Wiki Spam

[sarom]

So I was just wandering around the forums getting lost just like any child chucked in the middle of a never ending forest until I saw this thread and curiosity then got the better of me.

Now my idea is creating a program, any language probably java, that prevents people from spamming by auto checking pages (as well as during the writing process) and finding any repetitive phrases, characters, images, etc that occurs a certain amount of times and automatically banning the author as well as deleting the page or prevent the page from being saved.

Spoiler:

For example:
E.g. 1)
TTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTT - program consider this spam and prevents it from being saved and bans the author

E.g. 2)
(combination of phrases)
hellothereimspamhellothereimspamhellothereimspamhellothereimspam - the phrase "hellothereimspam" is repeated four times, programs recognises this as spam and prevents it from being saved and bans the author.

Just a thought.

[Iris]

Implement that as a MediaWiki plugin and we can talk of business.

[sarom]

I could try , however I've never used mediawiki before.

Edit: Ok I'm just confusing myself, I'll take a look at Mediawiki and see what I can do.

[Gambit]

E.g. 1)
TTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTT - program consider this spam and prevents it from being saved and bans the author

E.g. 2)
(combination of phrases)
hellothereimspamhellothereimspamhellothereimspamhellothereimspam - the phrase "hellothereimspam" is repeated four times, programs recognises this as spam and prevents it from being saved and bans the author.
Just a thought.

I'm not sure how much spam that would even match…

[Crendgrim]

None.

[DEATH_is_undead]

I don't know much about this stuff, but I think a neat way to do this bot-blocking is used by the game Duels. It shows 8 pictures of items and the human user must click the only weapon in it.
My thought would go into the direction show a few of the many portraits that we have and spot the only mage/archer/horseman/loyalist/orc/knalgan.

Maybe a thing to think about.

Greetz
HomerJ

I like this idea better then the one we have. Although I like the idea of the questions, I think a user of wesnoth could make a bot to hack is fairly easily. (For example, a banned user from the MP server whom wants revenge by making a bot, or someone whom merely skims the website) With the picture click method, it could easily be done by users registering, and nearly impossible to detect without an image recognition programing. Or, maybe a mixture of questions/pictures to go with it, such as 'What weapon does this unit use?', but of course that would require more dedication and programming to go with it.

...The only thing we can do then is creating other questions.

If more questions are needed, I would be glad to help make them, but I'm not sure who I'd send it to. I hate spam, so anything we can do to prevent it, I'm in.

[Crendgrim]

HomerJ:
Oh, sorry, I didn't see your idea yet. Somehow I overlooked it or forgot to answer at least.
Well, it is definitely a good idea. I only fear no one will have enough time to implement it.
I think we should stick for a while to the current question-answer-system and see if it works out. If it does, we're fine. If not, we still can do what you suggested (or another thing if someone else comes up with a better idea).

DEATH_is_undead:

I don't know much about this stuff, but I think a neat way to do this bot-blocking is used by the game Duels. It shows 8 pictures of items and the human user must click the only weapon in it.
My thought would go into the direction show a few of the many portraits that we have and spot the only mage/archer/horseman/loyalist/orc/knalgan.

Maybe a thing to think about.

Greetz
HomerJ

I like this idea better then the one we have. Although I like the idea of the questions, I think a user of wesnoth could make a bot to hack is fairly easily. (For example, a banned user from the MP server whom wants revenge by making a bot, or someone whom merely skims the website) With the picture click method, it could easily be done by users registering, and nearly impossible to detect without an image recognition programing. Or, maybe a mixture of questions/pictures to go with it, such as 'What weapon does this unit use?', but of course that would require more dedication and programming to go with it.

Only if he always tries the same term in hope that it'll work out once. Alternatively, he would have to create a bot which is able to read out the source code and parse that. I don't really think that someone would be that mad about being banned that he will spend so much time on this. And if he does (as I already said) we don't have many (do we have any?) possibilities to prevent that.
Maybe there should be (I don't know if it is already) an automatic block if you fail to register too often. Real users are still able then to post here in the forums and ask for help, I think.

...The only thing we can do then is creating other questions.

If more questions are needed, I would be glad to help make them, but I'm not sure who I'd send it to. I hate spam, so anything we can do to prevent it, I'm in.

Well, I would suggest sending them to Crab_ or zaroth, but I don't want to be responsible if they got spammed then.
If you send them to me, I'll hand them over to someone who is able to set them up. Though you should keep in mind that they must be solvable a) without being too much in the community and b) without being too easy.


Crend

[DEATH_is_undead]

If more questions are needed, I would be glad to help make them, but I'm not sure who I'd send it to. I hate spam, so anything we can do to prevent it, I'm in.

If you send them to me, I'll hand them over to someone who is able to set them up. Though you should keep in mind that they must be solvable a) without being too much in the community and b) without being too easy.

Crend

Alright, I'll send a PM once I think of a few good ones, and get your opinion on them, if that's ok.

[Gambit]

They don't have to be very hard at all. In fact they just have to be unique. We've had great success over at Unknown Horizons with questions as simple as:

"How many legs does a three-legged dog have?"
"What color is a purple book?"
"Are you a spambot?"

There might still be human assisted spambot registration, but we have no way of blocking that.

[DEATH_is_undead]

There might still be human assisted spambot registration, but we have no way of blocking that.

The way I see it, human assisted bot placement would be slow and tedious, and not as likely as automated bots trying to register, for a few reasons, 1) a player has to register each and every account, THEN apply a bot. Tedious, unreliable, and unpractical, unless used for personal reasons against the community.

[Gambit]

For what it's worth, we suspect that human assisted registration accounts for most of the spam on the forums.

And no it doesn't have to be personal. Nor is it impractical or tedious. Remember that most spam comes from third world countries. Also remember that there are companies dedicated to churning out spam for their clients. The businesses whose spam you see do not actually run the spambots. These businesses sign up for "internet advertising services" and "search engine optimization". The companies offering them those services could hire cheap labor to sit in front of computers, registering accounts on sites from a list.

[Iris]

Relevant reading:

http://www.nytimes.com/2010/04/26/techn ... ptcha.html

[Viliam]

But keep the following in mind: If someone wants to spam anywhere, he will write bots who will solve reCaptchas and send them to all MediaWikis which use that method he can find. In that case, we're safe.
But if someone wants to spam on Wesnoth's Wiki, he won't be stoppable at all. Each and every method we'll use will be hacked someday.
So, for now we're assuming the former, because the latter is somewhat unlikely to happen - and because we can't do much then.

I had the same philosophy when I fought spam on my webpage, and it worked great.

The best anti-spam methods will fail, if they are shared by thousands of websites, because spammers will invest a lot of effort in breaking them (the reward for breaking is high). A surprisingly stupid method specific to your website will work, if it is incompatible with methods used on other websites. (It is like "security by obscurity" born again.)

A few years ago, when I was fighting spam on my website, I tried a few smart things, like dynamically renaming names of HTML input fields in form, but a lot of spam got through anyway. I also added a few input fields which were made invisible by non-trivial CSS techniques; if any of these fields was filled, the message was rejected. Still no success.

When I was almost giving up, I desperately added a field with question "how much is 2+2?" with expected answer "4". At that moment spam dropped to zero. (Note: This was a few years ago. These days I get one spam in a few days.) I was shocked... because this was only a beta-version; I wanted to change the numbers in question dynamically. But it was not necessary. There are thousands of sites where solving a captcha gets you through. But there is probably only one website where writing a value "4" gets you through -- my website. And no one writes bots for my website, so I am safe.


So I recommend doing something simple, like this:

Code: Select all

Write word "wesnoth" here: [_______]

Unlike captcha, this is very simple, even for users with pretty low knowledge of English. It is quick, if you click on the word and do ^C^V. And I would not be surprised if it would be enough to stop spam.

[Crendgrim]

I share your opinion on this, Viliam. However, I don't think that questions like "how much is 2+2?" and "type the word 'xxx' in here" will be spam-proof very long, because bots will learn to understand such questions and search the nearest input to fill in the answer.
As long as we don't get any more spam and there is nobody complaining about the questions being too difficult, I really think we should stick to what we have and what works.


Crend

[Gambit]

Yes, you have to find a good balance balance of difficulty to parse and friendliness to non-native speakers of [insert main language of your content].