Avoiding wiki spam in Mediawiki

The great thing about Wiki’s is that everyone can edit them. The problem is that this attracts a new strain of spam morons: the wiki spammers. My Tango Wiki has gotten spammed several times per day since I launched it. A page gets changed to a list of URLs for various drugs, mostly ‘male performance related’, let’s say.

A sample of the IP addresses of the offenders (basically all over the place):

  • (optonline.net – Brooklyn, USA)
  • (rima-tde.net – Madrid, Spain)
  • (rima-tde.net – Madrid, Spain)
  • (proxad.net – Paris, France)
  • (btopenworld.com – Watford, UK)
  • (starman.ee – Saue, Estonia)
  • (xs4all.nl – Amsterdam, Netherlands)
  • (ncku.edu.tw – Taipei, Taiwan)
  • (ttnet.net.tr – Istanbul, Turkey)
  • (ttnet.net.tr – Istanbul, Turkey)
  • (alter.net – Cape Town, South Africa)
  • (global-gateway.net.nz – Auckland, New-Zealand)
  • (isu.net.sa – Riyadh, Saudi-Arabia)
  • (uunet.be – Belgium)

They try to hide the spam by putting it inside a <div style="height: 1px"> (CSS hidden spam) so they are not visible to visitors, but get picked up by Google anyway. The goal, just as with splogs, is to create Google juice, not to get read or clicked on.

The ways to fight this abuse are based on the following techniques:

  • editor whitelist: only certain IP addresses, or only logged-in users, can edit the pages

  • editor blacklist: certain IP addresses are blocked (e.g. those of anonymous proxies – often used by spammers)
  • spam word detection: when the text contains certain words, the edit is not accepted
  • spam link detection: when outgoing links contain certain words, the edit is not accepted
  • rel=nofollow: makes the outgoing links valueless for Google

A lot of valuable information on fighting wiki spam can be found on: chongqed.org and on meta.wikimedia.org. What I have already done on my MediaWiki installation is to add the following to LocalSettings.php:

$wgShowIPinHeader = false;  # so no information on IP addresses can be added
$wgSpamRegex="/<div/";   # so the hidden CSS trick does not work
$wgWhitelistEdit = true;    # so only logged-in users can edit


4 thoughts on “Avoiding wiki spam in Mediawiki”

  1. Correct, I am using the 1.4.7 version.
    In v1.5 it becomes:

    # This replaces wgWhitelistAccount and wgWhitelistEdit
    $wgGroupPermissions = array();
    $wgGroupPermissions['*' ]['createaccount'] = false;
    $wgGroupPermissions['*' ]['read'] = true;
    $wgGroupPermissions['*' ]['edit'] = false;

  2. Hi Peter, I have now got my own MediaWiki going to play with and think I have come up with a better regex to block CSS Hidden Spam.

    $wgSpamRegex = "//";

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.