"Wikitravel has a speed and convenience the books' publishers can only envy." Time Europe

Tech:Spambots

From Wikitravel Shared
Jump to: navigation, search

This is the bug report page for the current spambot-spawning issue that the 1.17.5 patch was installed to remediate, but apparently did not. Please edit as necessary, as this page is cobbled together from many pages in various locations in an attempt to create a central repository for technicians to work from in resolving this. Thank you,--IBobi talk email 19:21, 6 August 2012 (EDT)

What happens[edit]

Pages that are obviously spambot creations have shown up as credited to non-spambot users.

When it happens[edit]

What should happen[edit]

How to fix it[edit]

A question: why can one user create a user account for another user? I realize it's just a type of page creation, like content pages or bug report pages, which any user can create, but what is the point of this functionality existing to create new user accounts? And the second part of the question is, if we disable that (if possible), wouldn't it solve the issue of spam accounts being spawned by spambots?--IBobi talk email 13:32, 7 August 2012 (EDT)

Is it even clear how a spambot is creating another account? Per [1] this functionality was never implemented in the Mediawiki API, so it's not clear to me how it's being done. Without knowing how it's happening it's tough to say whether disabling that functionality would break anything else. -- Ryan 13:35, 7 August 2012 (EDT)
That's why we want to do this; it seems clear that this functionality does in fact exist -- we certainly didn't write custom code to do this -- and in theory deprecating it should eliminate the bug and nothing else. Performance impact should be nil, and we can always switch it back. Without a strong objection, given the nature of the spambot exploit, I'd like to do this sooner rather than later. Anything you can think of as far as messaging, other than this?--IBobi talk email 14:08, 7 August 2012 (EDT)
One clarification: disabling the functionality likely won't fix the bug - spambots have still been able to impersonate other users, and the account creation process is just one aspect of that issue. I still have my original question though - if you guys are proposing to turn off this functionality, then you must know how it is possible currently for one user to create an account for another - how is that done? I doubt that functionality is needed, but since no one seems to know how an account is created for another user it's impossible to know whether it might be part of functionality that is used for other purposes. -- Ryan 17:35, 7 August 2012 (EDT)
It's been done. How's it look?--IBobi talk email 18:00, 8 August 2012 (EDT)
In the user creation log on :en, I currently see two users that were created by another user after you posted that update, User:Linnj2nv0 and User:Alxspncr. -- D. Guillaime 00:36, 9 August 2012 (EDT)
It's even worse today, and now I see regular users' accounts being hijacked to make spam edits. Is it a matter of time before spambots start using admin functions? Maybe range blocks? I don't want my contributions history screwed up with spambots edits, personally. --Peter Talk 11:13, 9 August 2012 (EDT)

Peter, where do you see that? I don't see you or other regular users having done that; is there a log of those?--IBobi talk email 13:35, 9 August 2012 (EDT)

I'm almost sure this is such a case: See en:Special:Contributions/Faust38 and his/her user log [2], who has a good, normal edit, plus a spam edit for insurance accompanied by a user creation for a spam insurance account. I plan on blocking my own accounts and unblocking them to edit only when I'm at the computer. Having spent so much time keeping spambots from hurting our site, it would leave a foul taste in my mouth to have spambot edits credited to my account... --Peter Talk 17:12, 9 August 2012 (EDT)
I see your point, and I appreciate your forbearance; this particular case, I'm inclined to believe, as it is a new user, that this may just be a canny spammer. Thoughts?--IBobi talk email 17:46, 9 August 2012 (EDT)
The spam edit and especially the account creation (I don't even know how a registered user creates another user) follow current spambot patterns to a tee, while I have never in all my years of editing here seen a spambot operator actually use an account manually. To put a number to my degree of certainty, I'd say around 97-8%. --Peter Talk 22:36, 9 August 2012 (EDT)
I agree, it would be very unusual. On the plus side, I do not see any *verified* spoofing that has occurred since 8/7/12 (andrecarrotflower), so I am wondering if that's all over...--IBobi talk email 13:25, 10 August 2012 (EDT)
For a more verifiable form, consider en:Special:Contributions/General, at least until someone deletes the spambot articles created under that account. Lots of hotel marketer edits over the course of one week several months ago, then two full-on spam articles created today. -- D. Guillaime 01:08, 18 August 2012 (EDT)
...also, from a much more recent genuine contributor, en:Special:Contributions/NAINTOURS / en:Special:DeletedContributions/NAINTOURS. I'd call that verified spoofing. (Perhaps I can even save this page without hitting a php error again....) -- D. Guillaime 13:52, 19 August 2012 (EDT)

I have been logged in as another user (not a spambot) a handful of times over the last few days. I don't get any error messages in red boxes. I enter my login info and after hitting enter, I am logged in as another user. AHeneen 19:26, 17 August 2012 (EDT)

What user? Do you have a screenshot?--IBobi talk email 19:28, 17 August 2012 (EDT)

Yesterday, I think it was "Felix" followed by 3-4 numbers. When I went to login today, I got a "permission error" and was logged in as you! AHeneen 15:34, 18 August 2012 (EDT)

LoginError AHeneen.jpg

And "User:Hennejohn" today. AHeneen 15:29, 20 August 2012 (EDT)

Cacheing error we have fixed; no user was ever actually logged in as another user -- that false login screen appeared once and any pages viewed or edited were done as yourself. Thanks for reporting,--IBobi talk email 19:17, 20 August 2012 (EDT)

Your assertion seems at odds with: [3] [4]. --Peter Talk 20:51, 20 August 2012 (EDT)

Additional comments[edit]

Please see existing page sources for this issue:

http://wikitravel.org/en/User_talk:AHeneen#Spam_page

http://wikitravel.org/en/User_talk:Ikan_Kekek#Block_ID_.2310618

http://wikitravel.org/en/Wikitravel_talk:How_to_handle_unwanted_edits#Important_-_blocking_spambots

It's also worth noting that a significant number of edits from obviously different users on English Wikitravel are being attributed to an internal IP address - see en:Special:Contributions/10.17.32.138. I have no idea if that's related, but it's definitely a sign that something is very wrong. -- Ryan 23:18, 6 August 2012 (EDT)
That one was reported as fixed yesterday; I don't see any contributions from that IP today. Please let me know if you see that continue/start again. Thank you--IBobi talk email 13:31, 7 August 2012 (EDT)

Sign below, please[edit]

--IBobi talk email 19:21, 6 August 2012 (EDT)

Variants

Actions

In other languages