New text of the day below this line, please. The archives of the discussions on this page can be found on WikiForumArchives.
I just read about Defensio currently in beta testing. It is designed to be an Akismet replacement. --Joe - 2007-06-28 01:27 UTC
Google Count is an interesting way of blocking spammers by IP address. I would think using IP blacklist would be more effective and less prone to false positives though. – Joe - 2007-06-27 22:19 UTC
I run a wiki at www.gameontology.org and I've recently been noticing some strange activity. I've read a bit about "CSS spam" and I'm wondering whether or not this is what is happening. Basically, this is what I've noticed:
Does anyone have any ideas or pointers?
thanks!
Jose
Hi Jose.
Hmmm I'm not sure. I thought MediaWiki normally only sent email notifications if someone adds a comment to the your user talk page. Or initially to validate your email address. What kind of email notifications are they? what does the email say?
There's nothing all that mysterious about CSSHiddenSpam. It should show up in your recent changes display as normal. It just gets sneakily hidden when looking at the page on the 'view' tab. Doesn't sounds like the same problem you are seeing – Halz - 2007-04-10 22:49 UTC
I took a look at your Recent Changes and I don't think it is CSS Hidden Spam, the edits aren't appearing at all in the change log. CSS Hidden Spam only hides itself when viewing the page but shows up in the edit screen and the change shows up in the log. Can you give us a link to one of the pages he changed by that IP address. You might also look into upgrading to the current release of MediaWiki, your version is a year old. It is possible the spammer is attempting some known exploit. – Joe - 2007-04-11 07:56 UTC
Dear Jp,
the GameOntology page Rules has been created on 08:09, 12 April 2007 by
anonymous user 61.144.122.45, see
http://www.gameontology.org/index.php/Rules for the current version.
This is a new page.
Editor's summary: -
Contact the editor:
mail: No e-mail address
wiki: http://www.gameontology.org/index.php/User:61.144.122.45
There will be no other notifications in case of further changes unless
you visit this page. You could also reset the notification flags for
all your watched pages on your watchlist.
Your friendly GameOntology notification system
--
To change your watchlist settings, visit
http://www.gameontology.org/index.php/Special:Watchlist/edit
Feedback and further assistance:
http://www.gameontology.org/index.php/Help:Contents
Sorry for not responding. I guess no one had any ideas. Hopefully by know you have checked with MediaWiki support. – Joe - 2007-06-27 22:19 UTC
I'm still seeing a fair few spams pointing to big websites which turn out to be running some portal software with vulnerability to spamdexing. It's software which allows any old javascript to be embedded in the HTML such that the spammer can register an account and set up pages with simple javascript redirects. Often they seem to bung in a load of keywords into their HTML too (for the search engines to see).
Poeple running this kind of highly permissive software are effectively running a free web-host. As such they'll need to be thinking about ways of stopping people building these spamdexing pages, or at least cleaning them out by hand after they've been set up.
I guess a lot of these webmasters are oblivious to the fact that their domain name is appearing in spam URLs, and would be keen to take action when they find out (perhaps more so than actual free web hosts) I fired off emails to a couple of webmasters recently, but it might be handy to build up some information on a page here. hmmmm What to call it? – Halz - 2006-11-23 12:08 UTC
Hi Bill. Since I wasn't able to find any recent spam for dos.velek.com and it really looks like this domain is safely parked, I removed the entry from our database. But let me correct you about the porn association. dos.velek.com was listed in our database with keywords relating to prom dresses. These guys even spammed for "ugly prom dresses". Guess people are frantically searching for a place to buy ugly prom dresses 24/7. – Manni - 2006-11-10 19:43 UTC
Sorry for your time.... Why i can't see images on this resource? My Browser is: Opera. Thank you.…but I spotted exactly the same message on two different wikis, and sure enough it's everywhere. Could be a spammer testing his software out, but it's a particularly annoying test, in that a lot of people will waste time responding to the question, trying to test their websites with Opera etc – Halz - 2006-10-11 09:26 UTC
We are getting a good bit of stuff like that ("nice site…" stuff) here and I have seen some technical support type comments on my blog (though usually with one link). Spammers are getting desperate/smart, they are creating comments that no one would think are spam even if it did contain a URL (as long as it wasn't like free-drugs-to-enlarge-your-penis.com). Why many contain no link makes no sense though. If that isn't just malicious, they certainly are stupid. – Joe - 2006-10-11 14:52 UTC
More wikis getting indexed with this spam now. I'll try and clean up some of them I think. So I need a page to link to… Erm… Opera Images Question Spam – Halz - 2006-10-16 07:56 UTC
:Yeah I've logged a fair few spam links pointing to plone.org itself (where a spammer has set up further links), and am I right in thinking that plone software uses URLs mentioning 'portal_memberdata'? I've logged a lot of spam linking to such URLs. Seems this software is widely used by government and educational websites. Clearly it has (or has had in the past) some vulnerability which some spammer likes to exploit. To easily set up their linkfarms/redirects. – Halz - 2006-10-11 09:18 UTC
A new blacklist? We are seeing pretty much spam these days. The biggest part of that spam advertizes pages on some free forum site or something similar. I.e., we are not seeing the spammes domain spamvertized directly, only some Javascript redirect page. We can deal with pages like that as long as the free forum provider delivers a dedicated subdomain per forum. But if all we have are subdirectories on the forum domain, we're screwed.
So I've been thinking about a new blacklist that lists only abused services like those free forums hosters. We'd end up with three blacklists: Our regular blacklist with spammy domains, the new blacklist with abused domains, and a combined version. For the new blacklist, we wouldn't have any spammer pages on chongqed.org; just the blacklist.
Any thoughts? – Manni - 2006-08-23 08:06
SnipSnap: This is a software that will produce a combination of blog and wiki. Recently, spammers have figured out a way to abuse it. SnipSnap? has a feature that lets users upload and link to attachments. From the SnipSnap? website, it seems that this was designed to let you upload images, PDFs, or word documents. Unfortunately, you can also upload html pages. Spammers do just that. They upload html that contains redirecting javascript. The advantages for the spammers are that you can only remove attachments if you are administrator or you know their password and that you can pick your own page names (of course, spammer pick names containing their keywords). I have no idea how to handle that kind of spam. – Manni - 2006-08-02 08:18
I've been thinking of cleaning the database by purging the entries without a recorded date. I don't know if the old spammers are still active, but I doubt it. I also think that google might like it when we have less spammer pages. And there will be less noise to drown new entries.
Any thoughts?
– Manni - 2006-07-29 13:19
I agree, it would be a good idea to cut down the database. There is no reason to keep this stuff forever since many of the spammers only use their URLs for a few months at most. This would not only help reduce our footprint in Google, it would mean smaller blacklists to download. Of course, there are likely a bunch of spammers on the old part of the list there that still need blocking. Is there any way to compare which URLs have been found in CaughtSpam. It wouldn't be perfect, but it would help reduce any really active spammers. And of course, there are a few of our older friends that we wouldn't want to drop from the DB.
If you have some extra time to kill, you could set up an account with Google's Search API and automate searching of those old entries to see if it looks like a lot of spam lately from them. Last I checked the accounts were limited to 1000 hits a day, but you can spread out the checks over a few days.
You could also look into the really long keyword strings (6+ words) that those older spammers were entered for. The really long strings are more likely to be randomized and long since dropped.
– Joe - 2006-07-29 19:02 UTC
I don't understand what you are talking about. Are they spamming phone numbers? Or are you talking about the spammers that are leaving long strings of random numbers? Anyway, I Googled the IP and found some poker spam to chongq. – Joe - 2006-07-14 22:21 UTC
MattisManzel 2006-07-15: "long numbers that seem like a harmless telephone-number" mean the latter. Thx.
Just a quick note for those that might be worried that Ann's SpamHuntress? site is down. She didn't quit, and she wasn't shutdown. She is being hit by a DDoS? by some stupid spammer and should be back soon even more determined to hunt down such idiots. – Joe - 2006-07-03 23:46 UTC
Propagating Trust and Distrust to Demote Web Spam - An academic paper going into some depth describing this approach, and their experiments with it.
Could be an alternative page ranking mechanisms for search engines, but hopefully the brains at google have already implemented/dismissed such ideas to some extent.
I think it's more interesting to think of of the possibilities of using such a mechanism for websites to exchange 'distrust' information. Like a peer-to-peer blacklist, but more fuzzy. Mighty complicated compared with straightforward ContentBanning, but I can picture how to build such a system – Halz - 2006-06-19 19:37 UTC
We got some of that here too, made as a minor revision by 165.246.182.68. I would love to know what is going on with this. There are two reasons I can think of. First is they are testing for dead wikis and tagging them for finding again during crawling or through Google. Second, they could have some messed up spam software and really intended to be spamming links. I would like to know if wikis ever get referrers from a search engine for those numbers so I have left the one we got, it was a new page anyway. – Joe - 2006-06-18 12:53 UTC
I got an interesting visit to my wiki's My spam blacklist page with no referrer using rotating IP addresses belonging to AOL (is that usual for AOL users) and using an AOL useragent. Then they removed ticketsmyway\.com from the blacklist. Since it isn't being used I had not protected it. It was a real user too, images were loaded.
64.12.116.71 - - [15/Jun/2006:10:09:45 -0500] "GET /wiki/My_spam_blacklist HTTP/1.1" 200 8790 "-" "Mozilla/4.0 (compatible; MSIE 6.0; AOL 9.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)" 64.12.116.139 - - [15/Jun/2006:10:09:45 -0500] "GET /mw/skins/common/commonPrint.css HTTP/1.1" 200 5095 "http://chongqed.info/wiki/My_spam_blacklist" "Mozilla/4.0 (compatible; MSIE 6.0; AOL 9.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)" 64.12.117.10 - - [15/Jun/2006:10:09:45 -0500] "GET /mw/skins/monobook/main.css HTTP/1.1" 200 21380 "http://chongqed.info/wiki/My_spam_blacklist" "Mozilla/4.0 (compatible; MSIE 6.0; AOL 9.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)" 64.12.116.8 - - [15/Jun/2006:10:09:46 -0500] "GET /mw/skins/common/IEFixes.js HTTP/1.1" 200 4017 "http://chongqed.info/wiki/My_spam_blacklist" "Mozilla/4.0 (compatible; MSIE 6.0; AOL 9.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)" 64.12.116.66 - - [15/Jun/2006:10:09:46 -0500] "GET /mw/skins/monobook/IE60Fixes.css HTTP/1.1" 200 1352 "http://chongqed.info/wiki/My_spam_blacklist" "Mozilla/4.0 (compatible; MSIE 6.0; AOL 9.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)" 64.12.116.65 - - [15/Jun/2006:10:09:51 -0500] "GET /mw/index.php?title=-&action=raw&gen=js HTTP/1.1" 200 1112 "http://chongqed.info/wiki/My_spam_blacklist" "Mozilla/4.0 (compatible; MSIE 6.0; AOL 9.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)" 64.12.116.72 - - [15/Jun/2006:10:09:51 -0500] "GET /mw/skins/common/wikibits.js HTTP/1.1" 200 17349 "http://chongqed.info/wiki/My_spam_blacklist" "Mozilla/4.0 (compatible; MSIE 6.0; AOL 9.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)" 64.12.116.8 - - [15/Jun/2006:10:09:52 -0500] "GET /mw/skins/monobook/bullet.gif HTTP/1.1" 200 50 "http://chongqed.info/wiki/My_spam_blacklist" "Mozilla/4.0 (compatible; MSIE 6.0; AOL 9.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)" 64.12.116.203 - - [15/Jun/2006:10:09:52 -0500] "GET /mw/skins/monobook/headbg.jpg HTTP/1.1" 200 7881 "http://chongqed.info/wiki/My_spam_blacklist" "Mozilla/4.0 (compatible; MSIE 6.0; AOL 9.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)" 64.12.116.195 - - [15/Jun/2006:10:09:52 -0500] "GET /mw/index.php?title=-&action=raw&gen=css&maxage=18000 HTTP/1.1" 200 110 "http://chongqed.info/wiki/My_spam_blacklist" "Mozilla/4.0 (compatible; MSIE 6.0; AOL 9.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)" 64.12.117.14 - - [15/Jun/2006:10:09:52 -0500] "GET /mw/index.php?title=MediaWiki:Monobook.css&action=raw&ctype=text/css&smaxage=18000 HTTP/1.1" 200 98 "http://chongqed.info/wiki/My_spam_blacklist" "Mozilla/4.0 (compatible; MSIE 6.0; AOL 9.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)" 64.12.116.7 - - [15/Jun/2006:10:09:52 -0500] "GET /mw/skins/monobook/user.gif HTTP/1.1" 200 932 "http://chongqed.info/wiki/My_spam_blacklist" "Mozilla/4.0 (compatible; MSIE 6.0; AOL 9.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)" 64.12.117.11 - - [15/Jun/2006:10:09:52 -0500] "GET /img/ed_honeypot.png HTTP/1.1" 200 15994 "http://chongqed.info/wiki/My_spam_blacklist" "Mozilla/4.0 (compatible; MSIE 6.0; AOL 9.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)" 64.12.116.202 - - [15/Jun/2006:10:09:53 -0500] "GET /mw/skins/common/images/poweredby_mediawiki_88x31.png HTTP/1.1" 200 1933 "http://chongqed.info/wiki/My_spam_blacklist" "Mozilla/4.0 (compatible; MSIE 6.0; AOL 9.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)" 64.12.117.12 - - [15/Jun/2006:10:10:23 -0500] "GET /mw/index.php?title=My_spam_blacklist&action=edit HTTP/1.1" 200 8052 "http://chongqed.info/wiki/My_spam_blacklist" "Mozilla/4.0 (compatible; MSIE 6.0; AOL 9.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)" 64.12.116.135 - - [15/Jun/2006:10:10:23 -0500] "GET /mw/skins/common/images/button_bold.png HTTP/1.1" 200 978 "http://chongqed.info/mw/index.php?title=My_spam_blacklist&action=edit" "Mozilla/4.0 (compatible; MSIE 6.0; AOL 9.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)" 64.12.116.130 - - [15/Jun/2006:10:10:23 -0500] "GET /mw/skins/common/images/button_link.png HTTP/1.1" 200 434 "http://chongqed.info/mw/index.php?title=My_spam_blacklist&action=edit" "Mozilla/4.0 (compatible; MSIE 6.0; AOL 9.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)" 64.12.116.130 - - [15/Jun/2006:10:10:23 -0500] "GET /mw/skins/common/images/button_italic.png HTTP/1.1" 200 975 "http://chongqed.info/mw/index.php?title=My_spam_blacklist&action=edit" "Mozilla/4.0 (compatible; MSIE 6.0; AOL 9.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)" 64.12.116.73 - - [15/Jun/2006:10:10:24 -0500] "GET /mw/skins/common/images/button_extlink.png HTTP/1.1" 200 1093 "http://chongqed.info/mw/index.php?title=My_spam_blacklist&action=edit" "Mozilla/4.0 (compatible; MSIE 6.0; AOL 9.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)" 64.12.116.73 - - [15/Jun/2006:10:10:24 -0500] "GET /mw/skins/common/images/button_headline.png HTTP/1.1" 200 497 "http://chongqed.info/mw/index.php?title=My_spam_blacklist&action=edit" "Mozilla/4.0 (compatible; MSIE 6.0; AOL 9.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)" 64.12.116.65 - - [15/Jun/2006:10:10:24 -0500] "GET /mw/skins/common/images/button_media.png HTTP/1.1" 200 1155 "http://chongqed.info/mw/index.php?title=My_spam_blacklist&action=edit" "Mozilla/4.0 (compatible; MSIE 6.0; AOL 9.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)" 64.12.116.10 - - [15/Jun/2006:10:10:24 -0500] "GET /mw/skins/common/images/button_image.png HTTP/1.1" 200 1110 "http://chongqed.info/mw/index.php?title=My_spam_blacklist&action=edit" "Mozilla/4.0 (compatible; MSIE 6.0; AOL 9.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)" 64.12.116.131 - - [15/Jun/2006:10:10:24 -0500] "GET /mw/skins/common/images/button_math.png HTTP/1.1" 200 730 "http://chongqed.info/mw/index.php?title=My_spam_blacklist&action=edit" "Mozilla/4.0 (compatible; MSIE 6.0; AOL 9.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)" 64.12.116.12 - - [15/Jun/2006:10:10:24 -0500] "GET /mw/skins/common/images/button_nowiki.png HTTP/1.1" 200 375 "http://chongqed.info/mw/index.php?title=My_spam_blacklist&action=edit" "Mozilla/4.0 (compatible; MSIE 6.0; AOL 9.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)" 64.12.116.68 - - [15/Jun/2006:10:10:24 -0500] "GET /mw/skins/common/images/button_sig.png HTTP/1.1" 200 1217 "http://chongqed.info/mw/index.php?title=My_spam_blacklist&action=edit" "Mozilla/4.0 (compatible; MSIE 6.0; AOL 9.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)" 64.12.116.13 - - [15/Jun/2006:10:10:24 -0500] "GET /mw/skins/common/images/button_hr.png HTTP/1.1" 200 372 "http://chongqed.info/mw/index.php?title=My_spam_blacklist&action=edit" "Mozilla/4.0 (compatible; MSIE 6.0; AOL 9.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)" 64.12.116.200 - - [15/Jun/2006:10:10:34 -0500] "POST /mw/index.php?title=My_spam_blacklist&action=submit HTTP/1.1" 302 38 "http://chongqed.info/mw/index.php?title=My_spam_blacklist&action=edit" "Mozilla/4.0 (compatible; MSIE 6.0; AOL 9.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)" 64.12.116.71 - - [15/Jun/2006:10:10:35 -0500] "GET /wiki/My_spam_blacklist HTTP/1.1" 200 8841 "http://chongqed.info/mw/index.php?title=My_spam_blacklist&action=edit" "Mozilla/4.0 (compatible; MSIE 6.0; AOL 9.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
The TicketsMyWay? site has a notice up that it was being leased but is not anymore, I wonder if that is related.
Headliner Tickets Inc. is currently unable to send out any tickets due to a lack of funds. If you have not received your tickets please contact your credit card company to explore possible ways to resolve this issue. Headliner Tickets apologizes for any inconveniences.
TicketsMyWay?.com is NOT owned by Headliner Tickets. This domain was leased to Headliner Tickets. Please do not send complaints as we are not involved.
The Google cache version of the page says:
TICKETSMYWAY.com is for sale. If you are interested in purchasing the domain please send your bid to us at This Email Address
I found this in the comments on Ben Goodger's blog:
TicketsMyWay?.com is on the spam blacklist on this page. http://wiki.mozilla.org/Spam_blacklist . We had people working on the site a while back and I am not sure what they did but it obviouslt wasnt good. Like I said it has been a very long time since they worked on the site and we would appreciate it if you would take us off that list. Thank you. They put you as the contact and I apologize if I am mailing you at the wrong place.
Posted by: Mike at March 31, 2006 08:23 AM
We don't list them as a spammer in the chongqed database and I don't see a lot of evidence of spamming in Google, but clearly they spammed some wiki enough to get listed. I think where I got it was the MediaWiki meta wiki's blacklist.
Whether or not the site is a current spammer, there should be no need to get removed from wiki blacklists since there is little need to post links to the site on most any wiki (where it would be off topic) except for spamming. And removing it yourself just looks bad.
– Joe - 2006-06-16 05:16 UTC
TheSheep made some interesting proposals concerning spam on the-sheep-wiki: 2006-06-04 spam. And see how we are progressing on the oddwiki-hive. – MattisManzel
Hi Mattis. Haven't seen you around much lately. I read over TheSheep's proposals and disagree with most every one:
1. users will usually instantly recognize and ignore spam
Users can only easily recognize spam when it is done in the simple bulk way most commonly used today. They cannot recognize what they cannot see, see CSSHiddenSpam. And those that insert links into previously existing text in place of existing links or punctuation are very hard to recognize. Users cannot ignore spam if most of the wiki is filled with spam, see how bad my honeypot has become. Spam makes editing the wiki much more difficult. If a user wants to contribute to the page and does not first clean the page of any spam, his edit will hide the spam edit. Most people only look at the latest diff of the page in history so the spam then becomes a long term part of that page until someone specifically goes looking for it.
2. if you devise new way of removing spam from your wiki, the bots will adapt sooner or later
Bots cannot adapt to all methods of preventing spam. And even if they could, does that mean we shouldn't try? Passwording the wiki (which I hate) works. Custom quizes such as asking your own questions (first name of wiki owner, color of the sky, color of an orange) work because every wiki will be different. Using javascript to create a hash that allows editing. A TarPit is undetectable by the spammer so should not be able to be adapted to. CAPTCHAs (which I also dislike) are mostly hard to break automatically. In addition, there are things like BadBehavior? which while it was adapted to, still blocked many spammers and a new version is currently being tested. Anything to reduce spam without causing problems for legitimate users is a win.
3. spam that is appended to the pages and does not replace/destroy or obscure the content is mostly harmless
No spam is harmless. Not only does spam attract other spam (which may not be as non destructive), wiki pages have technological size limits. MediaWiki warns on large pages: "some browsers may have problems editing pages approaching or longer than 32kb." My honeypot has a total of 14 pages, 8 of those are over 32kb, 2 are over 80kb. And much "harmless" spamming software has bugs and damages pages, it is common that HTML entities will be handled improperly, such as turning & into & which can break links.
4. unless an especially malicious bot is used, link spam is usually deployed only on several, randomly (more or less) selected pages
All spam bots are malicious. If there were only a few spammers around the world and they only spammed a couple pages your wiki once a month maybe it wouldn't be so bad. But we know there are more than a few spammers. We also know they do not spam a particular wiki only infrequently. We also know they do not spam only a few pages. On my honeypot, most spammers attack between three and six pages per attack.
5. the spammer’s goals are usually not in conflict with the goals of the wiki
The goals of the wiki are to share information. The goals of the spammer are to make easy money any way possible. For them it may be no cost, but for the victims it requires wasting their time and effort cleaning up the mess and attempting to prevent further attacks. The goals of the spammer make it hard to accomplish the goals of the wiki. Many wikis have been locked down or taken offline due to spammers. How does that not conflict with the goal of sharing information?
Branching pages
This should not be a problem anymore. With most modern wikis, only the most recent edit is visible to search engines. See NoIndexHistory. Since spammers find victims through search engines, they don't see those older edits. Spammers (even though they are stupid) also know that spamming pages that do not appear in search engines does them no good.
Donating pages
Finally one I can agree with TheSheep on, he doesn't like this idea either. Few if any spammers read the pages they spam so its pretty useless to provide a spam allowed page. And if it was used, it just helps the spammers ranking which just encourages spamming and does little to help the wiki. Also, linking to sites in bad neighborhoods hurts your PageRank. And again, spam attracts spam. New spammers will not limit themselves to just your donated pages.
In conclusion, spam attracts spam and anything that gets soft on spam is in effect promoting spamming. Spamming is unwanted, antisocial, disruptive, and rude behavior. Webpage owners don't put up wikis, blogs, and guestbooks for the purpose of giving spammers a place to put links. Wikis are open to anyone to edit, but if your additions benefits you (and your PageRank) more than it benefits the wiki community it is most likely unwanted and spam. If the reason you want to let spammers destroy the internet is because of freedom of speech crap, you must realize SPAM IS NOT SPEECH!!! Spam is vandalism.
PS. I read on a previous post that his idea of ignoring spam is based on your idea. I would have thought you would know better.
– Joe - 2006-06-09 18:38 UTC
Looks like thanks to the discussions at MeatBall and here, TheSheep realized the problems with "Living with the Enemy." – Joe - 2006-06-09 20:07 UTC
Wow, this is the most RACIST project I've encountered so far. I'm Chinese, and though I'm not from Chongqing, I respect the city based on its historical merits and its economic importance in modern day China. As such, I take offense at this project's name in decapitating the Chinese name of this venerable city and morphing it into an English verb with a comical intonation. I don't see a "Nigeried" project for fighting 419 scams, or "Penised" project for fighting penis enlargement spam. Why this?
– Ben? - 2006-06-04 23:56 UTC
When chongqed.org was named, they took the name of the city and morphed it into an English verb as you say. You have to come up with a name for these things somehow. The city's name is not really a verb of course. So chongqed.org is a mildly humourous name, in that we're playing with language a bit. Of course the name is not designed to redicule the city of Chongqing in any way.
This is obvious. It hardly needs to be stated, although it has already been stated e.g. on the QuestionsAboutChongqing. I don't really understand your objection Ben. Certainly refering to the project as 'racist' is way over the top.
Let me tell you what I object to. I object to wiki spammers. People who spread irrelavent links all over people's wiki websites. A flagrantly anti-social abuse of the technology, which forces people to apply restrictions to system which would otherwise be beautifully free and open.
When someone comes along placing spam links to their Chongqing related website, people like me will be annoyed. I'm not a racist person. I'm going to try to direct my annoyance at the individuals who carry out acts of wiki spamming. However the behaviour of this spammer does enevitably reflect badly on the city of Chongqing, and indeed upon all Chinese people. This is a real shame. You have a right to be annoyed too… and who should you be directing your annoyance at? Well I'll leave you to work it out. – Halz - 2006-06-05 14:43 UTC
I am sorry that using the city name bothers you, but I don't see how using a city name makes this project racist. Chongqing was one of the terms used by the first spammer that pushed us into starting this project. We try to be careful not to capitalize chongqing when we are referencing our project (though others frequently make that mistake) so visitors to our site will not be confused. The reason for morphing chongqing into chongqed was to further distance ourselves from the city name. Had that spammer been using those other terms, one of those might be our name. – Joe - 2006-06-05 18:14 UTC
I just found a nasty spamming method. The blog appears to have spam posts on the main page. Not comment spam, I am talking about actual posts that are spam. They appear unusually at the bottom of the page though (out of chronological order). The date on the spam is recent and the URLs are to archive.org, so I am wondering if this is a recent discovery by spammers and they are just testing it out with fake URLs.
The blog I found with the problem seems mostly abandoned by the owner so an upgrade probably isn't likely. The name of the blogging software is easy to figure out, but I am not going to list it here yet. Lets see what the developer says first. Hopefully this only affects an old version of the blogging software, but I am sure there are plenty sites out there still using it.
– Joe - 2006-06-04 22:29 UTC
I got an email back from a developer of Simple PHP Blog, he said that they have had known vulnerabilities in older versions that have been fixed. I am not sure it was this exact vulnerability, but the Simple PHP Blog site was hacked a while back as well through some security bug. Some victims had pages defaced while others had entire sites wiped out. I guess spammers have now picked up on it too. If you are using this blog software, you must upgrade. – Joe - 2006-06-05 18:14 UTC
The servers for other anti-spam wiki http://spamland.org/jsp/Wiki?Ideas and http://asrg.sp.am/wiki/ are offline. Is there anything I can do to help get them back online?
icky.
I bookmarked the wiki
http://wecanstopspam.org/jsp/Wiki?WeCanStopSpam http://thisurlenablesemailtogetthroughoverzealousspamfilters.org/many months ago … and today, when I finally get around to checking it out … well, ick. I see I'm not the first person to notice.
Is there anything I can do to wash out the ickyness and bring back the wiki? Or should I just delete my bookmarks and forget about this lost cause?
– DavidCary? - 2006-06-03 02:06 UTC
The ASRG Wiki seems only down temporarily, I get a message that says, "The ASRG wiki is temporarily disabled until we set up some user authentication to keep the spammers out. Sigh." I am sure they will be back once they put in some better spam protection.
Wecanstopspam.org has been gone a long time. I was never very confident in the method they used, but it is sad to see any antispam site become a spammer site. I wish when antispammers give up, they would offer their domain to some other trusted antispammer if they have much traffic. Even if they don't keep the old content, at least old links would get visitors to some antispam site. I can understand that they give up, spam fighting takes a lot of time and effort and gets very little results. But don't let your domain fall into the hands of a spammer.
It appears to me that wecanstopspam.org, spamland.org, and thisurlenables…filters.org were projects by Gary Robinson. The first was a loss, but being this long since it was taken over, there is probably nothing anyone can do. The second appears to have hardly been linked to, it was just a antispam resources link page. The really long one was just another domain name for wecanstopspam.org, but was not linked to nearly as much.
Since it looks like Gary abandoned the idea and no one else picked it up back then, it must not have been worth continuing. It is hard to believe he accidently let all three domains expire. Like I said, I didn't think the plan was a good one in the first place. The plan was to include links to his sites in emails and have spam filters automatically whitelist emails that included it, assuming that spammers would not want to include links to those sites in their spams.
– Joe - 2006-06-03 08:33 UTC
Got a strange spam on my honeypot. It was an edit to a page section and only added 47614383212899288105565 at the bottom of the page. Anyone else seeing similar? – Joe - 2006-05-19 21:52 UTC
Yes, I have moved chongqed.org to yet another new server. I sure hope that this was the last moved for the next couple of years. Things should be a little faster and a lot more flexible. Please let me know if you find any glitches. – Manni - 2006-05-17 14:16 UTC
Somebody is spamming, and adding a helpful anti-spam tip at the end of their messages. Reading "Your website can be easily spammed. Read how to protect it - nonetspam.info"
We've seen the argument from a spammer (I forget where this discussion was), that they do it because their competitors do it. Also in the past I remember we made the observation that really smart spammers can figure out how to work around technical barriers, and so they actually benefit from them since it takes out the competition. Maybe the spam I'm seeing here, containing anti-spam tips, is evidence of this thinking. – Halz - 2006-05-10 13:27 UTC
It looks to me like the antispam site is run by the spammer. The site does link to Spamhutress.com, but the whois is from Russia so I doubt it is anyone we know. I am not sure I agree your conclusion that the spammer may be doing this to edge out the dumber competition, but it certainly is a posibility. I suspect it is just to make him look better in the eyes of those he attacks. He is basically offering an opt-out type of setup. But as we know, most admins don't pay attention or just don't care that their site is filled with garbage While it is a bit sparse in the recommendations, they are all helpful for spam victims. But to me the motive behind the site it far from helping the victims, it is just to make the spammer look less evil. – Joe - 2006-05-11 22:15 UTC
Have you seen that Hakdata.de is back open as an SEO business. They have a page on FAQ Optimierung and an Unser Angebot page on what they offer. Check out Daily Optimierung on the Angebot page. That option includes "Advanced Tricks ;-)" and "Dirty Tricks ;-()". I hope they keep it clean this time, but Dirty Tricks doesn't sound encouraging. From the translation, they suggest you "Avoid your sides with so-called link farms to register. This one finalhits a corner as Spamming." So maybe they are avoiding at least some kinds of spamming. For those who don't speak German, see the fish, most of the site translates a bit better than those sentances. For those that do speak German, can you give us some more info? – Joe - 2006-05-01 22:29 UTC
Seems like the new site looks just like the old one. What they are saying about link farms is that that they might be viewed as spam. Guess that's the only time they mention spam.
They should have got themselves a new domain: Google still returns our wiki spammer page at the top of the results for "hakdata" and the rest of the results is still full of old spam. That hardly reassuring for a potential customer. – Manni - 2006-05-03 07:25
Spam I just collected at my honeypot wiki suggests something worrying. Spammers might finally be getting smarter (than dirt). Much of the wiki spam I have seen lately has been for directories or url parameters at free hosts. Here is a sampling:
[http://blog.yukonho.com/index.php?blog=68 Free Verizon Ringtone] [http://blogs.wwwcoder.com/cleo/ nextel ringtone] [http://novogate.com/board/5907/222695-1.html free sprint ringtone] [http://blogs.heraldextra.com/verizonringtone/ verizon ringtone] [http://blog.investing.com/bcbgshoes/ bcbg shoes] [http://blog.yukonho.com/index.php?blog=40 free sprint ringtones] [http://www.buddyprofile.com/viewprofile.php?username=waterfordcrystal waterford crystal] [http://www.totalvideogames.com/blog/naturalizershoes/ Naturalizer Shoes] [http://www.surfbirds.com/blog/formalpromdresses/ formal prom dresses] [http://www.missoula.com/blog/sexypromdresses/ Sexy Prom Dresses] [http://www.justachat.com/blog/?w=naturalizershoes Naturalizer Shoes] [http://www.westwoodbapt.org/blog/towelwarmer/ towel warmer] [http://www.toutelapoesie.com/blog/aerobed/ Aero Bed] [http://www.totalvideogames.com/blog/freesprintringtones/ Free Sprint Ringtones]Our blacklist currently doesn't handle either. Solving the directory problem would not be a major problem (I think), but dealing with the URL parameter addresses might be. We could probably easily add the capability to list them, but would those who use our list be able to handle that without modifying their software? Programs might not be comparing the parameters part of the URL to the blacklist. Even if I am right, I don't think adding them would be a problem, they just wouldn't match on programs that don't look at the parameters (if any).
– Joe - 2006-05-01 21:03 UTC
I just checked out what Dan caught today and found this inside the hidden spam div: "Excuse for my post but I do not have money to buy meal to my children. Forgive me please." It has been include for at least several days. That is one of the sadder spammer stories I have seen left as part of the spam. ;-( – Joe - 2006-05-01 07:24 UTC
Joe has just alerted me about a massive spam attack. I chongqed all the domains. All the domains have freshly changed whois records and all of them are registered to one Dan Georgius:
Georgius, Dan Suite13, First Floor Victoria, Mahe 34120 SC
Dan sure must think that he's a very clever guy.
– Manni - 2006-04-25 08:24 UTC
Thanks, I didn't have time to research them all then. Really dumb to go out spamming with all your brand new domains on the same wiki that just happens to run a blacklist. – Joe - 2006-04-25 18:30 UTC
I did go out leaving messages on some affected wikis and emailed a few admins for a while. It worked at a few places, but most hadn't done anything last I checked. I believe most wiki spam right now is CSSHiddenSpam, it is even pretty common on wikis that don't have the problem. Maybe RichardP would have some stats about hidden spam from his cleaning. – Joe - 2006-04-20 16:28 UTC
Going through the spam on my wiki, I discovered a similarity to that test spam:
<div style="display:none"> [We are delicate. We do not delete your content.] [l_sp7]
Whatever these tags are, it would give the spammer the ability to find places that he previously hit and that the spam stuck. Google l_sp7 or Halz' example, _pw11_.
Somehow typing this post gave me an idea. For those that don't want to block hidden spam (like on my honeypot), why not make it visible? It seems only possible for Mozilla and Konqeror based browsers, but even that is a big improvement. See my blog post.
– Joe - 2006-04-20 21:07 UTC
Ooh. There it is again somewhere else.
Nifty CSS trick! So I guess '*[style*="none"]' means it'll kick in whenever anyone mentions 'none' within a style attribute.
This could be very useful. Did you know mediawiki allows some CSS customisations by wiki editing? (In the later versions at least)
If you create a page called 'MediaWiki:Monobook.css' you can put in new CSS rules which apply to all users, so I guess your rules would work there. By default this is protected, so its still a case of persuading the lazy administrators to take action, but I guess some people would regard this wiki editing step as simpler than adding $wgSpamRegex line in LocalSettings?.php (it's not really easier, but some people don't seem to know how to edit a file). Also if you can persuade someone to give you sysop status, then you can do it yourself.
Mediawiki can also let users make CSS customisations which apply only to their own user (create a page called 'yourusername/Monobook.css') So normal users who are aware of the problem, can make this edit, to reveal the spam! Unforutunately that user CSS feature is switched off by default. Still some interesting possibilities there I think. Need to go test it out somewhere. – Halz - 2006-04-21 16:14 UTC
That sounds great. Will have to try it out and update my post. Not having to edit files will make it much more likely for inexperienced admins to do it.
You got the meaning of '*[style*="none"]' right. I would perfer to be more specific to display:none, but I guess because of the colon it won't match no matter what I tried. Are any spammers actually using visibility:hidden? It shouldn't be as useful since you still see a bunch of blank space on the page, but as it is now they are doing that anyway to hide their edits from the top of the textbox on the edit page.
– Joe - 2006-04-21 19:25 UTC
Well I just successfully set up user css page here which reveal the spam nicely. I needed to add use a different rule to reveal spam which used overflow:auto; height:2px;. – Halz - 2006-04-22 09:34 UTC
I enabled User Styles on my wiki and combined Halz' auto addition and a rule for hidden with the original on my user style. The original (bug fixed) version is still in the default skin so that is why Halz and I have changed the Heading color, we can easily see the skin is working.
The bug I mentioned is a minor bug in going after display:none, the sections on the Preferences page use that to hide the non-active panel so they all display and have red borders. Luckily, I discovered that all pages seem to have a "root" class, and it depends on the type of page. So by adding .ns-0 I limit the rule to regular pages (I hope). Sadly, the bug fix means Konqueror (at least version 3.2) no longer displays the hidden spam. If it works in newer Konqueror/KHTML let me know.
– Joe - 2006-04-24 02:50 UTC
I had to make some more changes. The ns-0 (name space) rule turns out only to work on regular wiki pages. But there are 14 other name spaces for other pages that allow user content where spam would remain hidden. Stuff like talk, help, help talk, talk talk, etc. I think not unhiding those is worse than not unhiding any. If users think the spam is going to be visible, they may be more likely to miss those that do get hidden. The size of the rule necessary to cover all those namespaces is insane. It works, but I hate to recommend it as a simple solution. See how the rules look now on my user style page. Any other ideas? – Joe - 2006-05-01 07:24 UTC
Hi niespolo. wikimatrix.org provides useful side-by-side comparison for this kind of question. Based on your need for JSP/Servlet technology and fine grained permission control, it looks like you're down to Confluence (not free), JSPWiki, or XWiki. Of the three, JSPWiki? is the only one I've seen in the wild. …however you may want widen your search a little because, firstly it's very easy to install Apache and PHP. This gives you more options, since most wiki engines are written in PHP. Secondly it's a common misconception that you need to heavily lock down wiki editing and restrict editing access. One of the great things about wiki technology (when it works) is that heavy permissioning is not really necessary. Anyway wikimatrix.org will help you in your search. Also The WikiIndex.com engine's list will lead you to many running examples – Halz - 2006-03-30 09:22 UTC
Just used Firefox (instead of my default browser, Opera) to view the RecentChanges. Have those links at the top always been pink in Firefox? – Manni - 2006-01-18 19:04
They don't look pink to me (in IE or firefox). Firefox lets you specify default or overriding CSS definitions. but it seems unlikely you'd do it by accident. Incidently this trick allows you to 'see' rel=nofollow.– Halz - 2006-01-18 22:37 UTC
They aren't pink for me either with FF 1.0 or 1.5. I did notice though that on the main page, a lot of subpages were missing the heading menu entirely (unless you fixed it since last night). – Joe - 2006-01-18 23:37 UTC
Thanks, Halz. I guess the nofollow thingy was it (or is it). Don't know how I got this to work but it must have been in the early days of nofollow.
Joe: thanks for the heads-up. Hadn't noticed that one. A little script is doing the navigation menu for me and its output get included with ssi. I suspect the new server doesn't know that I want ssi on those pages. – Manni - 2006-01-19 09:32
Check your userContent.css file in your FF profile chrome directory. It is either that or an extension. – Joe - 2006-01-19 08:38 UTC
It's been a while, but now we have a new speculation about search engines and what that parse and don't parse: http://chongqed.org/jstoploc.html – Manni - 2006-01-18 12:45
How exactly is this one supposed to work? If you link to it from here it surely will be crawled. We don't nofollow links on the wiki. And I don't see the JS part either. – Joe - 2006-01-18 23:39 UTC
I have to agree with Joe on this one. I assume that the jstoploc (javascript top location) was supposed to be publicly linked, but that it would itself contain a javascript redirect (i.e. something like top.location = etc) to the true test page. However, I don't see any javascript on the jstoploc page. Just an oversight? – RichardP - 2006-01-19 08:07 UTC
Can't really follow you guys there. I linked to this little page so it will be crawled because that's what I want. And there is javascript in chongqed.org/jstoploc.html. It will redirect you to a new speculations page. Works for me. The question, of course, is whether that new speculations page will show up in the SERPs. – Manni - 2006-01-19 13:02
Manni just helped me figure it out. The javascript does a redirect to the speculation directory. It happens so fast and the page name is similar so we missed it. – Joe - 2006-01-19 16:35 UTC
Article on Google Patent involving Link Churn. "Google MAT penalize the web page owner for link churn above a certain threshold." That is a big incentive to keep your wiki clean. Spammers will make your link churn percentage huge if you let them. – Joe - 2006-01-09 21:27 UTC
My wiki is working again. Due to some server troubles my site was down for a day or two and when it came back my wiki was missing. Everything was backed up and restored, but the backup of my DB is empty and it looks like something went wrong with it a while before the server went down. Luckily it was small so I was able to rebuild it from Google's cache. Even without that it would have been no loss. The only important page is the one on CSSHiddenSpam and most of that is here too. – Joe - 2006-01-09 05:00 UTC
Yeah Manni set me up with a chongqed.org email address (just forwarding is easiest I guess)
Last month I was playing around with a MediaWiki installation to see what could be done about their increasing problem of CSSHiddenSpam – Halz - 2006-01-04 22:42 UTC
I am glad you are back. It has been rather boring around here other than the fight to get the site working again. I was pretty worried about our PR too, and we certainly took a hit, but it could have been a lot worse. But remember PR and links info are not updated in real time so we may yet see the drop. – Joe - 2006-01-05 05:07 UTC