Page MenuHomePhabricator

increasing abuse of installations of Mediawiki application
Closed, DuplicatePublic

Description

I wished to leave an observation for the developer community, and not exactly sure of the best place to leave it with regard to the default installation of mediawiki.

In a role of looking at spam activity at WMF wikis, I am now seeing that there are many mediawiki-installed wikis across the web that are becoming spambot-infested eg. planet-nomads-wiki.com, and they are either purposefully setup to be targets for spambots, or they are set up and left by whomever installed them. Either way, their abuse is being leveraged to spam, and proliferate spam. I am guessing that they are just default installations of mediawiki, and that the spambots are just able to work their "magic" without much difficulty.

It would seem to me though that our default configuration of mediawiki that is packaged is allowing for this easy abuse of wikis. I would like to see the developer community have a conversation about whether such an open and abusable/misusable configuration is truly in the best interests of wikis, and the secure web. Might there be a better default configuration that could be packaged/utilised to enable less abuse of mediawiki application?

I have started to blacklist numbers of these wikis after investigation that they are abused and that they are otherwise unmanaged. Predominantly these wikis have just been set up with a default administrator account (admin/crat) and these accounts have next to no activity.

(transferring from https://www.mediawiki.org/wiki/Topic:Uyqk9iws5qxmxi4e where I tried to start a conversation, though does not seem to have attracted attention, trying this way)

Event Timeline

Restricted Application added a subscriber: Aklapper. · View Herald TranscriptMay 5 2019, 10:42 AM

By "wikimedia application", did you mean "MediaWiki"?

Since T85327 in 1.27, https://www.mediawiki.org/wiki/Manual:Combating_spam is linked right after installing MediaWiki.
T194746 proposes to ship StopForumSpam by default.

This task is pretty similar to T173055: Saner defaults for preventing spam and I'm not convinced that it should be a task.

Billinghurst renamed this task from increasing abuse of installations of wikimedia application to increasing abuse of installations of Mediawiki application.May 6 2019, 10:16 AM

By "wikimedia application", did you mean "MediaWiki"?
Since T85327 in 1.27, https://www.mediawiki.org/wiki/Manual:Combating_spam is linked right after installing MediaWiki.
T194746 proposes to ship StopForumSpam by default.
This task is pretty similar to T173055: Saner defaults for preventing spam and I'm not convinced that it should be a task.

Yes, I meant Mediawiki. Oops.

While you are correct that a page is linked, and all good administrators would do this, the fact is that they don't. These installations are being weaponised, and then used against us.

If the community is happy with that, then just say that. I am simply alerting the community to what I am seeing, and I tried Mediawikiwiki talk page, and alerting the person who I was told was responsible for the application, to no response. Not certain where else such matters should be raised.

Sorry for the delay in responding; I've been traveling. This does seem to be a good topic for the MediaWiki Stakeholders' Group to discuss and investigate.