[OWASP-wiki-editors] Combating SPAM on the wiki - these peeps deserve a special ring of hell

Matt Tesauro matt.tesauro at owasp.org
Tue Apr 19 17:00:10 UTC 2016


A couple of accounts slipped by our screen process for wiki accounts - an
email loop plus the staff reviewing the data provided.  This was during a
deluge or 100's of bogus account requests so understandable.

In cleaning up the SEO link bait created by these wiki spammers, I found
out that the 'standard' wiki clean-up tools didn't work great in this
situation.

The tools will either delete a page only authored by a wiki user or revert
the last edit of that wiki user.

This worked for a couple hundred of the SPAM instances but left a couple
hundred pages which had multiple spammer edits from 2+ wiki accounts.  To
the standard clean-up tools, this looked like a real page with multiple
authors/edits.

After deleting a few of these manually and seeing the scope of that work, I
wrote some code to clean up the mess on our wiki.  I've posted that code to
GitHub so that more then me has access to use it.  I had to run it several
times with new users as it kept leading to new  spammer accounts which
shared edits with the user being cleaned up.  Yes, all users found had
their accounts blocked indefinitely.

You can find the code at
https://github.com/mtesauro/random-docs/tree/master/scripts/mediawiki/spam-cleanup

The bulk of the work is done by clean-spam.sh:
https://github.com/mtesauro/random-docs/blob/master/scripts/mediawiki/spam-cleanup/clean-spam.sh

That code, when run by wrapper.sh will take the first contribution of the
spammer, check if its authored only by spammers (or wiki scripts) and
delete it if that is true.  It logs all its actions and places the URL of
pages that cause problems in a separate file for manual review.

The readme should have everything you need to run it but feel free to ping
me if you have questions.

Cheers!

--
-- Matt Tesauro
OWASP WTE Project Lead
http://www.owasp.org/index.php/Category:OWASP_Live_CD_Project
http://AppSecLive.org - Community and Download site
OWASP OpenStack Security Project Lead
https://www.owasp.org/index.php/OWASP_OpenStack_Security_Project
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-wiki-editors/attachments/20160419/c94e5599/attachment.html>


More information about the OWASP-wiki-editors mailing list