imfdb.org

imfdb.org (http://forum.imfdb.org/index.php)
-   imfdb (http://forum.imfdb.org/forumdisplay.php?f=5)
-   -   MASSIVE VANDAL ATTACK Tues Evening May 10 (http://forum.imfdb.org/showthread.php?t=1734)

MoviePropMaster2008 05-11-2011 07:14 AM

MASSIVE VANDAL ATTACK Tues Evening May 10
 
Bunni needs to just undo all the vandalism that is going to take place tonight when everyone is asleep. It's a massive vandalism attack that a bunch of us have been fighting off.

Bunni:We need to protect ALL PAGES against unregistered users period. This is ridiculous.

I shudder to think how much damage has been done when I wake up in the morning. :mad:

Evil Tim 05-11-2011 08:27 AM

Well, some of us are still awake and ready to fight the alien foe.

This seems to be the same bot we see here on the forums a lot, set up to agree with itself after posting (the "thanks" message is supposed to make a spam post look legitimate). Couldn't really say why they're putting it on the main wiki, but then most bot pilots aren't native English speakers anyway so they probably have no idea what it's actually saying.

predator20 05-11-2011 01:46 PM

and I thought I had fun dealing with it last night. I'll try to check back as often as I can, I'm sure others will too.

Evil Tim 05-11-2011 01:51 PM

I posted some of this to Ben41, but I'll repeat it here:

It's obviously someone who knows what they're doing (IP address changing every time (and the range includes Austria, Canada, France, Finland, Greece, Germany, Hong Kong, Japan, Saudi Arabia (!), South Korea, UK, and US so far, suggesting it's a botnet or someone with a big box of proxies), vandalising random pages, edit reasons made using a password generator to stop us blocking based on those) but it seems to just be posting random thankyous to the previous poster, which suggests it's designed to be used on a forum. So it's someone technically competent but totally stupid. :s Blocking IPs and protecting pages isn't really going to do a lot since I haven't seen it use the same IP twice and it seems to just be using the random page function to choose targets. Well, at least until it starts running into IPs it's already used and pages it's already tried to edit. Not sure how it's picking names for new pages.

Also, first port of call should be to protect everything in Category: Templates and all help articles, since they're likely targets if you want to affect a lot of pages; the Bot's already tried it on the incomplete template.

PistolJunkie 05-11-2011 05:38 PM

Quote:

Originally Posted by Evil Tim (Post 29009)
Not sure how it's picking names for new pages.

They're all dead links; usually actors with no page or pages that have been deleted, but are still linked to elsewhere.

Evil Tim 05-11-2011 05:52 PM

Oh, I see, so it's using random links from Special:WantedPages?

Anons really have no business being allowed to make new pages; we should stop them doing that as well.

PistolJunkie 05-11-2011 06:34 PM

Quote:

Originally Posted by Evil Tim (Post 29021)
Oh, I see, so it's using random links from Special:WantedPages?

Anons really have no business being allowed to make new pages; we should stop them doing that as well.

My money is on him (it?) just moving through the links in the pages at random and occasionally hitting a dead link.

bunni 05-11-2011 06:40 PM

Quote:

Originally Posted by MoviePropMaster2008 (Post 29005)
Bunni needs to just undo all the vandalism that is going to take place tonight when everyone is asleep. It's a massive vandalism attack that a bunch of us have been fighting off.

Bunni:We need to protect ALL PAGES against unregistered users period. This is ridiculous.

I shudder to think how much damage has been done when I wake up in the morning. :mad:

I've disabled anonymous editing.

Evil Tim is right though, it's impossible to block that many IP ranges...

Evil Tim 05-11-2011 07:19 PM

Quote:

Originally Posted by PistolJunkie (Post 29022)
My money is on him (it?) just moving through the links in the pages at random and occasionally hitting a dead link.

Naw, I'm fairly sure it's using http://www.imfdb.org/wiki/Special:WantedPages as a master list for creating new pages, and probably using the random page function for everything else; I assume it's set to occasionally create a page in case it can slip that past an unobservant admin; it's probably designed to be used on a much bigger wiki where something like that might be lost among the legit changes.

There's only a couple of edits that seem to be targeted (template:incomplete is the obvious one), the rest seem to be entirely random; I can't imagine whoever's piloting this is checking what it's doing very often, or that they speak English. Probably just someone sitting in a foreign spam-factory running these bots in dozens of places at once. I guess the one which this one was supposed to be agreeing with didn't make it, or all the spam messages are getting snarled up by the captcha so it's never posting the things it's supposed to agree with.

MoviePropMaster2008 05-12-2011 12:29 AM

Quote:

Originally Posted by Evil Tim (Post 29024)
Naw, I'm fairly sure it's using http://www.imfdb.org/wiki/Special:WantedPages as a master list for creating new pages, and probably using the random page function for everything else; I assume it's set to occasionally create a page in case it can slip that past an unobservant admin; it's probably designed to be used on a much bigger wiki where something like that might be lost among the legit changes.

There's only a couple of edits that seem to be targeted (template:incomplete is the obvious one), the rest seem to be entirely random; I can't imagine whoever's piloting this is checking what it's doing very often, or that they speak English. Probably just someone sitting in a foreign spam-factory running these bots in dozens of places at once. I guess the one which this one was supposed to be agreeing with didn't make it, or all the spam messages are getting snarled up by the captcha so it's never posting the things it's supposed to agree with.

I don't necessarily buy the random "Spam attack" theory. It's too relentless. It may be a spam attack that was generated randomly but I suspect ill will by a PERSON, perhaps someone who was banned a while ago. It just seems too intent on targeting us over and over and over again. Just a feeling, no basis in fact here. Just a thought.


All times are GMT. The time now is 11:39 PM.

Powered by vBulletin® Version 3.8.0
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.