[Koha-devel] Wiki - SPAM accounts and pages need deleting
Katrin Fischer
katrin.fischer.83 at web.de
Thu May 11 19:47:12 CEST 2023
Just noting I only blocked one account to try out the process - Thomas++
and David++ did all the others!
On 11.05.23 19:19, Thomas Dukleth wrote:
> Wiki account creation bypassing the ConfirmAccount extension was possible
> when email from the container was working due to a bug for which
> ConfirmAccount is incompatible with the current version of MediaWiki.
> Yesterday, I applied the workaround to add to LocalSettings.php which
> allows ConfirmAccount to work with the current version of MediaWiki.
>
> $wgGroupPermissions['*']['createaccount'] = false;
>
> Broken email service for the wiki because of complications authenticating
> to the SMTP server from the Docker container in addition to previous
> testing configuration remaining in LocalSettings.php meant that there
> were very few spam accounts created which were actually functional. If
> the accounts had been functional, we would have found the problem shortly
> after the upgraded wiki went live.
>
> Given the similarity of spam messages and timing there may have only been
> one or two spammers or spambots even with hundreds of suspicious
> non-working accounts created.
>
> There were about 20 spam accounts which had mostly just created some spam
> content in the wiki user page for the account and some which created a
> spam wiki page. 5 accounts before May which did not attract much notice
> and about 15 from 3 and 4 May which made the problem obvious. All spam
> content has been deleted and the accounts blocked. Spam accounts were
> included in recent created users with contributions,
> https://wiki.koha-community.org/wiki/Special:ListUsers?username=&group=&editsOnly=1&creationSort=1&desc=1&wpsubmit=&wpFormIdentifier=mw-listusers-form&limit=50
> .
>
> Thanks to Katrin Fischer and especially David Nind for blocking a few
> hundred accounts which had almost all likely never functioned but had been
> created automatically until the bug in ConfirmAccount had the workaround
> applied and could have been activated. I paused after the first hundred
> or so such accounts. Suspected spam accounts were included in all
> recently created users,
> https://wiki.koha-community.org/wiki/Special:ListUsers?username=&group=&creationSort=1&desc=1&wpsubmit=&wpFormIdentifier=mw-listusers-form&limit=50
> . We used a manual process one account at a time to block suspicious
> accounts. Legitimate accounts with contributions could be recognised but
> it is possible that we inadvertently blocked a legitimate user account
> which had not yet been used to create content. David Nind proposed to
> write a message to the mailing list informing anyone who might have been
> inadvertently affected to raise attention to their account being
> improperly blocked.
>
> The Wikimedia Foundation uses the UserCheck extension to help manage spam
> account blocking but it is not working properly inside the Koha Docker
> container where all users appear to have logged in from the same local IP
> address instead of an external IP address. Other extensions which had
> helped in combating WikiMedia spam no longer function or do not scale
> better than the manual process which we used. Direct database
> manipulation to block accounts could be possible but would need extra
> careful checking and the problem was small enough to manage manually via
> the web user interface. Using Docker is nice but there are some Docker
> specific bugs.
>
> Thomas Dukleth
> Agogme
> 109 E 9th Street, 3D
> New York, NY 10003
> USA
> http://www.agogme.com
> +1 212-674-3783
>
>
> _______________________________________________
> Koha-devel mailing list
> Koha-devel at lists.koha-community.org
> https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-devel
> website : https://www.koha-community.org/
> git : https://git.koha-community.org/
> bugs : https://bugs.koha-community.org/
More information about the Koha-devel
mailing list