Mafiascum.net

Enabled the Nuke extension & added you to the admin & nuke user groups. You can mass delete .

We'll need to figure out how to prevent these from occurring in the first place. They are getting in through the forum registration despite turning on reCAPTCHA a few weeks ago.

Hundreds of spam pages deleted. I did some searches to make sure I didn't miss any ("number" is a good search term, that's in the title of basically every spam page) and cleaned up a few stragglers; I've also checked the entire length of Recent Changes expanded to its maximum size.

This particular spam attack appears to be using humans to bypass the CAPTCHA (we've used some really unusual CAPTCHA solutions on other wikis and it's still been solved). Perhaps requiring posts on the forum before posting would work, but I fear that it would instead tend to lead the spammers to post junk posts in Queue just to get round the restriction. Some solutions that have seemed to help on other wikis: requiring edits to existing pages before new pages can be created (e.g. Wikipedia requires ten, but even one seems to work); and a regex-based title blacklist (searching for 10 digits preceded or succeeded by "number" is unlikely to have many if any false positives, and would match almost all (all?) the spam pattern we've seen. The former can be done with a configuration change (set "autoconfirmed" to 1 edit and 0 days, then remove the ability for non-autoconfirmed users to make pages). The latter can, AFAIK, only be done with the help of an extension; my preferred extension for that is AbuseFilter, as it's incredibly flexible and can be configured to implement more or less any spam-fighting rule you'd want.

(Just for some context, I'm currently an admin on some fairly small wikis, and was an admin at Wikipedia for a while, so I'm fairly experienced with this sort of spamfighting. I'll have to remember to check Recent Changes more often, though.)

Alright, added AbuseFilter. You should have access to it.

Hmm, something seems wrong with how it's installed, I get an Internal Server Error trying to do anything with it. (For example, the "check syntax" button on the filter creation screen.)

Give it a shot now. Looks like the version we had wasn't compatible with our version of mediawiki.

OK, I've added an Abuse Filter rule that, out of the ~400 or so edits I tested it against (via batch testing, not individually), should stop all the spam we've seen so far and yet have no influence on legitimate changes.

I've only set the rule to prevent the edits, not to apply any further consequences, so that if I've made a mistake and there are false positives, the worst that will happen is that the edit won't go through; there won't be any automatic blocks or the like applied yet.

If the rule turns out to be successful, I can expand it to block users if they appear to be spamming as their first edit.

Awesome, thanks a ton for the help!

In post 5, angelahall wrote:Your version is pretty interesting too! I will try to play it with my friends in the nearest time. I hope that this will be funny

This has been here for a little while. Clever spam account. Link is in the sig.

viewtopic.php?f=5&t=76173

Please ban this bot/user for advertising.

memberlist.php?mode=viewprofile&u=31570

memberlist.php?mode=viewprofile&u=31574

memberlist.php?mode=viewprofile&u=31579

Links in profile

viewtopic.php?p=10462285#p10462285
this i guess is spam because of the advertising?

viewtopic.php?p=10462285#p10462285
this i guess is spam because of the advertising?

Oh my god
They
THINK

We're fucked.

Seems like they edited in those links. They didn't have them last night.

Isn't trusted user meant to filter out this kind of bot?

Trusted user role doesn't exist any more.

test

memberlist.php?mode=viewprofile&u=32810

...

Probably a bot. Definitely a spam account. It made a few non-bot posts but they were so stupid that I felt that they could be a bot.
Anyway, spammer
viewtopic.php?p=10949532#p10949532