Spammers on a Wiki

Enough is enough! I’ve had it with those monkey fighting spammers on this Monday to Friday wiki!

It is no secret that the pitiwiki was the target of a large scale cyber-warfare campaign in the last few months: the amount of spam polluting the wiki history was so ridiculous it prevented me from doing any serious editing in it.

During the hackfest in August, we took the time to move the wiki to a different server—a server to which I have the keys. Which means I can now shoot through airtight windows with a handgun.

There’s a new, very simple user account policy: request a user account if you want to edit something. Don’t hesitate to ask for one, I’ll give them out like candy.

The remaining problem is how to properly nuke from orbit those 800 fake user accounts and 1000 ronery pages and the associated history. Yes, I could use the Nuke extension to remove the accounts and associated pages… the problem is that the history would still be polluted, and leaving it like that feels wrong. Surely I’m not the only one out there who had this problem (from what my google-fu tells me), but I haven’t found an actual solution to this particular problem (maybe I’m obsessing too much about history…). Any suggestions?

P.s.: yes, self-signed certificate… Still waiting on our kind system administration to fix that one ;)


Branding strategist and business developer, free & open-source software UX designer and experienced community manager. Has unlimited hi-HP potions to keep teammates alive.

You can check out my main website or find me on G+ or Twitter.

7 Replies to “Spammers on a Wiki”

  1. Step 1, convert the wiki to one backed by a real version control system, such as ikiwiki. Step 2, git-filter-branch or equivalent. :)

  2. fighting the same battle at the moment with the OVA wiki…please report back on your solution, would be very helpful. Also, do you really believe it was a targeted form of attack or just general crap floating around the universe? (p.s. love the humor)

  3. @Sumana:
    Yeah, I did look at the “combating spam” manual but everything seemed to point to Nuke and general anti-spam techniques that don’t really apply to me since I decided to “go medieval” and lock everything down. The scripts on secretaribot sound interesting (though they don’t seem to address my particular problem exactly). Hm…

    You guessed right, I was joking about the “targeted/concerted attack” thing :)

  4. After a quick test, Nuke’s not going to be sufficient. Not only does it not erase the associated history, it doesn’t actually erase the account (nor does it block it); it only mass deletes pages that were associated with a particular account.

  5. <:o`( Sad Clown
    Thanks for the update, I'm sure your genius plan is just around the corner…

  6. I think the only way might be to somehow program a script that interacts directly with the mysql database, loops through the user list, shows the user and the name of his associated pages, then asks (y/N) if we want to delete that user and all associated pages + revisions (history)…

Comments are closed.