Difference between revisions of "Spam Attack"
From Wiki History Database
| Line 1: | Line 1: | ||
| − | + | This wiki has been spammed. As soon as it showed up on Google even a little bit, it got attacked. I reacted by blocking all account creation, so this is no longer a wiki. It's just a "blog on steroids." I prefer to use my energy creating content (even though virtually no one reads any of it) than fighting spammers. | |
| + | |||
| + | ==The Attacks== | ||
| + | The spamming started at the end of September, when this site started to show up just a little bit on Google. I only discovered it a week later. The spammers were discrete, to avoid killing the hen that lays the golden eggs, as it were. (Seen any golden eggs around here lately?) And fortunately the site had been configured to require creating an account before editing. | ||
I quickly modified the LocalSettings.php file to allow account creation only by WikiSysop. I then logged on as WikiSysop and blocked one by one all 8 unwanted users, each of whom seemed to have lain only one golden egg. I consulted "All Pages," and with a bit of work created the following record: | I quickly modified the LocalSettings.php file to allow account creation only by WikiSysop. I then logged on as WikiSysop and blocked one by one all 8 unwanted users, each of whom seemed to have lain only one golden egg. I consulted "All Pages," and with a bit of work created the following record: | ||
| Line 22: | Line 25: | ||
And how did the spammers create new pages, without first making a link in an existing page? | And how did the spammers create new pages, without first making a link in an existing page? | ||
| − | [[Category: | + | ==Statistics about the Spammers== |
| + | The statistics about visitors to this site are furnished by the server-provider Ouvaton, who gets them from a professional group. They are rather incomplete and difficult to interpret, since what is shown is often the server and not the individual computer, and since visits from one host on multiple days are often grouped together. | ||
| + | |||
| + | I've listed below only the visitors from China (as identified by the string ".cn" at the end of the address), since they are easiest to identify as probable spammers. | ||
| + | |||
| + | *Hosts -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- Pages -- Hits -- Date last visit | ||
| + | *38.167.37.58.broad.xw.sh.dynamic.163data.com.cn -- -- 3 -- 3 -- 17 Oct 2007 | ||
| + | *207.49.109.125.broad.wz.zj.dynamic.163data.com.cn -- -- 9 -- 30 -- 16 Oct 2007 | ||
| + | *179.163.37.58.broad.xw.sh.dynamic.163data.com.cn -- -- 3 -- 3 -- 13 Oct 2007 | ||
| + | *69.146.143.219.broad.bj.bj.dynamic.163data.com.cn -- -- 1 -- 1 -- 12 Oct 2007 | ||
| + | *58.158.143.219.broad.bj.bj.dynamic.163data.com.cn -- -- 1 -- 1 -- 10 Oct 2007 | ||
| + | *10.170.37.58.broad.xw.sh.dynamic.163data.com.cn -- -- 3 -- 3 -- 10 Oct 2007 | ||
| + | *135.175.37.58.broad.xw.sh.dynamic.163data.com.cn -- -- 3 -- 3 -- 04 Oct 2007 | ||
| + | *43.146.212.58.broad.nj.js.dynamic.163data.com.cn -- -- 3 -- 3 -- 01 Oct 2007 | ||
| + | *43.146.212.58.broad.nj.js.dynamic.163data.com.cn -- -- 13 -- 13 -- 30 Sep 2007 | ||
| + | *110.145.212.58.broad.nj.js.dynamic.163data.com.cn -- -- 5 -- 5 -- 30 Sep 2007 | ||
| + | |||
| + | The dates of the visits line up perfectly with the dates of the spammings on 30 Sep and 01 Oct. But the Chinese spammer of 05 Oct is unlisted. Perhaps this was the visitor of 04 October, shown on a different date because of the time difference? Or perhaps the statistics for these visits got grouped with later visits from the same spammer. | ||
| + | |||
| + | What about the visitors after the 05 October? I blocked all new account creation, so these visits might be: | ||
| + | |||
| + | *Random hits generated by the fact that the site is listed on the Chinese google | ||
| + | *Visits from the previous spammers coming back to try again (and foiled, haha) | ||
| + | *Visits from potential new spammers coming for a first try (and foiled, haha) | ||
| + | |||
| + | There seems no way to know what category the new visits belong to. I could always allow new accounts just to try to observe who does what... | ||
| + | |||
| + | [[Category:Blog Linked Pages]] | ||
