Post Friends My journal
kerryveenstra

3.9 Gigabytes of Link Spam

Apr 24, 2011 17:01



I use a wiki to organize group events. My wiki has about 15 pages, one per event. So I was surprised to discover that a search-engine optimization company had decided to use my wiki for link spam. According to the MySQL control panel, kerryveenstra.com has hosted a history of 3.9 gigabytes of link spam consisting of 280,000 pages and 6,000 users!

Or, that is to say, I did host such spam.

Although this post goes to so few people, if you happen to discover that your MediaWiki-based wiki has been taken over by SEO bots, here's what to do.


  1. Restrict page edits to registered users only: Yes, you can do this on a page-by-page basis through the GUI, but to make the change globally, edit LocalSettings.php, and at the end of the file add the line $wgGroupPermissions['*']['edit'] = false;.
  2. Disable self-registration of new users: Since there is no GUI setting for this one either, at the end of LocalSettings.php add the line $wgGroupPermissions['*']['createaccount'] = false;.
  3. Make a list of all of your site's legitimate users: Why? Because you're about to invalidate all of your illegitimate users! Visit all of your pages' history tabs, and create a user-name list of all legitimate users who made an edit.
  4. Change the passwords of all illegitimate users, and clear their email addresses so that they can't request new passwords: You don't want the spambots logging in again, and a simple way to keep them out is to go to your wiki's MySQL database and type this command:
    update wiki_user
    set user_password = '11112222333344445555666677778888',
    user_email = ''
    where not (user_name = 'MediaWiki default'
    or user_name = 'WikiSysop'
    or user_name = 'FirstGoodUser'
    or user_name = 'SecondGoodUser'
    );.
  5. Clear the text of all page revisions that were edited by bots: You certainly didn't want the bots' clients to benefit from link spam that already is on your site, right? And so while you are editing your wiki's MySQL database, type this command:
    update wiki_revision r, wiki_text t
    set t.old_text = ''
    where r.rev_text_id = t.old_id
    and not (r.rev_user_text = 'MediaWiki default'
    or r.rev_user_text = 'WikiSysop'
    or r.rev_user_text = 'FirstGoodUser'
    or r.rev_user_text = 'SecondGoodUser'
    );
  6. Finally, you need to clear the page cache. There is no global GUI mechanism, but in the version of MediaWiki that I have, editing LocalSettings.php resets the cache's epoch. So just touch the file. If that doesn't work, try this.

And there you have it! I didn't try to clear the titles of the spam pages, but if you want to, add wiki_page p to the join of step 5, join on p.page_id = r.rev_page, and set p.page_title = ''. For more info, see the MediaWiki's database schema.
Leave a comment

Previous post Next post
Up
Homepage Read journal... Full version Help Русская версия
© 1999-2025 LiveJournal, Inc.