Saturday, August 05, 2006

Hacked Server

Parts of my playground site, (not the more important, have been down since July 26 or 27. I am finally mostly through recovering and reinstalling things (I think). I was away from home when I got the email that the entire server had been compromised. According to my host it was due to a bug in Fantastico Application Installer which allowed a hacker to replace all the index pages on everyone's accounts with some anti-war propaganda.

The root page of my site that listed antispam RSS feeds headlines is gone thanks to my host having just backed up the hacked files before realizing anything was wrong and me not being able to find my offline copy. Maybe I will see if I can set it up again some day, but for now I am happy I finally got everything else mostly back to normal. If you want a great host, be sure not to choose mine. It is dirt cheep at $25 a year, but you get what you pay for.

All the wiki spam I have been collecting on the honeypot wiki is fine. Since the site has been down for about a week and a half I decided it was a good time to clean up the spam and start fresh. I reverted or blanked a total of 27 different pages. At least 10 of those were talk pages spammers created. Here are the pages with the top numbers of revisions (very few of those are reverts):
  1. Main Page (204 revisions)
  2. Wiki Spam Collection (56 revisions)
  3. CSS Hidden Spam (42 revisions)
  4. My spam blacklist (25 revisions)
  5. Suggestions (21 revisions)
  6. Google Spam (15 revisions)
  7. Spam Caught Here (13 revisions)
  8. First Spam (11 revisions)
  9. Spam (8 revisions)
I would like to do some more detailed analysis of the spamming patterns (knowing me I won't get around to it), but from those numbers at least one thing is clear. Spammers like the main page a lot. That makes the suggestion to lock your main page sound like a really good one. Most of the time your main page is going to be pretty static anyway.

Spam is never a reason to protect your main page. There are so many ways around spam that do not involve resorting to the harmful practice of locking down your wiki.

Do you really want the most popular page of your site to be one that can't be edited? Have you considered the effect this has on people who don't fully understand wikis? The page tells them they can edit the site, but when they try it on that page, they actually can't, giving them the impression that the site is not open to editing, or even that they are not welcome as an editor there.

If this were a wiki, not a blog, I'd edit it to say "this makes the suggestion to watch your main page sound like a really good one." By watching the page, you can quickly find spam in order to blacklist it, preventing it spreading to pages you are less likely to be watching.

There's no need for a main page to be static. It should serve to highlight your wiki's best content, and be frequently updated so it actually serves as a useful portal to your site.
As I am sure you know, static and protected are two different things. Those with appropriate permissions can edit the main page. Obviously this won't work for all wikis, but for the vast majority the main page/home page is not modified very often.

The main page is usually a page possibly describing the purpose of the wiki and giving links to the most interesting areas. For that purpose it does not need to be editable by everyone who uses the wiki.

Watching the main page really only does any good if you are online often to revert the spam. Hopefully most wiki owners are not addicted to the internet so much that they would be able to do that.

I would much rather have the main page locked than have it full of spam or even totally replaced by spam. How does that help users?

The worry that new users will be confused by not being able to edit that page and think they can't edit anything is something to consider. Locking the front page is far more desirable than locking the entire wiki which really is harmful.

Your work with large very open wikis I think distorts your view. There are different needs between the few huge very active wikis and the other 90% of wikis. MediaWiki's take on spam seems to be that given enough users it is not a problem. That is fine for active wikis, but is not an option for small low traffic ones.
found my spammed doorway pages at MainPage history. Thanks Joe.
Already removed your domain from my wiki spam list.
What about pattern, i use intellectual spammer - that determinies how post link in html bb code or as plain.
Post a Comment

<< Home