Wiki Maintainers: Combat Spam?

I maintain the 3DGE wiki, and last night I went to sleep, woke up, and there's so many spam pages and users that were created it's going to take a long time to clean up. I have the extension "ConfirmEdit" but it doesn't seem to do anything, I've added it into LocalSettings as well. Also tried adding a CAPTCHA but that too fails to work...not sure what I'm doing wrong.

Any advice or tips would be appreciated. =)

ConfirmEdit/CAPTCHA might not always be spam proof for reasons I just don't know. Perhaps there are other programs you can use? It might be best to have other admins help assist you in the "clean up process" of your 3DGE wiki. I know for a fact that there are plenty of moderators/admins that maintain the Doom wiki and they are typically up-to-date on cleaning up piss poor articles and removing spammers.

I'm not all that savvy on wiki stuff, but I hope my advice helps :)

I recommend getting AbuseFilter. In conjunction, you can use TitleBlacklist to prevent bots from registering accounts (that's the main use on the ZDoom wiki). The Doom Wiki also uses AntiBot, AntiSpoof, SpamBlacklist, and the more controversial FlaggedRevs.

Despite all that, we still get some spam, but it's manageable.

Gez has the solution.

My company has had to maintain a lot of 'standardized' things. Nothing but spam. In fact we've done away with such forums to discover our traffic took a giant hit. We've had to come up with our own stuff that isn't standardized and then we've had no problems.

As for capacha, one of our designers has broken the capacha code.

Tell me about it. The Chocolate Doom wiki has been a spam target for pretty much the entire time that it's been up. Even though I banned anonymous edits and forced registrations, spam bots register accounts so they can flood it with garbage.

A while ago I put the ConfirmEdit extension in place to try to stop registrations. I used Doom trivia questions, with the idea that any Doom fan would know the answers to these questions or at least be able to look them up with a quick Google search. This worked for a few months but it seems that the spammers are just looking up the answers manually. I went through a couple of rounds of this where I changed the questions but now I've given up. For posterity, these are the questions I used:

#$wgCaptchaQuestions[] = array( 'question' => "Name the monster in Doom that looks like a flying skull.", 'answer' => "lost soul" );
#$wgCaptchaQuestions[] = array( 'question' => 'Name the red floating monster that appears in Doom.', 'answer' => 'cacodemon' );
#$wgCaptchaQuestions[] = array( 'question' => "Give the two-letter name of the company that created Doom.", 'answer' => "id" );
#$wgCaptchaQuestions[] = array( 'question' => "How many episodes are in Ultimate Doom?", 'answer' => "4" );
#$wgCaptchaQuestions[] = array( 'question' => "Complete the name of this Doom weapon: CHA-NG-N", 'answer' => "CHAINGUN" );
#$wgCaptchaQuestions[] = array( 'question' => "Complete the name of this Doom weapon: B-G9-00", 'answer' => "BFG9000" );
#$wgCaptchaQuestions[] = array( 'question' => "Complete the name of this Doom weapon: SH-TG-N", 'answer' => "SHOTGUN" );
#$wgCaptchaQuestions[] = array( 'question' => "Which weapon is less powerful: Shotgun or BFG?", 'answer' => "Shotgun" );
#$wgCaptchaQuestions[] = array( 'question' => "The marine on the Doom title screen has what weapon?", 'answer' => "Shotgun" );
#$wgCaptchaQuestions[] = array( 'question' => "Final Doom was made by which mapping team?", 'answer' => "TeamTNT" );
#$wgCaptchaQuestions[] = array( 'question' => "What year was Doom released?", 'answer' => "1993" );
#$wgCaptchaQuestions[] = array( 'question' => "Name the first level of Doom 1.", 'answer' => "Hangar" );
#$wgCaptchaQuestions[] = array( 'question' => "Name the first level of Doom 2.", 'answer' => "Entryway" );
#$wgCaptchaQuestions[] = array( 'question' => "True or false: wiki spammers are terrible people who make the world a worse place?", 'answer' => "true" );

Funny and kind of sad to imagine people actually looking up Doom trivia to post junk to someone else's wiki. I don't know which questions they answered, but the idea that maybe they answered the last question on the list gives me a chuckle.

As for visual CAPTCHAs, I'm not convinced that they're worth it any more. I've heard that there are services that allow spammers to basically pay a few cents to people in India who sit around solving CAPTCHAs all day. When you have something like that, it's trivial to automate wiki spamming, especially for a common system like ReCAPTCHA.

As of a few days ago I've ditched the questions and replaced them with a single question required for registration: enter a password that I personally give you via email. Sad state of affairs but the best approach I can think of at the moment.

Make something custom, or use something that isn't widely used. If you use the most popular version of any anti-spam plugin, it's only a matter of time before someone finds a way around it. Use something obscure. I've had a spam free phpBB forum for years now, but couldn't figure out how to transfer the same system to wikimedia software because I'm not a coder.

The standardized systems we used were abused in different ways. The forums and online stores would get auto spam bots that would make a pronsite name like 'porn_dot_com' and enter a real email address. The email would then arrive saying hey porn_dot_com thanks for signing up!

It went on for years, before we did custom things. We'd get emails from people saying stop spam them. It was clogging our email systems. We told our server guys about it, but well they either just didn't care or they were too incompetent to find out why the system was being clogged.

Eventually after doing away with the forum it saved us 1 GB of emails per day I think per site and around 100,000 hits per day per site. Some of the clients freaked out since hits = potential money. We fired the two server guys and hired new ones for being too stupid to solve the problem years ago. One of them defended himself by saying 'problem solving wasn't part of the job.'

Wow, that's ridiculous Geo. Well at least you guys got the problem solved. :)

As it turns out, the spammers that were attacking were actually attacking another domain on my server (wiki.3dfxdev.net) and it ended up DDOSing pretty bad. As soon as we locked that old crusted up thing, the attacks stopped. That's why the server was slowing to a crawl, among other things. Never had anyone do that to my server before, and I hope it's just a random spam thing.

Anyways, these were great suggestions! Wikis are a great alternative to building a full website which I have absolutely no room in my schedule for. Andrew ended up giving me the source code to the old EDGE website but rather than fiddle with that I'm just going to plug at the Wiki and make news posts on my phpBB forums, and just link together that way.

I will privmsg you the QuestyCaptcha code that is used on DoomWiki.org; it must be placed in LocalSettings.php after require_once("$IP/extensions/ConfirmEdit/ConfirmEdit.php") and require_once("$IP/extensions/ConfirmEdit/QuestionCaptcha.php"). Set $wgCaptchaClass = 'QuestyCaptcha';

Any other captcha is broken, and using a fixed list of questions like fraggle's is no good - spam companies pay people in India and China 1 cent per question to look up the answers to these and then they add them to their bots or send actual human spammers. It took two weeks before human spammers in Hyderabad India were using all the actual captcha answers the last time before I recoded it to be randomly generated. I will NOT share my code for this openly in the forum because it will be harvested for analysis if I do.