Orbiter Wiki

Arvil

Well-known member
Joined
Apr 20, 2008
Messages
400
Reaction score
315
Points
78
Location
Pennsylvania, USA
Preferred Pronouns
he/him
Trouble is, there are over 13,000 spam pages that I know of so far, and it appears that about 125 were added in the last day. In the same time there was one actual legit edit during the same time frame. It would very difficult to keep up with this. Better to find a mechanism to keep the bad guys out.
 

Urwumpe

Not funny anymore
Addon Developer
Donator
Joined
Feb 6, 2008
Messages
37,588
Reaction score
2,312
Points
203
Location
Wolfsburg
Preferred Pronouns
Sire
Trouble is, there are over 13,000 spam pages that I know of so far, and it appears that about 125 were added in the last day. In the same time there was one actual legit edit during the same time frame. It would very difficult to keep up with this. Better to find a mechanism to keep the bad guys out.

Sounds like our spamfilter is out of service. I'll try to take a look,was some while ago I was needed there.
 

Urwumpe

Not funny anymore
Addon Developer
Donator
Joined
Feb 6, 2008
Messages
37,588
Reaction score
2,312
Points
203
Location
Wolfsburg
Preferred Pronouns
Sire
OK, the good news, the mess seems to have started just on October 16. And instead of having to deal with 13000 spam pages, it seems to be just around 500 left now. Until the end of the week, I might be able to get this back to zero. But its a lot of work, some better tools would be nice.
 

Urwumpe

Not funny anymore
Addon Developer
Donator
Joined
Feb 6, 2008
Messages
37,588
Reaction score
2,312
Points
203
Location
Wolfsburg
Preferred Pronouns
Sire
Awesome, good luck.
Might take a while longer, the statistics page is broken.

It should be less than 13000, but still more than 4000 spam pages in 5 weeks, all starting from 17 October 2020, 18:27....

I'll try to delete more pages, than the spammer create, but should the spam flood reach rates like in early November (4-5), it will get impossible without better tools.
 

Arvil

Well-known member
Joined
Apr 20, 2008
Messages
400
Reaction score
315
Points
78
Location
Pennsylvania, USA
Preferred Pronouns
he/him
I tried that. They show up in Special Pages\Uncategorized pages. I moved a few into Category: Spam. I got banned by the autofilter, presumably because I edited spam pages. Since then I keep getting warnings that I'm banned because someone is using my IP address to create spam. I changed my IP address and stayed away for a couple of weeks until after the expiration of the ban date, went back on tonight, got the same message with a new date. Urwumpe hasn't been able to help. Sure would like to know how this is happening when I'm not even there and not even the same IP address. Don't touch spam pages (12,900 of them), you may be banned also.
Message looks something like
You do not have permission to edit this page, for the following reason:


Your IP address has been automatically blocked because it was used by another user, who was blocked by ‪Urwumpe‬. The reason given is:
Autoblocked because your IP address has been recently used by "JaunitaWoodriff".
The reason given for JaunitaWoodriff's block is "Spammer"

  • Start of block: 00:01, 31 December 2020
  • Expiration of block: 00:01, 20 January 2021
  • Intended blockee: 173.245.54.92
You may contact ‪Urwumpe‬ or one of the other administrators to discuss the block.
Note that you may not use the "Email this user" feature unless you have a valid email address registered in your user preferences and you have not been blocked from using it.
Your current IP address is 173.245.54.92, and the block ID is #38794. Please include all above details in any queries you make.

That's not my IP nor is that me. I wasn't there on 31 December. Each time I try it's different people, IP, etc.
 

Urwumpe

Not funny anymore
Addon Developer
Donator
Joined
Feb 6, 2008
Messages
37,588
Reaction score
2,312
Points
203
Location
Wolfsburg
Preferred Pronouns
Sire
Those that cause trouble for you are all Cloudflare accounts - interestingly the IPV6 adress for Orbiterwiki also resolves to Cloudflare now.

So, the culprit seems to be again the server configuration, we need to install an Apache module so that autoblocks aim at the right user again and not target cloudflare itself.
 

Sbb1413

Well-known member
Joined
Aug 14, 2018
Messages
948
Reaction score
373
Points
78
Location
India
Preferred Pronouns
he/his/him
I have heard of Apache license (IDK what it is), not the module.
 

Arvil

Well-known member
Joined
Apr 20, 2008
Messages
400
Reaction score
315
Points
78
Location
Pennsylvania, USA
Preferred Pronouns
he/him
I sure appreciate any help that works. I find it weird that they all hit my IP even though I changed it weeks ago. So, I'll be patient. Thanks for your help.
 

Urwumpe

Not funny anymore
Addon Developer
Donator
Joined
Feb 6, 2008
Messages
37,588
Reaction score
2,312
Points
203
Location
Wolfsburg
Preferred Pronouns
Sire
I have heard of Apache license (IDK what it is), not the module.

The Apache licence is the FOSS licence developed for the Apache webserver - which is powering most websites in the WWW today.

An Apache module is an extension module for the Apache webserver, very much like a module for Orbiter. In this case, we most likely need mod_cloudflare to teach the Apache server how to look behind the Cloudflare service.

There is also some solution using just MediaWiki, but most people don't think well about it.
 

Arvil

Well-known member
Joined
Apr 20, 2008
Messages
400
Reaction score
315
Points
78
Location
Pennsylvania, USA
Preferred Pronouns
he/him
I wonder if the Cloudflare accounts are pinging off anything Verizon no matter IVP4 or 6 numbers, that’s why I can’t seem to get away from them?
 

Arvil

Well-known member
Joined
Apr 20, 2008
Messages
400
Reaction score
315
Points
78
Location
Pennsylvania, USA
Preferred Pronouns
he/him
I know you try to keep the wiki as open and easy as possible, but, here’s a thought. I joined theaquariumwiki.com a few months ago. I had to do a Captcha (click the images with cars, etc) during registration. I had to do five or ten minor edits including the Captcha to prove I was trustworthy before I could create any pages, even my own user page. Once I was autoconfirmed, I could create pages. Even now, if I include an external link, in an edit or new page, I have to do the Captcha. I think most editors would understand. Just a suggestion. I’ve found only one spam page there so far.
 

Urwumpe

Not funny anymore
Addon Developer
Donator
Joined
Feb 6, 2008
Messages
37,588
Reaction score
2,312
Points
203
Location
Wolfsburg
Preferred Pronouns
Sire
Yes, that is exactly the ConfirmEdit plugin, that MediaWiki includes already, but which has to be enabled when you install the server (or update it from something very old). It can be set to different kinds of "turing test strength", including an option to ask questions to the user.

Would using questions about spaceflight and Orbiter be too hard for editors?
 

kuddel

Donator
Donator
Joined
Apr 1, 2008
Messages
2,064
Reaction score
507
Points
113
Would using questions about spaceflight and Orbiter be too hard for editors?
If the answer can be found in the wiki ?
But seriously: Every captcha or question is annoying, but it's the lesser of two evils (spam vs. inconvenience)
A kind of single-site-logon (with the forum credentials) is to much effort I think, isn't it?
 

Urwumpe

Not funny anymore
Addon Developer
Donator
Joined
Feb 6, 2008
Messages
37,588
Reaction score
2,312
Points
203
Location
Wolfsburg
Preferred Pronouns
Sire
If the answer can be found in the wiki ?
But seriously: Every captcha or question is annoying, but it's the lesser of two evils (spam vs. inconvenience)
A kind of single-site-logon (with the forum credentials) is to much effort I think, isn't it?

Well, I think such questions are enough for those users, who are not autoconfirmed yet, so many should never see them, except we configure things way more strict.

I think a single-site-logon would be technically possible, but from a data protection and security POV a nightmare. Lets keep both sites separated and use a password safe like many browsers already have for the convenience....
 

Arvil

Well-known member
Joined
Apr 20, 2008
Messages
400
Reaction score
315
Points
78
Location
Pennsylvania, USA
Preferred Pronouns
he/him
Wow, did not know that could be done. Great idea. I followed your ConfirmEdit link and learned a bit about what that does. I’m just an ordinary editor, don’t know much about your end of wikis. One would think that any serious editor would have more than beginner level of Orbiter and that spammers would be stopped. Random questions from the basic package or popular addons would be perfect, it would foil the spammers. I prefer the source editor, but Isaw that there may be some issues with the plugin and the Visual Editor. Might consider changing the questions periodically. This could also be a good practice quiz for us Orbital geeks. Getting rid of the spammers will give you guys more time to do what you beaurocrats are here for . . . Policing us geeks. What does everyone else think?
 

Arvil

Well-known member
Joined
Apr 20, 2008
Messages
400
Reaction score
315
Points
78
Location
Pennsylvania, USA
Preferred Pronouns
he/him
If the answer can be found in the wiki ?
But seriously: Every captcha or question is annoying, but it's the lesser of two evils (spam vs. inconvenience)
A kind of single-site-logon (with the forum credentials) is to much effort I think, isn't it?
Annoying like airport security or Covid masks, but necessary.
 

Arvil

Well-known member
Joined
Apr 20, 2008
Messages
400
Reaction score
315
Points
78
Location
Pennsylvania, USA
Preferred Pronouns
he/him
Well, I think such questions are enough for those users, who are not autoconfirmed yet, so many should never see them, except we configure things way more strict.

I think a single-site-logon would be technically possible, but from a data protection and security POV a nightmare. Lets keep both sites separated and use a password safe like many browsers already have for the convenience....
Agree, should be treated as separate users and logins.
 

MikeB

Member
Joined
Feb 25, 2009
Messages
185
Reaction score
0
Points
16
Location
Seattle
I'll suggest this one more time:
In order for a user to edit the wiki, require the user be registered. Perhaps allow auto-registration for members of Orbiter Forum, along the lines of Orbit Hangar.
 

Urwumpe

Not funny anymore
Addon Developer
Donator
Joined
Feb 6, 2008
Messages
37,588
Reaction score
2,312
Points
203
Location
Wolfsburg
Preferred Pronouns
Sire
I'll suggest this one more time:
In order for a user to edit the wiki, require the user be registered. Perhaps allow auto-registration for members of Orbiter Forum, along the lines of Orbit Hangar.

Well, again, it would be pretty bad in terms of security. If the security of Orbiterwiki would be breached, both O-F and Orbithangar would be compromised, too.

For O-F and OH, its tolerable, since both are more or less maintained by the same admin team now. But Orbiterwiki isn't, and the recent trouble tells me, that we would be a rather poor partner right now. Our monitoring was poor, I have to admit there, I also did not pay proper attention to things after Roman updated the server. Thus, its my punishment now, to fix this mess, as good as I can.
 
Top