAs so that questions are easily found and linked: http://paragonwiki.com/wiki/Lore_AMA/Sorted Tell me what you think!

Pinnacle: The only server that faceplants before a fight! Member of the Pinnacle RP Congress (People's Elf of the CCCP); formerly @The Holy Flame

Codewalker

Thanks for pointing it out. The wiki is set to read-only, cleanup is ongoing and for now new user registration has been disabled.

Apologies to anyone who registered for a Titan account in the last couple days. It was impossible to separate the hundreds of spambot accounts from any real ones, so I locked out every account created in the last 2 days. If you got unintentionally swept up in it, you can use the 'reset password' feature to send an email to the address you registered with and unlock your account.

Blondeshell

I discovered it yesterday afternoon and started going at blocking the accounts as they kept creating new ones. Once it finally stopped, I started going about deleting the spam posts -- manually, mind you. At least 80 different accounts and 1500 articles, first showing up late Sunday night, but hitting full-force Monday morning. I planned to work on it more tonight, so I'm glad an automated process took over. My mouse-clicking hand was getting preeetty sore.  :P

Codewalker

I saw that in the recent changes when I went to search to see if there were any that I'd missed. Your name came up in the delete log with about 1500 entries and my jaw dropped a little...  :o

Vee

Wait, you mean there's not one phone number you can call for everything ever?

On a positive note it did lead me to discover how useful the mark all as read button is.

Aggelakis

Quote from: Vee on February 24, 2016, 12:19:21 AM
On a positive note it did lead me to discover how useful the mark all as read button is.
I use this every day. It's so useful. I start at the thread list of "unread posts since last visit" (here). I read pretty much everything in new efforts, then poke my head into threads at random if they've got more than a few new posts (generally indicates excitement or conflict), then mark everything else read. Especially the forum games threads. Especially.
Bob Dole!! Bob Dole. Bob Dole! Bob Dole. Bob Dole. Bob Dole... Bob Dole... Bob... Dole...... Bob...


ParagonWiki
OuroPortal

eabrace

Quote from: Aggelakis on February 24, 2016, 12:23:26 AM
...then mark everything else read. Especially the forum games threads. Especially.
https://i.imgur.com/u4eIESk.jpg
Titan Twitter broadcasting at 5.000 mWh and growing.
Titan Facebook

Paragon Wiki admin
I was once being interviewed by Barbara Walters...In between two of the segments she asked me..."But what would you do if the doctor gave you only six months to live?" I said, "Type faster." - Isaac Asimov

Felderburg

Is there no captcha when people create a titan account? Or is there, and it's not working?
I used CIT before they even joined the Titan network! But then I left for a long ol' time, and came back. Now I edit the wiki.

I'm working on sorting the Lore AMAs so that questions are easily found and linked: http://paragonwiki.com/wiki/Lore_AMA/Sorted Tell me what you think!

Pinnacle: The only server that faceplants before a fight! Member of the Pinnacle RP Congress (People's Elf of the CCCP); formerly @The Holy Flame

Aggelakis

No. You don't even have to put in a valid email address (there is no account confirmation/validation).
Bob Dole!! Bob Dole. Bob Dole! Bob Dole. Bob Dole. Bob Dole... Bob Dole... Bob... Dole...... Bob...


ParagonWiki
OuroPortal

JoshexProxy

it was probably 4chan. they do this sorta thing as a game, they roll for a target from a list of wikis to decide which one they raid with mass spam edits. they also decide what text to use by rolling from a list of texts supplied by the people taking part in the raid.

it is monstrous of them, this is the kind of trolling I don't support.

Did they remove description text on enemy types? (I was looking at some the other day and noticed orange text saying there is no description. I also noticed some images weren't loading).

Felderburg

Quote from: JoshexProxy on February 25, 2016, 04:04:52 AM
Did they remove description text on enemy types? (I was looking at some the other day and noticed orange text saying there is no description. I also noticed some images weren't loading).

Unlikely, as they were mostly creating new pages. If you see orange "missing information" it's there so people know to edit the page and add in the missing info. Which images weren't loading?

Also, it likely wasn't 4chan, per TonyV's post about it.
I used CIT before they even joined the Titan network! But then I left for a long ol' time, and came back. Now I edit the wiki.

I'm working on sorting the Lore AMAs so that questions are easily found and linked: http://paragonwiki.com/wiki/Lore_AMA/Sorted Tell me what you think!

Pinnacle: The only server that faceplants before a fight! Member of the Pinnacle RP Congress (People's Elf of the CCCP); formerly @The Holy Flame

JoshexProxy

Quote from: Felderburg on February 25, 2016, 05:01:23 AM
Unlikely, as they were mostly creating new pages. If you see orange "missing information" it's there so people know to edit the page and add in the missing info. Which images weren't loading?

Also, it likely wasn't 4chan, per TonyV's post about it.

some of the AVs, not sure which ones now (and don't have time to go look at present), I was mainly crawling through the low level enemy group pages.

Felderburg

It is possible that the images were never there to begin with: http://paragonwiki.com/wiki/Category:Articles_Missing_Images
I used CIT before they even joined the Titan network! But then I left for a long ol' time, and came back. Now I edit the wiki.

I'm working on sorting the Lore AMAs so that questions are easily found and linked: http://paragonwiki.com/wiki/Lore_AMA/Sorted Tell me what you think!

Pinnacle: The only server that faceplants before a fight! Member of the Pinnacle RP Congress (People's Elf of the CCCP); formerly @The Holy Flame

Blondeshell

Spammers are back. Starting to work now at shutting them down again...

Aggelakis

Limited this time at least. Did they get around the new login restrictions somehow? Huh.
Bob Dole!! Bob Dole. Bob Dole! Bob Dole. Bob Dole. Bob Dole... Bob Dole... Bob... Dole...... Bob...


ParagonWiki
OuroPortal

Codewalker

Probably by paying somebody in a third world country less than minimum wage to solve captchas and register dummy email accounts to send the confirmation to.

At least that takes longer to do, so it's easier to keep up with and they can't mass create hundreds at a time.

Sekoia

They're using disposable email addresses. I'll try to update registration to block those today or tomorrow.

EDIT: Correction, only some are using disposable addresses. Others are using gmail/yahoo. Sigh.

Sekoia

Okay, I found an alternate solution. I'm using the autoconfirmed feature. Users are now autconfirmed after 24 hours. Prior to that, accounts have the same lack of permissions as anonymous users. After that, accounts have the normal user permissions.

So spammers will have to wait a day to spam. If that doesn't work well enough, I can increase it to a week.

Vee

If only there were some way to rig Mids into a captcha.

eabrace

Quote from: Vee on March 08, 2016, 11:21:54 PM
If only there were some way to rig Mids into a captcha.
"Which Archetype icon do you see displayed to the right?"
Titan Twitter broadcasting at 5.000 mWh and growing.
Titan Facebook

Paragon Wiki admin
I was once being interviewed by Barbara Walters...In between two of the segments she asked me..."But what would you do if the doctor gave you only six months to live?" I said, "Type faster." - Isaac Asimov

Blondeshell

Ooh, that'd be perfect!

Sekoia

I just force logged out everybody. Sorry if I hit anyone in the middle of anything. We got hit by another spammer whose account was created on 2/23 and whose password was blanked out, so I'm assuming they had already created a session before we cleared their password.

Aggelakis

Had another few spams made. Deleted & blocked spammer. Hmm.
Bob Dole!! Bob Dole. Bob Dole! Bob Dole. Bob Dole. Bob Dole... Bob Dole... Bob... Dole...... Bob...


ParagonWiki
OuroPortal

Manga

#25
You're probably going to have to set new accounts to manual approval for 7 days so the bots will give up trying.

EDIT:  I'll also PM you with one of two tricks I use at another site that really did bring spammers to a complete halt.

Sekoia

Looks like the latest spammer registered on 3/11 and spammed on 3/14, so I guess the 24 hour delay is insufficient. I just bumped it up to a week.

Mediawiki has some anti-spam extensions that would probably help. One of them is a URL blacklist (which is actively maintained), and I suspect that would probably do the trick for us. But it didn't work when I tried to install it, I think it's incompatible with DPL somehow. So I'll have to tinker with that at some point to figure out what the problem is.

Please do send me a PM if you have some tricks you think may help. Certainly can't hurt to have more options on the table. :)

Manga


Sent!  Implement that, and the spammers will have some serious difficulty registering accounts.

Sekoia

Okay, I just updated registration. It now forbids throw-away email accounts and it also now uses Manga's suggestion (thanks for the tip!). Hopefully that'll help cut back further on spam account registrations.

JoshexProxy

if you have trouble with spammers again, I have another anti-spammer thing that I was saving for if things got rough with bots in project bane. it guarantees the a human must perform the captcha.

or you could do mids captcha on stats "if you slot 4 of [set] what bonus will you get?"

Sekoia

A captcha is supposed to be hard for computers but relatively easy for humans.

"What archetype's icon is this?" is easy for anyone who's played the game. For someone who's new to the community, it may be difficult. I don't want to assume that everybody who registers is already familiar with the game. It's entirely possible people might recruit friends to play on Paragon Chat who never had played the game. If they can't answer the captcha, they might decide it's not worth the effort.

"What bonus do you get from slotting <whatever>?" is going to be hard for just about everybody to answer. Few people have set bonuses memorized. Even among people who played the game actively, there are going to be plenty of people who won't know where to find the answer to that on their own. For people who have never played the game, they might not even know what the question means, much less where to find the answer.

So while I appreciate those suggestions, I'm afraid I probably won't be using them. And I'd advise against using them on your own sites as well, unless you're very certain that everybody registering can easily answer the question--or unless you don't care if you deter real people from registering.

Codewalker

Plus I'm pretty sure that the last round were not bot registrations, but rather human registered accounts that were then handed over to a bot. So a better captcha wouldn't really help much if it's something that could be googled.

The upside of that is that it was relatively few accounts involved that could then be banned, instead of hundreds.

JoshexProxy

Quote from: Codewalker on March 18, 2016, 08:39:10 PM
Plus I'm pretty sure that the last round were not bot registrations, but rather human registered accounts that were then handed over to a bot. So a better captcha wouldn't really help much if it's something that could be googled.

The upside of that is that it was relatively few accounts involved that could then be banned, instead of hundreds.

the obvious fix for that is not allowing direct edits, force them all to go through mod approval.

Manga

Quote from: JoshexProxy on March 19, 2016, 04:56:44 AM
the obvious fix for that is not allowing direct edits, force them all to go through mod approval.

The point might be moot if the upgrade I suggested works like it should.  It won't stop manually made spam accounts completely, but it will make it incredibly obnoxious to create a lot of them.

I still have an additional stage of protection that will make the posting bots suffer, but I have a feeling it won't be necessary.


JoshexProxy

Quote from: Manga on March 19, 2016, 06:04:20 AM
The point might be moot if the upgrade I suggested works like it should.  It won't stop manually made spam accounts completely, but it will make it incredibly obnoxious to create a lot of them.

I still have an additional stage of protection that will make the posting bots suffer, but I have a feeling it won't be necessary.

post submit captcha I presume. nice.

Manga

Quote from: JoshexProxy on March 19, 2016, 06:50:28 AM
post submit captcha I presume. nice.

Nope.  Way more evil than that.