Wiki Spam

[tongodeon]

I recently upgraded the RMCS Wiki to MediaWiki 1.5. I also found a lot of wiki spam: hidden code that sends PageRank bumps for a whole list of prescription drugs that would probably be a useful shopping list for someone. Every edit came from a unique IP address, so blocking IPs wouldn't have worked. If you've installed a wiki you might want to

Comments

[sysd]

AJAX is nice, but I tend to omit the X part. As long as I control both sides of the frame, I have little incentive to transmit the data via XML, which must be then decoded. Instead, I tend to have javascript handlers on the client side being punched by javascript being generated on the server side.

One thing you'll want to be careful about, whether you're working with AJAX or simple "AJ", is your permissions. If you're doing Javascript to Javascript, you'll want to make sure your document.domains are equal. With AJAX, it doesn't matter: the domains must be identical, period. This makes sense when you realize that you are reading the contents of another document via Javascript - imagine the mischief that could happen on, say, Livejournal, if I could take the properly formatted XHTML of someone else's journal and screw with it as I pleased, sending information to God only knows where.

[phlegm_noir]

Some folks who used the old ion wiki were pretty sure their attackers were sentient humans, and that requiring logins didn't solve the problem. I don't know if that's the case with the RMCS wiki, though it looks like someone went to a lot of trouble to remove the spam until giving up recently.

[tongodeon]

There's apparently a spam blacklist although I'm not quite sure how it works.

[tongodeon]

Never mind, I figured it out.

The really cool thing about this is that the blacklist (or part of it) is kept globally by the mediawiki maintainers, so nobody has to micromanage their own private blacklist.