counter measures

What worked for us, and what didn't. Existing solutions and proposals. This page reverted due to... well, spam of course.

BannedLinks (plugins/edit/spam_deface)

Limited success, because apparantly chinese spammers either cannot read, understand or ignore that their links are useless for search engine spamming, once mangled here through the PageRankKiller.

Chinese characters (plugins/meta/block_chinese)

Didn't seem to work for us. Probably again, due to the fact that link spammers pay not much attention to what the site tells them or they don't understand any English. This plugin however successfully blocks chinese spammers from trashing up search engine databases nevertheless.

BlockedLinks (plugins/edit/spam_block)

Gives spammers an immediate response to their activities by a failure message. Only partially worked (maybe the plugin is buggy - if I only could get some spammers when I actually needed them to test the script!!? *hehe*). But it seems someone got frustrated by that and tried to purge the BlockedLinks page, which is an success in itself, because it means lost time for that link spammer here, and makes us a less interesting target.

plugins/lib/spamblock_whois

Untested yet. Blocking links based on meta information however seems a good idea. Especially blocking linking to servers with IPs of known spammer-friendly web hosters could become useful.

maximum number of posted links (not yet written)

A more simple and rude measure against link spamming is to limit the number of links one could inject into the site. This has impacts on using Wiki for link directories (I have one), but as it is that easy to do and likely the most useful approach.

The target Wiki gets useless for link spammers if they had to spend five minutes instead of seconds for injecting their often over hundred links. It's the same as with email spam - it only makes sense if they can pester a big number of users or post a big number of links at once.

spam activities

Which sorts of attacks has this Wiki seen?

scripted attacks

The first scripted attack seen here was the creating of circa fourthy pages with the name "*SsSs.." (with numeric appendix) each linked to each other. Was easy to remove with WikiCommander, and would probably have been much easier with 'ewikictl --rm "*SsSs*" '

bookmark attacks

"Qiyang" and the other page name are obviously bookmarks on some Windows-using spammers computer, who enjoys visiting major Wiki sites and posting links over and over again. Page flags like read-only help, though I still favour collecting blocking patterns.

malicious link defacements

Hardest to detect are injected external links, if the attacker changes pages and ads an external reference behind ordinary WikiWords or any other links that were on that page before. Usually coupled with adding an innocent looking piece of text somewhere else on that page.

Seen here in the GuestBook. Other/older WikiEngines prevent that they do not allow titles for external links or automatically force (visual) square brackets around those. Some CSS may do the trick for ewiki and allow for distinguishing wiki/internal and external links more easily.