MASSIVE VANDAL ATTACK Tues Evening May 10

[Evil Tim]

I posted some of this to Ben41, but I'll repeat it here:

It's obviously someone who knows what they're doing (IP address changing every time (and the range includes Austria, Canada, France, Finland, Greece, Germany, Hong Kong, Japan, Saudi Arabia (!), South Korea, UK, and US so far, suggesting it's a botnet or someone with a big box of proxies), vandalising random pages, edit reasons made using a password generator to stop us blocking based on those) but it seems to just be posting random thankyous to the previous poster, which suggests it's designed to be used on a forum. So it's someone technically competent but totally stupid. :s Blocking IPs and protecting pages isn't really going to do a lot since I haven't seen it use the same IP twice and it seems to just be using the random page function to choose targets. Well, at least until it starts running into IPs it's already used and pages it's already tried to edit. Not sure how it's picking names for new pages.

Also, first port of call should be to protect everything in Category: Templates and all help articles, since they're likely targets if you want to affect a lot of pages; the Bot's already tried it on the incomplete template.

[PistolJunkie]

Quote:

Originally Posted by Evil Tim

Not sure how it's picking names for new pages.

They're all dead links; usually actors with no page or pages that have been deleted, but are still linked to elsewhere.

[Evil Tim]

Oh, I see, so it's using random links from Special:WantedPages?

Anons really have no business being allowed to make new pages; we should stop them doing that as well.

[PistolJunkie]

Quote:

Originally Posted by Evil Tim

Oh, I see, so it's using random links from Special:WantedPages?

Anons really have no business being allowed to make new pages; we should stop them doing that as well.

My money is on him (it?) just moving through the links in the pages at random and occasionally hitting a dead link.

[Evil Tim]

Quote:

Originally Posted by PistolJunkie

My money is on him (it?) just moving through the links in the pages at random and occasionally hitting a dead link.

Naw, I'm fairly sure it's using http://www.imfdb.org/wiki/Special:WantedPages as a master list for creating new pages, and probably using the random page function for everything else; I assume it's set to occasionally create a page in case it can slip that past an unobservant admin; it's probably designed to be used on a much bigger wiki where something like that might be lost among the legit changes.

There's only a couple of edits that seem to be targeted (template:incomplete is the obvious one), the rest seem to be entirely random; I can't imagine whoever's piloting this is checking what it's doing very often, or that they speak English. Probably just someone sitting in a foreign spam-factory running these bots in dozens of places at once. I guess the one which this one was supposed to be agreeing with didn't make it, or all the spam messages are getting snarled up by the captcha so it's never posting the things it's supposed to agree with.

[MoviePropMaster2008]

Quote:

Originally Posted by Evil Tim

Naw, I'm fairly sure it's using http://www.imfdb.org/wiki/Special:WantedPages as a master list for creating new pages, and probably using the random page function for everything else; I assume it's set to occasionally create a page in case it can slip that past an unobservant admin; it's probably designed to be used on a much bigger wiki where something like that might be lost among the legit changes.

There's only a couple of edits that seem to be targeted (template:incomplete is the obvious one), the rest seem to be entirely random; I can't imagine whoever's piloting this is checking what it's doing very often, or that they speak English. Probably just someone sitting in a foreign spam-factory running these bots in dozens of places at once. I guess the one which this one was supposed to be agreeing with didn't make it, or all the spam messages are getting snarled up by the captcha so it's never posting the things it's supposed to agree with.

I don't necessarily buy the random "Spam attack" theory. It's too relentless. It may be a spam attack that was generated randomly but I suspect ill will by a PERSON, perhaps someone who was banned a while ago. It just seems too intent on targeting us over and over and over again. Just a feeling, no basis in fact here. Just a thought.

[Rockwolf66]

If it was targeted I would rule out Burt as his english comprehention is too good for him to be the spammer.

Then again we have the spambot annoying us since at least as long as I've been here. Given the nature of the site we might be getting crap from a brady supporter...wouldn't suprise me as we all know of their personal integrity.


Sorry I'm rambling but usually it's annoying but last night was way too much. We needed every mod we had and then some.

With bunni preventing anonymos postings then they have to create accounts which will slow them down and then we can ban the accounts as we find them.

[mjp28]

Quote:

Originally Posted by MoviePropMaster2008

I don't necessarily buy the random "Spam attack" theory. It's too relentless. It may be a spam attack that was generated randomly but I suspect ill will by a PERSON, perhaps someone who was banned a while ago. It just seems too intent on targeting us over and over and over again. Just a feeling, no basis in fact here. Just a thought.

That may be it, I'm a mod on another sports board, we set up tougher bot proof rules to get on plus daily just zap out new questionable joiners, they generally just fade away.

I check the domains and other things....but I still like to zap them out.

[Evil Tim]

Quote:

Originally Posted by MoviePropMaster2008

I don't necessarily buy the random "Spam attack" theory. It's too relentless. It may be a spam attack that was generated randomly but I suspect ill will by a PERSON, perhaps someone who was banned a while ago. It just seems too intent on targeting us over and over and over again. Just a feeling, no basis in fact here. Just a thought.

I used to admin a much bigger site; certainly a human can register this fast, especially if they have, say, an entire college computer lab that isn't occupied or a service that assigns them a different IP every time they connect (we had a guy who we ultimately had to ban the ISP for most of Australia to get, then the story got picked up by the Aussie press and he made the mistake of posting from his school; apparently our spammer was summoned to the headmaster's office and he never bothered us again).

The trouble is, I can't see why an angry human would be spamming something so utterly banal as thankyous rather than, say, replacing the image on template:incomplete with a shock site image or replacing high-traffic gun images with really gross porn. It's just too minor to strike me as the work of a dedicated vandal rather than a mindless bot that isn't working the way it should.