For a while now, I’ve seen very insistent wiki spam on both wikis I maintain, and no doubt on many other wikis I haven’t checked.

The spammer is the same in most cases. Uses a never ending stream of new IP addresses (most likely proxies), and keeps overwriting his own edits. The end result is that you can’t use the rollback feature on MediaWiki, unless you keep diligent watch all day long.

The most effective way I’ve seen of reverting the edits, is to find the last unaffected edit before he started spamming in diff mode, click on that revision then click edit and save.

I’ve locked (protected) most of the talk pages, adding a piece of text asking people to edit a universal talk page. That won’t work for very busy wikis, which hopefully have other spam filtering in place. I’ve never seen spam on wikibooks, for instance.

The latest wave of spam is typical genre porn. Affiliate links are hidden deep in the pages. The latest links have been on .cn pages. Few wikis would have any interest in .cn links, so the hold TLD might be worth adding to the blacklist.

Most of the spam is today on this IP: 203.116.63.123. It’s from Starhubinternet in Singapore. One of the domains is registered through Estdomains:

N/A
Henry Verinton (support@gay-pornclub.com)
Manfred Av. 34
Huntsville
Alabama,35801
US
Tel. +001.8003867409

Another (Chinese) domain has this info:

Registrant name: OpobaUjojo
E-mail: o_ujojo@yahoo.com

Update: The barrage of wiki spam became too much work. I’ve set the wiki to only accept edits from logged in users. New: Only to discover that wasn’t enough. The MediaWiki setting I used only hides the edit tab for unregistered users, unless you go to for instance diff pages (the edit tab is visible there), and it probably doesn’t stop unregistered users from “guessing” the edit URL.

This entry was posted on Wednesday, September 26th, 2007 at 4:30 pm and is filed under Wiki spam. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.