[OWASP-wiki-editors] Combating SPAM on the wiki - these peeps deserve a special ring of hell
matt.tesauro at owasp.org
Tue Apr 19 17:00:10 UTC 2016
A couple of accounts slipped by our screen process for wiki accounts - an
email loop plus the staff reviewing the data provided. This was during a
deluge or 100's of bogus account requests so understandable.
In cleaning up the SEO link bait created by these wiki spammers, I found
out that the 'standard' wiki clean-up tools didn't work great in this
The tools will either delete a page only authored by a wiki user or revert
the last edit of that wiki user.
This worked for a couple hundred of the SPAM instances but left a couple
hundred pages which had multiple spammer edits from 2+ wiki accounts. To
the standard clean-up tools, this looked like a real page with multiple
After deleting a few of these manually and seeing the scope of that work, I
wrote some code to clean up the mess on our wiki. I've posted that code to
GitHub so that more then me has access to use it. I had to run it several
times with new users as it kept leading to new spammer accounts which
shared edits with the user being cleaned up. Yes, all users found had
their accounts blocked indefinitely.
You can find the code at
The bulk of the work is done by clean-spam.sh:
That code, when run by wrapper.sh will take the first contribution of the
spammer, check if its authored only by spammers (or wiki scripts) and
delete it if that is true. It logs all its actions and places the URL of
pages that cause problems in a separate file for manual review.
The readme should have everything you need to run it but feel free to ping
me if you have questions.
-- Matt Tesauro
OWASP WTE Project Lead
http://AppSecLive.org - Community and Download site
OWASP OpenStack Security Project Lead
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the OWASP-wiki-editors