| Author |
Message |
jaskew
Joined: 13 Dec 2007
Posts: 2
|
 Posted: Thu Dec 13, 2007 4:53 pm Post subject: wiki spam on pinvoke.net |
 |
|
I've been a long time user of pinvoke.net, and have started to add some content to some of the wiki pages.
I've been noticing some wiki-spam in certain places, i.e.:
Comments misc Today @ 3:25 PM jaskew-192.236.56.104
NetShareAdd comdlg32 Today @ 2:34 PM jonn2-85.255.120.90
I deleted the spam from the 'comments' page above, but the NetShareAdd may have been a full fledged page that is now just junk:
http://pinvoke.net/default.aspx/comdlg32/NetShareAdd.html
So, I'm curious what the protocol on such edits is... how do we alert and admin or rollback that page? What should I do?
Is there a way to get a full-fledged account on the wiki? I'd willing do some police work.
_________________
Founder, FreeScreencast.com |
|
| Back to top |
|
 |
James Moore
Joined: 21 Nov 2005
Posts: 245
|
| Posted: Thu Dec 13, 2007 7:28 pm Post subject: |
|
|
Hi,
Thanks for the heads up,
I have now restored the page you poined out, I will drop a note to our system admin's and get that IP/username banned from editing the wiki.
You can revert the page without an account (or with one) - if you look at the right hand side of the page all revisons are listed there, you can then select the last one before the wiki spam started and revert to it.
Thanks once again!
James
_________________
James Moore
Head of DBA Tools
Red Gate Software Ltd |
|
| Back to top |
|
|
jaskew
Joined: 13 Dec 2007
Posts: 2
|
| Posted: Thu Dec 13, 2007 8:52 pm Post subject: Re: |
|
|
You are welcom.
| James Moore wrote: |
You can revert the page without an account (or with one) - if you look at the right hand side of the page all revisons are listed there, you can then select the last one before the wiki spam started and revert to it.
|
Ah, I missed that. Thanks for heads up.
Jason
_________________
Founder, FreeScreencast.com |
|
| Back to top |
|
|
jo0ls
Joined: 30 Aug 2006
Posts: 3
|
| Posted: Tue Apr 15, 2008 11:08 pm Post subject: Re: |
|
|
| James Moore wrote: |
Hi,
You can revert the page without an account (or with one) - if you look at the right hand side of the page all revisons are listed there, you can then select the last one before the wiki spam started and revert to it. |
For some reason that doesn't work for me. I revert it, but the spam version still shows. Oddly if I then try and edit the page it does show the reverted version.
For example, I just tried to put: http://pinvoke.net/default.aspx/shell32/ExtractIconEx.html
back to Apr 10 6:52 (121.223.213.133). But it's still showing junk. (now it will show me failing to edit it 3 times...)
and yesterday I tried to do SendMessage. Someone else fixed SendMessage, but it has been trashed again. |
|
| Back to top |
|
|
Robert
Joined: 30 Oct 2006
Posts: 428
Location: Cambridge, UK
|
| Posted: Wed Apr 16, 2008 8:34 am Post subject: |
|
|
Hi,
Yes, I see the problem you're having - I've just tried the same thing, with the same result. Strangely some pages do allow revert then edit, so it seems to be specific to certain topics.
I'll update you when I know more.
Thanks for pointing it out, and for helping with the spam!
Robert
_________________
Robert Chipperfield
Developer, Red Gate Software Ltd |
|
| Back to top |
|
|
Robert
Joined: 30 Oct 2006
Posts: 428
Location: Cambridge, UK
|
| Posted: Wed Apr 16, 2008 1:54 pm Post subject: |
|
|
Hi jo0ls,
We've given the web server a quick poke, and the correct version now seems to be being displayed. I've tried to reproduce it on a local copy of the site on my machine, but unfortunately haven't been able to, so I'm not quite sure what happened there.
Please do let me know if the problem recurs.
Many thanks,
Robert
_________________
Robert Chipperfield
Developer, Red Gate Software Ltd |
|
| Back to top |
|
|
jo0ls
Joined: 30 Aug 2006
Posts: 3
|
| Posted: Wed Apr 16, 2008 3:08 pm Post subject: Re: |
|
|
| Robert wrote: |
Thanks for pointing it out, and for helping with the spam!
|
It looks like a botnet has started wikispamming some pages. SendMessage is back to junk already. The comments section is spammed frequently. SHGetFolderPath looks like the worst offender. Looking at the list of edits, it seems it started on the 4th of March.
SHGetFolderPath has been getting edited a huge number of times a day, say April 14th, it was edited over 60 times.
Parsing all the IP addresses I found that there were 1684 edits since the 4th March, from 982 unique IP addresses. Most have only edited it once or twice, some might be genuine users. The biggest culprit was 203.144.144.164 which has changed it 40 times. He's on wikipedia:
http://en.wikipedia.org/wiki/User_talk:203.144.144.164
Some of the IPs will be dynamic IPs allocated by an ISP, I googled a couple of other IPs and found outraged users of Wikipedia who were blocked from editing it because a spammer had been using the same address.
Last edited by jo0ls on Wed Apr 16, 2008 3:20 pm; edited 1 time in total |
|
| Back to top |
|
|
Robert
Joined: 30 Oct 2006
Posts: 428
Location: Cambridge, UK
|
| Posted: Wed Apr 16, 2008 3:13 pm Post subject: |
|
|
Bother!
We've been planning to enhance the anti-spam measures on there for a bit, but until recently it's been low enough volume not to cause a significant problem. Looks like that might have changed.
I'll see what I can do!
Cheers,
Robert
_________________
Robert Chipperfield
Developer, Red Gate Software Ltd |
|
| Back to top |
|
|
|
