Battling spam

From Crankshaft Coalition Wiki

Preventing spam is a constant battle on this wiki, as on many others. It's essentially an arms race -- the spammers come up with a new way to spam wikis, wiki administrators respond with new tactics, and the spammers' methods become more sophisticated.

Wikis succeed, in part, because of the ease of editing articles. Registration requirements and other hurdles that stand in the way of easy editing may deter spammers, but they also deter legitimate contributors.

The more successful a wiki becomes, the greater the economic incentive for spammers to attack it, so the more it will be targeted by spammers.

Contents 1 How wikis are spammed 2 Current anti-spam methods in use 2.1 MediaWiki extensions 2.2 Regular expression blocks 2.3 Blank user agents forbidden 3 Spamblocking methods to add if the above does not suffice 4 Miscellaneous 5 External resources for handling wiki spam 5.1 MediaWiki extensions 5.2 MediaWiki manual pages

[edit] How wikis are spammed

Most wiki spam comes from spambots, automated computer programs specifically designed to spam wikis by editing articles to include links to spammy websites.

Occasionally, a human spammer will also spam a wiki, manually editing an article to include links to a website. Such occurrences are relatively rare, and most anti-spam efforts focus on deterring spambots.

[edit] Current anti-spam methods in use

[edit] MediaWiki extensions

• AntiBot
• SimpleAntiSpam
• SpamBlacklist
• TorBlock
• Bad Behavior 2 Extended -- added on 07/08/09, working well.

The SpamBlacklist extension includes a cleanup.php script for cleaning up spam, which we haven't yet used.

[edit] Regular expression blocks

Edits that include a large list of spammy words, and some CSS tricks are blocked.

[edit] Blank user agents forbidden

Via a .htaccess file in the root wiki directory, 403 Forbidden errors are returned to anyone connecting with a blank user agent.

[edit] Spamblocking methods to add if the above does not suffice

If the current methods don't work, we can add CAPTCHAS for unregistered users. This would likely consist of using ConfirmEdit, and see additional details here. We will probably also need to use ReCAPTCHA.

Also, we could use the SpamRegex extension, although it requires memcached.

[edit] Miscellaneous

Once a certain spam handling protocol proves reasonably successful, it might be possible to unprotect most of the protected pages.

[edit] External resources for handling wiki spam

• http://www.umasswiki.com/wiki/UMassWiki:Blocking_Spam_in_MediaWiki
• http://wiki.chongqed.org//MediaWiki
• http://www.mediawiki.org/wiki/Category:Spam_management_extensions
• http://www.mediawiki.org/wiki/Anti-spam_features
• http://meta.wikimedia.org/wiki/Proxy_blocking

[edit] MediaWiki extensions

• http://www.mediawiki.org/wiki/Extension:Lockdown
• http://www.mediawiki.org/wiki/Extension:PageSecurity
• http://www.mediawiki.org/wiki/Extension:AuthorProtect
• http://www.mediawiki.org/wiki/Extension:EditSubpages

[edit] MediaWiki manual pages

• http://www.mediawiki.org/wiki/Manual:Preventing_access
• http://www.mediawiki.org/wiki/Manual:User_rights
• http://www.mediawiki.org/wiki/Manual:Combating_spam
• http://www.mediawiki.org/wiki/Manual:$wgGroupPermissions