Quote:
What puzzles me about these accounts is that they got past the "security question" but never created any spam content (for which the same questions are used) Quote:
|
Quote:
Therefore, the issue might be on the final PHP script that handles the registration, which should require checking the captcha cookie as well... |
Hi Bernhard,
Yesterday there was a big inflow on new users, mostly dummy ones. I've been reading up on this subject and ended up with the following conclusions:
Best regards, Bruno |
Note: I'm at this moment doing some adjustments to how version templates are created in openfoamwiki.net. I hope to have this resolved in the next 10-20 minutes...
edit: Problem solved, I think... |
Quote:
The title blacklist-extension is not an option I'm afraid. I can't think of a regexp that would block these false users and not leggit users. |
Well, this isn't exactly a solution, but this old cartoon I know of came to mind just know: http://xkcd.com/810/ :rolleyes:
|
Quote:
http://bad-behavior.ioerror.us/suppo...ion/mediawiki/ (Fun fact: did you know that "$IP" is not the same as '$IP' in PHP. Damn. I hate that 'language') Whether this was the case: if there are no new users in the next 24h this would prove two things: a) I should forbid my emacs to open any files ending with .php b) BadBehaviour is working well About xkcd: it is used in the documentation of real programming languages. You don't have to scroll too far down on http://docs.python.org/library/sqlite3.html |
Quote:
Quote:
|
Quote:
I'll keep it in and update it regularly (BB adapted quite well in the past). Add some other things too but will avoid any threshold for leggit new users |
Quote:
I checked with a dummy account: the user shows up on the RecentChanges as soon as he creates the account. But this doesn't mean that he confirmed his eMail and thus can't edit the pages. I found no easy way to check whether these users confirmed their EMail (without inspecting the database). For the time being I assume that they're not confirmed and all is well (I can live with a low single-digit number of bogus users per day) |
Quote:
Not sure how many people are really bothered by these bogus users populating the "Recent Changes" |
Hi Bernhard,
I only have friendly changes on the Wiki-page, which I "run". Have a nice weekend Niels |
Greetings to all!
Quote:
Anyway, I forgot to mention this before, but by what I've seen, Bad Behaviour seems to be acting like it has Alzheimer's or something like that! I say this because there have been days where only one or two dummy users appeared and it seemed to be because at least two real wiki users edited pages! For a single day, Bad Behaviour could tell apart between good guys and bad guys! As soon as a new day starts (or 24h goes by), there they come again... Best regards, Bruno |
Quote:
Anyway. It is not only Bad Behaviour. There are also two blacklist extensions (Project Honeypot and another). The question you all love. SimpleAntiSpam-extension. And a couple of settings that should make the bots slower. (only thing I haven't tried is http://www.mediawiki.org/wiki/Extension:AntiBot) I once had a look at the pseudo-users and their IPs they came from. Never saw an IP twice (not even similar). The only thing that would block most of them would not allowing any connections from China. But that would be a bit extreme I think Only way to clean the "Recent Changes"-history would be to regularily use the "Merge and Delete Users"-extension to "merge away" the dummy-users. But that would have to be done 24/7 ... As long as the users are created but they can not edit it is not that bad. And as I said above: if people have to wait for a manual confirmation to register I'd think "that the terrorists won" |
Quote:
|
Quote:
|
Quote:
Don't know if with some template-trickery this can be made to look similar to RecentChanges (With new/type/old_len/new_len/minor described in http://www.mediawiki.org/wiki/Extension:News#Parameters) or at least be a bit more informative about the type of change done. I'll see whether the community of RSS-users (I'm looking in no particular direction, Anton) improves the feed. Then I'll write lock it and put a reference to it on the front page |
I like it, thanks for your efforts Bernhard! I played around a bit with the parameters, but I think you already found the optimal setup.
- Anton |
Bernhard, I know that Perfect is the enemy of good, but I wonder if the bots would stop registering dummy users if the "Special:RecentChanges" page was now disabled...
|
Quote:
|
All times are GMT -4. The time now is 04:56. |