23,256
edits
Changes
no edit summary
:It was down for everyone this weekend due to issues on the hosting side. - [[User:Tarkisflux|Tarkisflux]] 20:13, 16 May 2011 (UTC)
== Spambots ==
I have a solution to the spambots, which is a type of captcha, but not so much of a pain in the ass that you can't read the text. From my understanding, it has worked for http://nethackwiki.com. They use a specific captcha that they coded specifically for their wiki (I'm sure if I ask nicely I can get a copy). It will ask you a question related to nethack which should be common knowledge (from some from of questions database). For example: "What symbol represents a floating eye in NetHack?".
If I can get a copy of their captcha, we can recode it with some very simple D&D related questions (maybe randomized multiple choice?). ie:
* Which of the following is a 3.5e rogue class feature: a) sneak attack, b) rage, c) spellcasting, d) power points
* Which of the following is a 3.5e monk class feature: a) evasion, b) flurry of blows, c) turning into a colossal++ wyvern via the metamorphisis power, d) all of the above
The second one is a joke, btw.
Sure, it discriminates a bit against people that have little to no D&D experience. On the other hand, we can provide a link that tells them to just make an account if they don't want to answer the captcha questions.
Thoughts? --[[User:Aarnott|Aarnott]] 15:43, 18 May 2011 (UTC)
:That would be good (the spambots seem to be adapting again after all). No idea on what the questions would be. -- [[User:Eiji-kun|Eiji-kun]] 16:04, 18 May 2011 (UTC)
::It's supported by the confirmedit extension that we currently have installed [http://www.mediawiki.org/wiki/Extension:ConfirmEdit#QuestyCaptcha doc here]. If we get a list of questions together I'll code it and pass it along to Surgo for implementation. - [[User:Tarkisflux|Tarkisflux]] 16:41, 18 May 2011 (UTC)
:::Some questions for you folks:
* What dice type is used for attack rolls in DnD? a) d20 b) d6 c) d8 d) d12
* Which of these classes is not in the SRD? a) monk b) rogue c) truenamer d) fighter
* What is the lowest level a player character can be in DnD? a) 4 b) 1 c) 0 d) 9000
* A "fighter" is an example of what? a) a race b) a class c) a feat d) a weapon
* Which of these skills is not in the SRD? a) Use Magic Device b) Spot c) Iaijutsu Focus d) Bluff
* What does BAB stand for? a) Base Attack Bonus b) Base Angel Beat c) Blue Animal Bed d) Bonus Argument Belief
* What tabletop RPG system does this wiki cater for? a) GURPS b) DnD c) FATAL d) Shadowrun
:::Figured I'd help out. - [[User:MisterSinister|MisterSinister]] 21:55, 18 May 2011 (UTC)
::::I just looked at the questy captcha implementation again, and it's not multiple choice. So if we really wanted multiple choice, and I don't think it's a good idea actually, we'd have to find an extension that did that. These questions could be reformulated to include the options though, like "Which of the following classes is not in the SRD: Fighter, Monk, Warmage, or Ranger?", and then the answer would need to be typed in (and would probably be case sensitive). - [[User:Tarkisflux|Tarkisflux]] 22:06, 18 May 2011 (UTC)
::::Edit - We could go with a different extension entirely actually. The [http://www.mediawiki.org/wiki/Extension:Asirra Asirra Extension] is an implementation of an MS anti-spam measure where you have to select all of the cat or dog pictures from a set containing both cat and dog pictures. I don't know if this would be more or less annoying than typing the answer to a question, but it sounds less vulnerable to brute force or manually generated list attacks against a limited question set. - [[User:Tarkisflux|Tarkisflux]] 22:10, 18 May 2011 (UTC)
:::::I'm pretty certain any type of captcha would be sufficient. I just suggested that one because it is convenient for an actual person (unlike a lot of image-text captchas out there, which are annoying). I'm pretty sure (just seeing spam on other wikis I watch) that there is a bot that spiders the internet for mediawiki sites and tries to spam sites that have unprotected IP edits and user creation.
:::::Also, multiple choice can work if we want to make the answer to the captcha "a", "b", "c", "d", or "e". Further, we could rearrange the multiple choice answers and still use questy captcha. Whatever is easiest for implementation but also isn't (much of) a pain for real people. --[[User:Aarnott|Aarnott]] 22:35, 18 May 2011 (UTC)
:::::Edit - what I mean by that can be explained using this questy captcha code:
$wgCaptchaQuestions[] = array( 'question' => 'What dice type is used for attack rolls in DnD? a) d20 b) d6 c) d8 d) d12', 'answer' => 'a' );
$wgCaptchaQuestions[] = array( 'question' => 'What dice type is used for attack rolls in DnD? a) d6 b) d20 c) d8 d) d12', 'answer' => 'b' );
:::::So we ''can'' do multiple choice. But really the cat/dog thing is probably easier to implement (just an extension) and just as easy for actual users to use. --[[User:Aarnott|Aarnott]] 22:40, 18 May 2011 (UTC)
::::::I could have sworn I posted on this. Anyway, as I was saying I'm down with the cat/dog images, or whatever image sets we do. Not that it effects me nor that I would fall for it, but I have to consider what if some particularly unusual person didn't put in "dog" when they see a dog and they put in "german shepard" which may be technically correct but not what we were looking for. Or they see the color pink and they put in "salmon".
::::::Course, no system would be perfect and thats a small issue IMO, but I figure I'd bring it up anyway. -- [[User:Eiji-kun|Eiji-kun]] 23:40, 18 May 2011 (UTC)
:::::::Dropped of the face of the planet for a bit (I blame combinatorics :P). I've tested out the cat/dog Asirra extension and it is perfect. The only thing I found a bit annoying was that you have to look at 12 photos. Luckily we can just change that value using $wgAsirraCellsPerRow to something more manageable like 6 photos. That would be enough that it wouldn't be super annoying, but it also would be pretty certain to stop the spamming. --[[User:Aarnott|Aarnott]] 13:48, 26 May 2011 (UTC)
::::::::I'll ask Surgo to install the Asirra extension then.
::::::::In other news, I spent some time tracing the ips associated with the spam yesterday, and they're all run through the same hosting service. I'm looking into a way to just block that host, which would also pretty much kill our spammer issue. - [[User:Tarkisflux|Tarkisflux]] 16:31, 26 May 2011 (UTC)
:::::::::''Tarkisflux, F*CK YEAH!''
:::::::::''Coming again, to stop the mother f*cking spambots,''
:::::::::''Tarkisflux, F*CK YEAH!''
:::::::::''CAPTCHA is the only way yeah,''
:::::::::''Spambot host your game is through cause now you have to answer too, ''
:::::::::''Tarkisflux, F*CK YEAH!''
:::::::::''So lick my butt, and suck on my balls,''
:::::::::''Tarkisflux, F*CK YEAH!''
:::::::::''What you going to do when we posts now, ''
:::::::::''it’s the dream that we all share; it’s the hope for tomorrow''
:::::::::''F*CK YEAH!''
:::::::::''Eiji-kun, F*CK YEAH!''
:::::::::''Surgo, F*CK YEAH!''
:::::::::''Ganteka, F*CK YEAH!''
:::::::::''Leziad, F*CK YEAH!''
:::::::::''Aarnott, F*CK , YEAH!''
:::::::::''Wildmage, F*CK YEAH!''
:::::::::''Ghostwheel, F*CK YEAH!''
:::::::::''Genowheel, F*CK YEAH!''
:::::::::''F*CK YEAH!''
:::::::::''Dracomortis, F*CK YEAH!''
:::::::::''The Badger, F*CK YEAH!''
:::::::::''Warrior4, F*CK YEAH!''
:::::::::''Daranios, F*CK YEAH!''
:::::::::''Sinister, F*CK YEAH!''
:::::::::''Karuma, F*CK YEAH!''
:::::::::''Parakee, F*CK YEAH!''
:::::::::''TG Cid, F*CK YEAH!''
:::::::::''Reverend, F*CK YEAH!''
:::::::::''Spaz Chaos (F*ck ye... F*ck yeah?)''
:::::::::''Dukelzan, F*CK YEAH!''
:::::::::''YX33, F*CK YEAH!''
:::::::::''Aelaris, F*CK YEAH!''
:::::::::''TK-Squared, F*CK YEAH!''
:::::::::''Foxwarrior, F*CK YEAH!''
:::::::::''Haavy, F*CK YEAH!''
:::::::::''Karrius, F*CK YEAH!''
:::::::::''Magnamune, F*CK YEAH!''
:::::::::''Paleomancer, F*CK YEAH!''
:::::::::''Tarkisflux (Tarkisflux)''
:::::::::''(f*ck yeah, f*ck yeah)''
:::::::::''Spanambula''
:::::::::''Rith!''
:::::::::(Ends with an epic guitar riff)
:::::::::(If you could tell, I'm really happy to hear that Tarkis. :D) -- [[User:Eiji-kun|Eiji-kun]] 17:53, 26 May 2011 (UTC)
{{ri}}
:Yay song! Glad I could brighten your day Eiji. Surgo has been asked to install the extension, and it should be up shortly-ish. I have no idea if or when the host blocking will come online, as there doesn't seem to be an easy way to block them short of doing rather wide ip range blocks... which is less than ideal. - [[User:Tarkisflux|Tarkisflux]] 18:49, 26 May 2011 (UTC)
::New capcha is up, but Aarnott was wrong in that we can't turn down the number of pics required for authorization (the setting referenced only changes their layout). So we're stuck with the somewhat annoying 12 photos. Talking it over with Surgo still, but we might look into an alternative. Until then, I guess we'll see what happens with spam. Sorry in advance to any user affected by the change who has not confirmed their email :-/. - [[User:Tarkisflux|Tarkisflux]] 21:35, 26 May 2011 (UTC)
:::It looks like I was also wrong that it would fix the problem. Which really surprises me. It must be a pretty sophisticated bot. I'm going to do some research to see what else can be done. --[[User:Aarnott|Aarnott]] 15:13, 8 June 2011 (UTC)
::::Surgo reverted the capcha to the simple capcha. He felt that the assira one was overly obnoxious since we couldn't reduce the number of visible pictures. While we had it running though we had 0 instances of spam (for the whole 2 days). Since most of these bots are from the same host and they are starting to re-use ips, I've been doing range blocks (using the CIDR notation for the block assigned to the host, thanks [http://whois.arin.net/ui ARIN]!) and perma-bans. I thought it was working up until this morning :-/ - [[User:Tarkisflux|Tarkisflux]] 15:20, 8 June 2011 (UTC)
::::Nevermind on the not working, it probably is (if slowly). The two recent spammer ips were only given 2 week blocks by Gan originally. They, and all other ips on their subnets, are now perma-blocked. Hopefully they'll run out of unblocked ranges sooner rather than later. - [[User:Tarkisflux|Tarkisflux]] 15:25, 8 June 2011 (UTC)
:::::What will happen if someone uses a proxy?--[[User:Parakee|Parakee]]<sup>[[User Talk:Parakee|Talk]]</sup> 17:45, 8 June 2011 (UTC)
::::::We have special server magic that causes computers attempting to access us through proxies to melt down. Also, the proxy would be blocked when it showed up. My guess is that the ips currently being blocked are proxies actually. It's stupid whack-a-mole right now, but since they're mostly all coming from the same hosting company I'm hopeful they'll run out of blocks. - [[User:Tarkisflux|Tarkisflux]] 17:59, 8 June 2011 (UTC)
::::::: Is there a way to make it auto-target the captcha box when editing so that people don't need to click on it when editing and can just enter the number, etc? --[[User:Ghostwheel|Ghostwheel]] 22:53, 12 June 2011 (UTC)
::::::::UPDATE - Surgo has turned the Assira (kittenAuth) back on, since Simple has been broked. It should trigger only for new pages, url adds, and account registration for non-confirmed users only. You should be able to do regular page edits without it, even if your account is not confirmed. Hopefully it's not too annoying for anyone and spam accounts drop substantially. Report any problems on [[User talk:Tarkisflux|my talk]] please. - [[User:Tarkisflux|Tarkisflux]] <sup>[[User talk:Tarkisflux|Talk]]</sup> 23:36, 14 May 2012 (UTC)
