Extension:CommentSpammer
 Release status: experimental |
|||
|---|---|---|---|
| Implementation | Page action | ||
| Description | Rejects edits from suspected comment spammers on a DNS blacklist. | ||
| Author(s) | Nickj | ||
| MediaWiki | 1.12, or 1.11 alpha after rev:27093 | ||
| License | No license specified | ||
| Download | Download snapshot Subversion [Help] |
||
|
|||
|
|||
|
Check usage (experimental) |
|||
The CommentSpammer extension rejects edits from anonymous users listed as comment spammers on the Project HoneyPot DNS blacklist.
Contents |
[edit] Before you go any further
At the moment we have confirmEdit, which is great for stopping links being automatically inserted, and stopping spammers from automatically creating accounts, but turning it on for every anonymous edit may be too intrusive. And we have $wgEnableSorbs, which is great for stopping open proxies. Consider enabling confirmEdit and $wgEnableSorbs first before installing this extension - you may not need it.
[edit] Background
There is a new category of wiki comment spam emerging, one that adds random gibberish to your wiki, without any web links, and that is often not from a known open proxy. It adds nonsense words like "laletoalca" and "rolerr" and "notac4tc" and "virochiorboa" and "oloreldell" and "c4teltlir" to pages. This extension currently seems to stop around roughly 80% to 90% of this type of spam.
So this extension takes it one level further, whilst still allowing anon edits, as it asks the Project HoneyPot DNSBL whether an IP address corresponds to a known "comment spammer" (which is a new category they seem to have added recently). The reason I selected honeypot rather than another black list is that for the last batch of spam comments that got through on my wiki, they were all listed as "comment spammers" on honeypot, and usually within the first 10 Google hits for those IP addresses. (i.e. it was based purely on past performance).
[edit] Getting a HoneyPot Key
This extension requires a honeypot key to use. Steps to get this:
- Create an account.
- Verify your account by visiting the emailed URL.
- Create a key.
- You'll need this key for the installation below.
[edit] Installing
Copy the CommentSpammer directory into the extensions folder of your MediaWiki installation. Then add the following line to your LocalSettings.php file (near the end):
$wgHoneyPotKey = 'inuvziahgprwh'; // (or whatever your key is that you got in the step above) require_once( "{$IP}/extensions/CommentSpammer/CommentSpammer.php" );
[edit] Optional Configuration
If you want to see logs of the edits that are allowed or denied in Special:Log, then include these lines:
$wgCommentSpammerLog['allowed'] = true; // only if you want logs of allowed edits in [[Special:Log]], otherwise omit. $wgCommentSpammerLog['denied'] = true; // only if you want logs of denied edits in [[Special:Log]], otherwise omit.
[edit] If you do not get logs appearing in Special:Log
If logs do not appear in Special:Log and you have enabled them as per the step above, then there is probably no 'MediaWiki default' user on the wiki. To add one, connect to your database, and run these two queries:
insert into user (user_name) values ('MediaWiki default');
update logging set log_user = ( select user_id from user where user_name = 'MediaWiki default' ) where log_type = 'cSpammer';
Note: will need to update the table names shown above if you use a table name prefix (e.g. if your user table is called "wiki_user" rather than "user", then the "wiki_" prefix will need to added to the tables names).
[edit] Submitting patches / updates / future directions
Any patches or updates welcome - and if you have commit access, you don't need to ask me (in fact, I'd really prefer it if you didn't) - just modify away, and please add your name as an author. Also if you're looking for something to work on, some possible ideas for improvement include:
- Reporting back to projecthoneypot.org when a known spammer re-offends (to keep their block alive).
- Reporting back to projecthoneypot.org when someone is blocked for spamming (to make it harder for them to attack other wikis).
- Automatically reviewing anon edits 24 or 48 hours after they are added, and auto-reverting those from now-known comment spammers (this stops the problem where someone has just started spamming, and they attack your wiki first - this way you get retroactive spam protection too, from the people they spam after you).
- <Insert your cool idea here>!
In short, you want to allow people to fight spam collectively, rather than individually, or to find other ways to reduce the cost of being spammed, but increase the cost to the spammer.
