Spammers are now targeting sites with Wikis.

I’ve long ago gotten used to the near-constant comment, trackback, and referrer spamming that comes with running a blog—trackbacks got so bad I turned them off rather than have to clean them up every day—but now there’s two new tactics spammers have been using that are annoying as hell. Or at least they’re new to me.

First up is member account spamming. This is where they register an account on your blog and then put links to their sites in their member profiles and signatures, but they don’t leave any comments so you don’t necessarily see the links unless you check their profiles. SEB allows you to automatically register by responding to an email and then it sends me an email notice that you’ve registered. I’ve had to resort to checking every newly registered account to see if it contains spam links as I get the notifications. I only noticed this trend because some of the spammers use link-back checkers to make sure the member account exists and the hits to those accounts show up in my referrer log. It’s awfully strange to see hits on member accounts for people who have never left a comment on the blog. You have to admit that it’s a pretty clever way of circumventing the spam blockers most blogs run these days as member profiles aren’t typically checked and yet member lists are often crawled by Google.

The second method is even more annoying. It’s similar to the one above except that they don’t put any spam links in the member profile at all. Instead they target sites, like SEB, that have their own wikis setup. Any registered member can edit the wiki and wiki entries are not subject to spam scanning. So they register an account, activate it, and then go into the wiki and add pages in that look legitimate, but contain spam links. Just today someone registered an account and made a new “cetinionism” category page in the SEBPedia then used a copy and paste job from the Talk.Origins site to do a brief overview, followed by a link to another page within the wiki and then a link back to their “academic paper writing service” for “more information.”

The only reason I caught onto this is because some of the spammers pushed their luck by registering account names such as “AcademicStudy” and “WritingStudy” which are obviously spamish account names to begin with. When I didn’t see any spam links in their profiles I grew suspicious and started poking through the user activity log and noticed they all were editing pages in the SEBPedia. Sure enough when I checked the wiki whole new pages were in place that looked like a lot of work went into them, but which contained spam links. When I deleted the accounts the wiki pages went with them.

So if you’re running a system like ExpressionEngine and you’re using the wiki module (or you’re running a stand-alone wiki on your site) then you might want to examine your recent changes log to see if anyone is using it for spamming purposes. What boggles the mind isn’t that they’re clever enough to find new ways to spam your site, but that they’re still dumb enough to use account names that are obviously for spamming.

4 thoughts on “Spammers are now targeting sites with Wikis.

  1. I have a (non-blog-related) PmWiki wiki setup on my site, and I’ve been fending off folks for years.  I get an email whenever a change is made anywhere on it—and since it’s a relatively moribund setup (albeit with data I don’t want to lose), any email I get is usually a warning sign.

    Answer to same: go back, fix the page, password-lock it down.  Irksome.

  2. I have my EE wikis set up to send an email notification for every change. The Special:Recentchanges page is a big help, too.

    With EE, there’s the option to remove the “Members” group from the wiki user groups and replace it with an “Editors” group (say). Obviously you’d have to create such a group, assign designated wiki editors into it, and make sure this new group doesn’t break your other templates somehow or other.

    If I have a pet peeve about EE, then it’s that the “one member, one group” paradigm is baked so deeply into EE’s design that it won’t ever change (perhaps EE 3.0, but not 2.x—I asked at the last SXSW). In Drupal, you just create another group, assign permissions and users, and the core will figure out what a user can or cannot do in case of multiple group membership.

  3. Spammers suck.  We have the most trouble out of our PHPBB board for our WoW guild.  There was a time where we just turned it off because not only were we getting the usual spam we were also getting a TON of porn on there…very graphic…which is bad when you have a lot of kids/young teens in your guild!  LOL

    Damn spammers.  They are evil and must be destroyed.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.