imfdb.org  

Go Back   imfdb.org > The Forum > imfdb

Reply
 
Thread Tools Display Modes
  #1  
Old 05-11-2011, 07:14 AM
MoviePropMaster2008's Avatar
MoviePropMaster2008 MoviePropMaster2008 is offline
IMFDB Admin
 
Join Date: Dec 2008
Location: California
Posts: 1,192
Default MASSIVE VANDAL ATTACK Tues Evening May 10

Bunni needs to just undo all the vandalism that is going to take place tonight when everyone is asleep. It's a massive vandalism attack that a bunch of us have been fighting off.

Bunni:We need to protect ALL PAGES against unregistered users period. This is ridiculous.

I shudder to think how much damage has been done when I wake up in the morning.
Reply With Quote
  #2  
Old 05-11-2011, 08:27 AM
Evil Tim's Avatar
Evil Tim Evil Tim is offline
IMFDB & Forum Admin
 
Join Date: Apr 2011
Location: The surface of the sun
Posts: 740
Default

Well, some of us are still awake and ready to fight the alien foe.

This seems to be the same bot we see here on the forums a lot, set up to agree with itself after posting (the "thanks" message is supposed to make a spam post look legitimate). Couldn't really say why they're putting it on the main wiki, but then most bot pilots aren't native English speakers anyway so they probably have no idea what it's actually saying.

Last edited by Evil Tim; 05-11-2011 at 08:37 AM.
Reply With Quote
  #3  
Old 05-11-2011, 01:46 PM
predator20's Avatar
predator20 predator20 is offline
IMFDB Admin
 
Join Date: Jul 2009
Location: FL
Posts: 767
Default

and I thought I had fun dealing with it last night. I'll try to check back as often as I can, I'm sure others will too.
__________________
A man's got to know his limitations.
Reply With Quote
  #4  
Old 05-11-2011, 01:51 PM
Evil Tim's Avatar
Evil Tim Evil Tim is offline
IMFDB & Forum Admin
 
Join Date: Apr 2011
Location: The surface of the sun
Posts: 740
Default

I posted some of this to Ben41, but I'll repeat it here:

It's obviously someone who knows what they're doing (IP address changing every time (and the range includes Austria, Canada, France, Finland, Greece, Germany, Hong Kong, Japan, Saudi Arabia (!), South Korea, UK, and US so far, suggesting it's a botnet or someone with a big box of proxies), vandalising random pages, edit reasons made using a password generator to stop us blocking based on those) but it seems to just be posting random thankyous to the previous poster, which suggests it's designed to be used on a forum. So it's someone technically competent but totally stupid. :s Blocking IPs and protecting pages isn't really going to do a lot since I haven't seen it use the same IP twice and it seems to just be using the random page function to choose targets. Well, at least until it starts running into IPs it's already used and pages it's already tried to edit. Not sure how it's picking names for new pages.

Also, first port of call should be to protect everything in Category: Templates and all help articles, since they're likely targets if you want to affect a lot of pages; the Bot's already tried it on the incomplete template.

Last edited by Evil Tim; 05-11-2011 at 01:56 PM.
Reply With Quote
  #5  
Old 05-11-2011, 05:38 PM
PistolJunkie's Avatar
PistolJunkie PistolJunkie is offline
Junior Member
 
Join Date: Sep 2010
Location: U.S.
Posts: 25
Default

Quote:
Originally Posted by Evil Tim View Post
Not sure how it's picking names for new pages.
They're all dead links; usually actors with no page or pages that have been deleted, but are still linked to elsewhere.
Reply With Quote
  #6  
Old 05-11-2011, 05:52 PM
Evil Tim's Avatar
Evil Tim Evil Tim is offline
IMFDB & Forum Admin
 
Join Date: Apr 2011
Location: The surface of the sun
Posts: 740
Default

Oh, I see, so it's using random links from Special:WantedPages?

Anons really have no business being allowed to make new pages; we should stop them doing that as well.

Last edited by Evil Tim; 05-11-2011 at 06:04 PM.
Reply With Quote
  #7  
Old 05-11-2011, 06:34 PM
PistolJunkie's Avatar
PistolJunkie PistolJunkie is offline
Junior Member
 
Join Date: Sep 2010
Location: U.S.
Posts: 25
Default

Quote:
Originally Posted by Evil Tim View Post
Oh, I see, so it's using random links from Special:WantedPages?

Anons really have no business being allowed to make new pages; we should stop them doing that as well.
My money is on him (it?) just moving through the links in the pages at random and occasionally hitting a dead link.
Reply With Quote
  #8  
Old 05-11-2011, 06:40 PM
bunni bunni is offline
Site Manager
 
Join Date: Nov 2008
Posts: 167
Default

Quote:
Originally Posted by MoviePropMaster2008 View Post
Bunni needs to just undo all the vandalism that is going to take place tonight when everyone is asleep. It's a massive vandalism attack that a bunch of us have been fighting off.

Bunni:We need to protect ALL PAGES against unregistered users period. This is ridiculous.

I shudder to think how much damage has been done when I wake up in the morning.
I've disabled anonymous editing.

Evil Tim is right though, it's impossible to block that many IP ranges...
__________________
Quote:
Originally Posted by BurtReynoldsMoustache View Post
How much input does Chris Bunni actually give as far as these kinds of decisions go?
Quote:
Originally Posted by MoviePropMaster2008
He doesn't. He just floats around and lets the members of the Imperium decide on the fate of condemned pages. He gave the membership the power and thus trusts us to use it wisely.......
Reply With Quote
  #9  
Old 05-11-2011, 07:19 PM
Evil Tim's Avatar
Evil Tim Evil Tim is offline
IMFDB & Forum Admin
 
Join Date: Apr 2011
Location: The surface of the sun
Posts: 740
Default

Quote:
Originally Posted by PistolJunkie View Post
My money is on him (it?) just moving through the links in the pages at random and occasionally hitting a dead link.
Naw, I'm fairly sure it's using http://www.imfdb.org/wiki/Special:WantedPages as a master list for creating new pages, and probably using the random page function for everything else; I assume it's set to occasionally create a page in case it can slip that past an unobservant admin; it's probably designed to be used on a much bigger wiki where something like that might be lost among the legit changes.

There's only a couple of edits that seem to be targeted (template:incomplete is the obvious one), the rest seem to be entirely random; I can't imagine whoever's piloting this is checking what it's doing very often, or that they speak English. Probably just someone sitting in a foreign spam-factory running these bots in dozens of places at once. I guess the one which this one was supposed to be agreeing with didn't make it, or all the spam messages are getting snarled up by the captcha so it's never posting the things it's supposed to agree with.
Reply With Quote
  #10  
Old 05-12-2011, 12:29 AM
MoviePropMaster2008's Avatar
MoviePropMaster2008 MoviePropMaster2008 is offline
IMFDB Admin
 
Join Date: Dec 2008
Location: California
Posts: 1,192
Default

Quote:
Originally Posted by Evil Tim View Post
Naw, I'm fairly sure it's using http://www.imfdb.org/wiki/Special:WantedPages as a master list for creating new pages, and probably using the random page function for everything else; I assume it's set to occasionally create a page in case it can slip that past an unobservant admin; it's probably designed to be used on a much bigger wiki where something like that might be lost among the legit changes.

There's only a couple of edits that seem to be targeted (template:incomplete is the obvious one), the rest seem to be entirely random; I can't imagine whoever's piloting this is checking what it's doing very often, or that they speak English. Probably just someone sitting in a foreign spam-factory running these bots in dozens of places at once. I guess the one which this one was supposed to be agreeing with didn't make it, or all the spam messages are getting snarled up by the captcha so it's never posting the things it's supposed to agree with.
I don't necessarily buy the random "Spam attack" theory. It's too relentless. It may be a spam attack that was generated randomly but I suspect ill will by a PERSON, perhaps someone who was banned a while ago. It just seems too intent on targeting us over and over and over again. Just a feeling, no basis in fact here. Just a thought.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 08:39 PM.


Powered by vBulletin® Version 3.8.0
Copyright ©2000 - 2022, Jelsoft Enterprises Ltd.