spam on *base

Anne Wilson annew at
Thu Jun 23 18:08:38 UTC 2011

On Thursday 23 Jun 2011 18:02:44 Lukas wrote:
> * Is the spam done by bots (replacing entire page), or it looks like like
> manual "jobs" inserting random bits of spam into genuine code?
> * post mentions deletes. Could it be that deletes are done by search bots
> crawling the pages and hitting .php?action=delete links?
This new attack is the one that I'm concerned about.  Each one comes from an 
IP address, IOW not a registered user.  Whois returns show that the IPs are 
registered in many countries, so I concluded that it is a botnet.

Unlike previous spam, it is not concerned with advertising products or 
services, and not inserting external links.  There is a clear pattern in it.  
A large section of a page is deleted.  In its place is a remark something like 
"And I thought I was the clever one".  I get the impression that there is a 
list of phrases and a random one is being inserted.  It may be coincidence, 
but it seems to me that mis-spellings are being used to avoid regex or some 
other search.  It feels as though a random word is chosen, and two letter 
transposed.  Here's an example from my user notes:

Deleted -

==Notes from Akademy==
  * <s>Oxygen skin makes too little use of wider screens and is equally bad on 
hand-helds.</s> Chihuahua is now default and uses all sizes correctly (fingers 
  * <s>Languages using more space for translations, will mess up the tabs 
(solving former, will solve this in some cases). Try Dutch compared to 
English. The last tab will be displayed just below the tab before that.</s> 
Using icons instead of text, to avoid this problem
  * Right to left languages, alignments, etc. There are open issues for this 
in MediaWiki's bugzilla. Ask Siebrand for more details if relevant.
  * For documentation we need to work towards notification of 'more recent 
version than last exported to distro'. Means that revisions should be taggable 
with definable tags and trigger a certain (localisable) message to be 
displayed for page translation pages. (lower prio)
  * Have a look at
  * Consider activating the Usability toolbar. Consider using the same 
features as in, or possible be a little more conservative 
because this wiki's functionality should be rock solid wherever possible.
  * LiquidThreads uses a little older version; trunk is much better, but often 
unstable revs are put in there. Might want to check with if 
there's a stable version, and then update to a particular rev. The version 
used on UserBase at the moment is a little old and messy particularly in 
  * MediaWiki allows sending out RecentChanges to IRC. Ask Niklas for details 
if you want this at some point in time. Requires a relay agent.
  * Search needs to be better. Consider using 
[ Sphinx] or 
[ MWSearch/Lucene].
  * Analyse current content, find out what is English, and needs to be 
  ** Better categorisation
  ** Tag outdated content (or move to a different namespace) - create a 
process for this - or at least document it?
  * How to improve they way in/how to allow users to find what they need as 
soon as possible.
  * Make search results language dependent (is new to be developed 
functionality - should probably be its own extension before giving it to the 
search engine)
  * Don't put each language in its own namespace. It'll be a nightmare, 
because there are too many languages. In the beginning it'll look like a 
solution. Imagine having 150 namespaces when supporting 67 languages (2x67 
because of talk and the 16 or so default ones).
  * set up a Translation Memory server - or use the one from translatewiki so 
repeating sentences/words will be suggested to translators. Use Apertium, too.
  * consider installing the [ 
Babel extension]. Siebrand already created in-wiki settings, needs to be added 
in LocalSettings.php.
  * want to use [ 
UploadWizard] (though still in development)
  * SocialProfile extension or something similar to add social features
  * Achievements extension to award users for their accomplishments.
  * Ask how to remove accidentally created language page - eg

Inserted -

That’s not just logic. That’s relaly sensible.

> In most cases spam can be prevented by adding empty hidden (by css, not
> html attribute) field. If it comes with any text -> its a spam bot.
> Also by replacing all edit links with .php?action=ban_me in html template
> and restoring them with JS on onLoad (spam bots does not run JS, so can't
> see real links).
> Or using tokens $token =
> md5('page_id'.$random_bit.$secret).'-'.$random_bit, so the can validate
> forms (in case if bots knows destination URL and posts directly there)
This is not my expertise.  I expect Ingo will be looking at options like this, 
but of course he spins many plates, so maybe help would be needed?  I don't 

Thanks for the suggestions.

New to KDE Software? - get help from
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part.
URL: <>

More information about the kde-www mailing list