wiki spam on pinvoke.net

Announcements and discussion for PInvoke

Moderators: Luke Jefferson, Robert

wiki spam on pinvoke.net

Postby jaskew » Thu Dec 13, 2007 4:53 pm

I've been a long time user of pinvoke.net, and have started to add some content to some of the wiki pages.

I've been noticing some wiki-spam in certain places, i.e.:

Comments misc Today @ 3:25 PM jaskew-192.236.56.104
NetShareAdd comdlg32 Today @ 2:34 PM jonn2-85.255.120.90

I deleted the spam from the 'comments' page above, but the NetShareAdd may have been a full fledged page that is now just junk:

http://pinvoke.net/default.aspx/comdlg32/NetShareAdd.html

So, I'm curious what the protocol on such edits is... how do we alert and admin or rollback that page? What should I do?

Is there a way to get a full-fledged account on the wiki? I'd willing do some police work.
jaskew
 
Posts: 2
Joined: Thu Dec 13, 2007 4:46 pm

Postby James Moore » Thu Dec 13, 2007 7:28 pm

Hi,

Thanks for the heads up,

I have now restored the page you poined out, I will drop a note to our system admin's and get that IP/username banned from editing the wiki.

You can revert the page without an account (or with one) - if you look at the right hand side of the page all revisons are listed there, you can then select the last one before the wiki spam started and revert to it.

Thanks once again!

James
James Moore
Head of DBA Tools
Red Gate Software Ltd
James Moore
 
Posts: 242
Joined: Mon Nov 21, 2005 9:35 am

Re:

Postby jaskew » Thu Dec 13, 2007 8:52 pm

You are welcom.

James Moore wrote:You can revert the page without an account (or with one) - if you look at the right hand side of the page all revisons are listed there, you can then select the last one before the wiki spam started and revert to it.


Ah, I missed that. Thanks for heads up.

Jason
jaskew
 
Posts: 2
Joined: Thu Dec 13, 2007 4:46 pm

Re:

Postby jo0ls » Tue Apr 15, 2008 11:08 pm

James Moore wrote:Hi,
You can revert the page without an account (or with one) - if you look at the right hand side of the page all revisons are listed there, you can then select the last one before the wiki spam started and revert to it.


For some reason that doesn't work for me. I revert it, but the spam version still shows. Oddly if I then try and edit the page it does show the reverted version.

For example, I just tried to put: http://pinvoke.net/default.aspx/shell32 ... conEx.html

back to Apr 10 6:52 (121.223.213.133). But it's still showing junk. (now it will show me failing to edit it 3 times...)

and yesterday I tried to do SendMessage. Someone else fixed SendMessage, but it has been trashed again.
jo0ls
 
Posts: 3
Joined: Wed Aug 30, 2006 6:51 pm

Postby Robert » Wed Apr 16, 2008 8:34 am

Hi,

Yes, I see the problem you're having - I've just tried the same thing, with the same result. Strangely some pages do allow revert then edit, so it seems to be specific to certain topics.

I'll update you when I know more.

Thanks for pointing it out, and for helping with the spam!

Robert
Robert Chipperfield
Developer, Red Gate Software Ltd
Robert
 
Posts: 410
Joined: Mon Oct 30, 2006 11:15 am
Location: Cambridge, UK

Postby Robert » Wed Apr 16, 2008 1:54 pm

Hi jo0ls,

We've given the web server a quick poke, and the correct version now seems to be being displayed. I've tried to reproduce it on a local copy of the site on my machine, but unfortunately haven't been able to, so I'm not quite sure what happened there.

Please do let me know if the problem recurs.

Many thanks,
Robert
Robert Chipperfield
Developer, Red Gate Software Ltd
Robert
 
Posts: 410
Joined: Mon Oct 30, 2006 11:15 am
Location: Cambridge, UK

Re:

Postby jo0ls » Wed Apr 16, 2008 3:08 pm

Robert wrote:Thanks for pointing it out, and for helping with the spam!


It looks like a botnet has started wikispamming some pages. SendMessage is back to junk already. The comments section is spammed frequently. SHGetFolderPath looks like the worst offender. Looking at the list of edits, it seems it started on the 4th of March.

SHGetFolderPath has been getting edited a huge number of times a day, say April 14th, it was edited over 60 times.

Parsing all the IP addresses I found that there were 1684 edits since the 4th March, from 982 unique IP addresses. Most have only edited it once or twice, some might be genuine users. The biggest culprit was 203.144.144.164 which has changed it 40 times. He's on wikipedia:

http://en.wikipedia.org/wiki/User_talk:203.144.144.164


Some of the IPs will be dynamic IPs allocated by an ISP, I googled a couple of other IPs and found outraged users of Wikipedia who were blocked from editing it because a spammer had been using the same address.
Last edited by jo0ls on Wed Apr 16, 2008 3:20 pm, edited 1 time in total.
jo0ls
 
Posts: 3
Joined: Wed Aug 30, 2006 6:51 pm

Postby Robert » Wed Apr 16, 2008 3:13 pm

Bother!

We've been planning to enhance the anti-spam measures on there for a bit, but until recently it's been low enough volume not to cause a significant problem. Looks like that might have changed.

I'll see what I can do!

Cheers,
Robert
Robert Chipperfield
Developer, Red Gate Software Ltd
Robert
 
Posts: 410
Joined: Mon Oct 30, 2006 11:15 am
Location: Cambridge, UK


Return to PInvoke.Net

Who is online

Users browsing this forum: No registered users and 0 guests

cron