Forum:Spam attack at Uncyclopedias

01:14, 18 July 2022 at Uncyclopedia.info start spam attack. The first spam user was ElyseFleischer. Statistics show, that now here's near 170000 spam users and 91000 spam pages.

First spam user on Zombiepedia was RobbinCraig453 at 02:24 19 July 2022. Now here is 37547 pages and 35288 users, I don't know, how many from they are spam.

First spam user on Daemonica was NickMilburn643 at 04:20 19 July 2022. Now here is 24855 pages and 15349 spam users (64 users registered before attack).

First spam user on Complaintwiki was AdaHerrington14 at 01:37, 25 July 2022. Now here is 42636 pages and 38513 spam users (66 users registered before attack).

And the worst: attack continues right now!

P.S. I'm going cheking another Uncyclopedias for attacks. 2A01:C23:790A:C500:41FA:C4CC:43FD:A9C9 (Аноным from Inciclopedia) 16:28, 31 March 2023 (UTC)

I have removed hCaptcha and put Google reCaptcha back online. Clearly something is not working if it is possible to brute-force a million or two attempts a month (even if most fail) on a group of websites which is not even in SimilarWeb anywhere in the top 100000. Most annoyingly, hCaptcha seems to be using this as an opportunity to send me very spammy-looking e-mail which begins with something like "Dear kingston.net team" (where kingston.net is my local ISP, based on my e-mail carlb@kingston..., but otherwise has nothing to do with this site) followed by a lengthy attempt to upsell to an "enterprise" version of the product at substantial, untold additional expense. The weak security is attracting more attempts to get garbage past the system, which is pushing the site over its hCaptcha-imposed quota of one million challenges a month. That's also an increased load on this server, which barely is keeping up at the best of times. Seriously, hCaptcha? If your product isn't working, why would I want to pay enterprise rates to watch the spam keep rolling in? There are no ads, no paid subscriptions and no revenue on this site. Even once the spam stops, that still leaves a major cleanup task on all of the affected wikis. Carlb (talk) 17:44, 13 April 2023 (UTC)

I have made some progress since January slowly on UnMeta, UnCommons, Dalmatian Uncyclopedia and Belarusian Uncyclopedia. The simple and klingon versions are also spammed, albeit to a lesser extent. However, there were 2 periods where I could not continue the work. From the 3rd to the 20th of February, I was hospitalized with a stroke and spent 2 weeks trying to restore the wikis. And April 11th to 13th-14th (depending on the wiki), due to my laptop having a faulty motherboard and needing to change it.

However, the Catalan and Asturian wikis are the ones that suffer the most attacks and I can't do anything because I'm not an administrator there. Babel also suffers from a lot of spambot attacks and there are no admins working. Rhubella Marie, the rat sockpreppie 3,585 preppiedits 02:16, 17 April 2023 (UTC)

That looks serious. Is there something we can do in Desciclopédia? The site is suffering with slowness, glitches, and often going offline. And soon it will be 1 week of this problem. Users don't know what to do there. The only thing we noticed is that the URL pesquisa.la is less glitched. ABDUL ALHAZRED ^{Salah, Zakāh, Ramadan, Hajj} 21:15, 21 April 2023 (UTC)

Sorry, one more week since the last wave of attacks on the 16th. We have been experiencing massive attacks depending on the wiki since the beginning of January. Communicating with Carlb seemed to be a solution but even he has suffered too much and since last year I have only had one email out of the 8 I sent on various subjects, including ownership of sysops in UnMeta-UnCommons. This one I think is approaching a year and I'm thinking of buying a cake. Rhubella Marie, the rat sockpreppie 3,585 preppiedits 03:59, 22 April 2023 (UTC)

I don't visit other wikis to know their issues. I only know Desciclopédia is glitched for 1 week and I am trying to know when this problem will be solved because many users are asking. And also, wanting to know if we can do something to help. Carl is not answering my e-mails too. ABDUL ALHAZRED ^{Salah, Zakāh, Ramadan, Hajj} 04:14, 22 April 2023 (UTC)

There is no spam accounts on traditional Chinese and Cantonese Uncyclopedia, but they're also becoming slow. This site is for "recording" problems, not for "solving" problems. There is no places for actual problem solving. Problems can only be solved if we migrate to a new host provider.--Abcabc2 (talk) 11:04, 22 April 2023 (UTC)

So this place is useless. "Recording" problems serve nothing. I just know I see wikis like Inciclopedia (es), Nonciclopedia (it), Désencyclopédie (fr) never having problems besides being so small and I envy them. I don't understand why Desciclopédia, the biggest uncyclopedia with more articles and more popularity, is just so badly treated. ABDUL ALHAZRED ^{Salah, Zakāh, Ramadan, Hajj} 15:44, 22 April 2023 (UTC)

Desgali is also disrespected many small wikis have the same problem. I understand the situation. But is it of little use to send an email and it ends up in the trash because the servermaster's email is full of spam? Alhazred, I sent 2 or 3 emails to Carlb about the available Terror/Monster vacancy for the UnMeta/UnCommons admin position. You think I don't check wiki polls being important to UnMeta. The first thing I checked after returning from the hospital after my stroke was seeing some demand here and the only thing that came was a new wave of spambots throughout February. It took me 5 days to fix 3 wikis.

I am well aware that you use an abuse filter to stop a spambot from editing. It's not visible to me but I know it exists. It took me 3 months to get one to apply to this wiki, in the Dalmatian and Belarusian versions, which were the biggest victims of spambots. Their functioning is visible in the recent changes before that I applied 73 blocks. That's the 17th of this month.

Mr. Abcabc2, it was communicated to me in this forum the departure of the ukrainian version for Miraheze. I warned the IP who opened the forum that she will not be recognized. You can however you wish to leave Uncyclomedia. If they go to Miraheze or to the server where the other wikis are located, with the exception of Nonciclopedia, it doesn't matter to me because even if I send an email, at that moment it can be ignored.

Both wikis know the danger of leaving the server, abandoning Uncyclometa and generating forks in their communities as happened with Uncyclopedia and other communities. I won't do anything contrary to it for saving my health (besides being user blocked). I'll save my time. Well, if you want to make votes to leave Uncyclometa that's your right, you know your responsibilities and you know that the answer I gave IP in that forum amounts to advice. Carlb will not recognize if both wikis go to Miraheze. For my part, I will send an email asking you to hurry up with the repair. My limit as an administrator is this. Rhubella Marie, the rat sockpreppie 3,585 preppiedits 19:14, 22 April 2023 (UTC)

At least that Ukrainian fork is running without glitches or slowness and that is what matter to normal people. The normal users are just ordinary users wanting to have their daily fun on internet, they don't care about these details about servers, forks, bot attack, other languages, twins wikis, smaller wikis flooded with spam, etc, etc, they only want to edit and read the wiki they like. But if the lack of support keep going, moving Desciclopédia to Miraheze or another independent server will become the only option, and that is not me talking. ABDUL ALHAZRED ^{Salah, Zakāh, Ramadan, Hajj} 19:40, 22 April 2023 (UTC)

Actually what I really want is a peaceful migrate without any hard forking, but establishing a good communication channel with Carlb would be a huge problem. Unfortunately there's no feasible plan at the moment so there's no community vote yet.--Abcabc2 (talk) 20:35, 22 April 2023 (UTC)

Not only you dream with that... ABDUL ALHAZRED ^{Salah, Zakāh, Ramadan, Hajj} 07:27, 23 April 2023 (UTC)

It will seem pointless and frustrating to have to say. I shouldn't even return here anymore, however, it would be very frustrating for you to have to say that ironically the active wiki is just our version. The Miraheze version has no edits for more than 30 days. Another thing, I emailed Carlb 5 minutes after my last entry here. I notified the rush in repair. I'm still waiting for an answer.

The problem is really affecting all wikis but at least the abuse filters are not only stopping spambot attacks but also automatically blocking them. Rhubella Marie, the rat sockpreppie 3,585 preppiedits 05:02, 23 April 2023 (UTC)

I know, that's why I want to avoid hard forking after all.--Abcabc2 (talk) 07:30, 23 April 2023 (UTC)

Hi. I just wanted to advise @Carlb to install Extension:QuestyCaptcha, and write like 5 questions with their respective answers. It should drastically stop all spambots, because they're not prepared to solve a custom question. It's the most effective spam prevention mechanism right now. However, this requires personalization for each wiki. I've seen a lot of comments about emails being sent to Carlb that aren't being replied/addressed, however he's editing this wiki. I wonder if there would be a way for admins to contact Carlb to send him the custom questions/answers for the captcha. --Ciencia Al Poder Apr 23, 2023 21:15:23

to which mw:extension:Antispam returned *** Mensaje prohibido. Contiene datos de contacto. Mensaje etiquetado como Spam. *** from cleantalk.org

I'm not impressed. While it looked like adding that extension did get rid of a lot of garbage, I'm seeing both false positives and false negatives. I get the impression that cleantalk.org is looking at everything on the page (not just what the user just added) and getting upset. Perhaps I shall have to look into whether it can be stopped from bothering existing users editing existing pages? By the time this is over, Special:SmiteSpam will likely be a featured article, even if it isn't a real content page. Google is claiming to be serving 100,000 reCAPTCHA challenges a day, for sites on this server? That's nuts. carlb (at) kingston.net Carlb (talk) 21:56, 23 April 2023 (UTC)

UnCommons

I didn't understand what happened. I had blocked the account 191.212.138.182 because of two spams on UnCommons and only now I realize that all the spambots are matching that IP and the user verification itself becomes confusing because instead of accusing the account, it accused myself in check. I had to unlock the account because I suspected that the account (I repeat it is not an IP) is the IP of one of the servers. Rhubella Marie, the rat sockpreppie 3,585 preppiedits 11:56, 25 April 2023 (UTC)

Yes to be honest, this account is merging with the spambots themselves and even the Abuse Filter which is blocking spambot IPs. I did not install the particular abuse filter used here, and in the Dalmatian and Belarusian versions, as UnCommons has fewer attacks than these 3 wikis. By the way, UnData only concentrates the creation of spambots but without the creation of spam. Rhubella Marie, the rat sockpreppie 3,585 preppiedits 12:02, 25 April 2023 (UTC)

Not sure what you're trying to say, but whois 191.212.138.182 indicates that address is provided by Brasil Telecom. That would suggest the address doesn't belong to Cloudflare, cleantalk.org, an offshore data centre on an island in the St. Lawrence River or anything else which may be "upstream" of this site in network terms. A https://cleantalk.org/blacklists/191.212.138.182 check finds nothing. Carlb (talk) 13:32, 25 April 2023 (UTC)

For me it just shows my own IP, so i'm pretty sure that's really it. BraGreMat 18:46, 25 April 2023 (UTC)

Well, I don't know what it's about but I know that this number is creating an account as if spambots were merged with it. I know I blocked it based on being a spambot but the verification points to my account but it was never blocked. I'm going to show here some crazy things about UnCommons. I'm sorry if the prints are dark. Two years at home office fucked up my eyesight, I ended up developing photophobia with the white computer screen. Anything, app is Current state in Google Chrome...

Here, 191.212.138.182 is Abuse filter

In this excerpt the Abuse Filter blocking an IP. The description of the block discriminates the account.

Here reigned chaos...

From top to bottom, the square marked in red shows the IP 191.212.138.182 for the 2 spam published in the field with the green square. Well, that's where the problem begins. I try not only to follow the contributions to trigger the mass delete function and the account appears without contributions and when I try to verify the account, the account does not exist.

If I check the history, it points out that the person who created the spam was the IP. I spend a bit of time and finally delete the pages one at a time. Well, the last field marked in yellow I unlocked because the check I managed to do on that IP pointed to me. Realizing that things were confusing, I decided to unblock the IP. Thinking that it could have blocked the server's IP, something that happened in a certain wiki of our Unclyclomedia family and forcing the site to crash.

PS: I wrote the text during the night but unfortunately with a heavy sleep I could only finish it this morning. Rhubella Marie, the rat sockpreppie 3,585 preppiedits 10:28, 26 April 2023 (UTC)

Ok, so basically, that should be your IP. For me it just shows my own IP, and for others, it would probably show theirs. BraGreMat 18:07, 26 April 2023 (UTC)

Oh cool, my IP is shown to do every single user action on UnCommons now. BraGreMat 08:36, 29 April 2023 (UTC)