The Spam Diaries

News and musings about the fight against spam.
 by Edward Falk

Monday, April 24, 2006

Death to wiki spammers -- the cowbirds of the web

I'm back from my brief hiatus*, and madder than I think I've been since the day I got my first email spam. This time, it's WikiSpam.

I've just spent the last couple hours repairing a wiki that was completely trashed and vandalized by spammers.

Spammers have found yet another way to diminish the value of the internet to all of us.

The latest thing in spam is this: A spammer discovers a wiki page. They then insert a huge number of links to sites they want to promote, often inside html tags that make the text invisible to end-users, but presumably still visible to search engines. The process is automated of course.

What really infuriates me is that some wiki spammers also delete the original content of the page. Just as a cowbird or cuckoo will replace the eggs of another bird with their own, these wiki spammers replace the legitimate wiki content with spam.

Now, recovering from the spam is no longer a simple matter of editing the wiki and removing the spam. Now, you need to go through older versions of the page until you find the undamaged content, copy it, and then go back and restore it into the current version.

What needs to be done:

I predict that this wiki vandalism will reach a crisis point before these steps are taken, but let's list them anyway.

Ideally, service providers need to crack down on their spamming customers. A single verified complaint of wiki spam should be sufficient for a customer to be permanently banned from an ISP. Of course, given the number of spam-tolerant and spam-friendly ISPs out there, we know that this won't work.

Since regulation and enforcement won't work, we must look to self-defense:

All wiki software needs to have a system of user registration and an option to only permit registered users to edit pages. The registration system needs to be something that cannot be automated.

All wiki software needs to have an easy way to revert to an earlier version of a page. I've been cleaning up a mess on twiki today, and I have to say I'm unimpressed. Not only is there no way to simply revert to an earlier version of a page, but the history mechanism doesn't provide an easy way to see any but the most recent few revisions. It looks like MediaWiki is the most capable software in this arena.

All wiki software needs to have a configurable blocking list of domains and/or IP ranges. This should be easy to edit. Ideally, there should be a way for wiki sites to share these lists, similar to the way that MT-Blacklist allows bloggers to share a block list. In fact, simply allowing the wikis to plug into MT-Blacklist would probably do the trick.

All wiki software needs to keep a log of IP addresses from which edits are made.

All links should contain the "nofollow" tag to remove the spammer's motivation.

Note: Twiki does support a Black List Plugin.

A DNS Blocklist for wikis wouldn't be a bad idea either.


Post a Comment

<< Home