Topic on Project:Support desk

Shortly after installing MediaWiki, spammers have already begun hitting it and posting their auto-generated spam containing links. The text doesn't even make sense, but I guess they only care about the backlinks. I've already stopped the spam by using the abuse filter and ConfirmEdit, so this is more of a question to satisfy my curiosity as opposed to stopping spam.

How did they find my site in the first place? It wasn't listed or linked to from anywhere.

Are these spam bots generic form posting bots or are they specialized for MediaWiki?

Spambots (etc) speculatively look for a range of installed software/services, and test standard (and common variations on standard) directories. Check out your webserver logfiles to see what else they are going for.

I guess the spammers read all public available information sources, and perhaps one of the sources is the whois databases: for instance if you registered a new domain name and installed MediaWiki directly there, possibly they found the information in the whois and they guess it was a MediaWiki installation (you can not to answer to my comment if you don’t want to confirm or refut about your specific installation – it’s just a general comment).

If you want to really hide a MediaWiki installation on the Internet, I guess a good way to achieve that is to install it on a recondite subdomain (e.g. 927g028gh.example.org) or subdirectory (e.g. example.org/927g028gh/) and/or use HTTP authentication or other authentication means and/or even install it as a Tor hidden service and/or add a robots.txt.

To test if a MediaWiki installation (or any other software) is really hidden, you can search it in some search engines, at least if you trust them enough not to save your search for a further crawling.