Bots registering

[NKF]

Pete, with regards to the recent rash of spam bots registering accounts, is it possible to add something extra to the registration pages that could slow them down a bit?

 

I know it's not going to stop live spammers, but the bots seem to be bypassing the Captcha system somehow.

 

- NKF

[Bomb Bloke]

The obvious problem with CAPTCHAs is that everyone uses them. The exact same ones, that is to say. Since they aren't unique to the site, the spammers know full well that putting all their resources into circumventing them will get them access to a lot of wikis at once. Which is why I keep on making the same suggestion over and over again as to how to block bots out of websites - every site needs a unique question/answer system which only a brain capable of abstract thought will be able to break through (eg, "Who published the first X-COM game?"). Spammers would then need to tailor their bots to each and every site they wish to bomb, significantly slowing their progress and increasing their costs.

 

Though to be honest, wikipedia seems to just be plain bad in terms of spam prevention. There's no way of removing users - even ones who haven't made contributions yet - and no way of bulk-blocking them either. It's possible to add extensions which bulk-deny access to "known" spammer-IPs (by accessing external "community" lists), but the problem with that is it's bound to block legit users as well and such lists usually aren't updated with new bots until the damage is done.

 

It's well worth mentioning that users do not currently need to associate an email with an account. Forcing the verification of a unique email address per new wiki account would slow spammers down, if only a bit.

[NKF]

I would be all for a random Q/A system myself, and e-mail verification. Having a valid e-mail in particular is important for any on-line account these days what with the multitude of passwords that you have to remember and subsequently forget.

 

- NKF

[Pete]

I did see a Q&A add-on so I'll look into that. I couldn't sworn there was email verification though - bizarre that there isn't any! I'll check whether that's an option as well.

 

That Caltcha system used to be pretty good and was a good idea if you look it up on Wikipedia (it's called ReCaptcha), but since they don't seem to be altering it to make it any harder for bits we're getting more spam.

[Bomb Bloke]

Indeed, I won't deny that ReCaptcha has been quite effective for ages now, but effectiveness = popularity = susceptibility.

 

The wiki design philosophy seems to be "open for all", hence the lack of control tools, I guess. There is email verification in place for those who actually want to send/receive emails using it, but not for the purposes of registering on or editing the wiki itself.

[Matri]

An animated GIF like BB's avatar, then you have to answer a question based on what you see in that gif.

Like, how many "Z"s in that snore?

 

Also, from what I've seen the average mastery of the English language that spammers posses is far far far below Nigerian Prince, and only a smidge above Vietnamese Mail Order Brides. Anything requiring constructing a grammatically perfect sentence would be beyond the brainpower of these idiots.

[NKF]

Since we've been getting bots popping in lately and replacing all the wikilinks with external links, might be as good time as any to beef up security.

 

https://www.mediawiki.org/wiki/Extension:ConfirmEdit

 

We've already got that extension, just needs a bit of adjustments. The QuestyCaptcha part of that extension fits the bill of asking questions which would be great for account creation. We could come up with a good selection of simple questions to ask. Or even complicated ones that only honest to goodness players would know off by heart or require a bit of research to answer. (Stuff like what does C in X-COM stand for? Or How many legs does a floater have? )

 

Another that looks like it might be useful is:

 

https://www.mediawiki.org/wiki/Extension:SpamBlacklist

 

On a less related note, how's the server strain on the wiki so far since the recent server move?

 

- NKF

[Pete]

No probs - I'll look into those NKF but it'll likely be tomorrow now before I get a chance.

 

The server seems fine. It actually seems to be running just as smoothly as the day we moved to it. Granted, that's not long ago, but I've had no issues myself and the site loads several times faster as well.

 

Touch wood it'll stay that way for a while

[NKF]

We've got a new wave of bots signing up. Their new method of vandalism is to create new pages to dump their spiels in.

 

- NKF

[Space Voyager]

New pages? What does that mean?

[NKF]

Exactly that. The last lot of spambots used to replace the wikilinks in the articles with external links to outside websites. This lot seem to be creating new articles and populating it with their junk.

 

- NKF

[Space Voyager]

Ha, smart!

 

Er, bastards.

[Pete]

Gah, I'm snowed under right now but I'll see what I can do in an hour or so. If not, I've written this down (on real paper this time rather than the flakey parchment of my mind) on my list of things to do this weekend.

[Hobbes]

Well, the bot attack keeps well on its way. Would it be advisable to prevent any new users from registering for a period of time until it quits?

[Bomb Bloke]

For what it's worth, I've installed wiki mods before...

[Pete]

Hi guys

 

REALLY sorry I've not got back to this sooner - had an initially crappy week where I almost lost a lot of expensive data at work so now that's out of the way and I've had a better ending to my week I'm not going to go to sleep tonight until I've done something about these bots.

 

I'll update you in a bit when I've found the best course of action.

 

I'm just reading up about a customised registration page so I'll spend some time on that and se ehow it goes. Doesn't look too straightforward, but nothing useful is ever simple

[Pete]

Okay, so I seem to have gotten the registration question working. It's not pretty at the moment and I'll need to make a note to implement whenever the software is upgraded as I had to hardcode it a bit, but it definitely works in terms of requiring a question to be answered correctly. I had to code it myself with some trial and error as no wiki extension did what we wanted to do.

 

Let me know if this cuts down the amount of spam registrations from now on.

 

It might also be an idea for both UFOPaedia.org and this site if we have a list of questions that can be rotated, but that would be best discussed by admins of SC in the staff forums so the list isn't easily found by spammers

[Sunflash]

"The fastest way to die?"

 

"What is the aim of a Rookie, Trebek?"

[Hobbes]

Okay, so I seem to have gotten the registration question working. It's not pretty at the moment and I'll need to make a note to implement whenever the software is upgraded as I had to hardcode it a bit, but it definitely works in terms of requiring a question to be answered correctly. I had to code it myself with some trial and error as no wiki extension did what we wanted to do.

 

Let me know if this cuts down the amount of spam registrations from now on.

 

It might also be an idea for both UFOPaedia.org and this site if we have a list of questions that can be rotated, but that would be best discussed by admins of SC in the staff forums so the list isn't easily found by spammers

 

"Name the best and meaner anti-alien force in the whole universe"

 

"What colour is plasma?"

 

"What is the name of the grey aliens?"

 

"What should you do when you see a Chryssalid?"

 

"What is the highest rank in X-COM?"

[NKF]

What size shoes do Floaters wear?

 

 

- NKF

[Pete]

All good questions guys, but the point is to make it simple for people to register as bots will be confused simply by having a non-standard registration form.

 

Therefore the question I have up there now tells the user the answer then asks the question. I know it seems dumb, but it confuses automated registrations whilst I like the idea of trickier questions, you can cause issues for people who don't know a particular answer, can't spell or are trying to translate it online.

 

What I'll do is pick a selection from those posted and reword them a bit so they're less cunning.

[NKF]

I believe most of them were for fun rather than serious proposals.

 

- NKF

[Sunflash]

I believe most of them were for fun rather than serious proposals.

 

- NKF

 

 

This! XD

[Pete]

Well is my response to this

[Bomb Bloke]