Wiki spam?

[Erin]

Anybody here running a wiki? I'm running an experimental site using mediawiki, and I've found that a bot is inserting some code into every article. I didn't notice at first because for some reason, the changes don't show up on the changes page.

Here's the code that's entered:

Code:

<div style="overflow: auto; height: 1px;">

_pw8_

http://nv2006.com/ nv

</div>

Yeah, it's some sort of spam thing, but I don't understand why mediawiki allows this type of code to be inserted but not display and why it doesn't show up in the results.

Edit: I've searched a bunch, but results show only other spammed wikis. If anybody can figure out what it is, we might be the first site to do so.

Edit again: Don't visit the site in question. It's just one of those directory-type pages with links to other sites.

[SRTech]

The reason it is not showing up is that the bot entered some css code (overflow: auto; height: 1px;) that virtually hides the links. The reason for this is they want the PageRank benefit, but they hide it so that you won't notice it right away.

I am not very familiar with how MediaWiki works, but it probably just allows the code because it does not know that it will appear hidden, as there is know easy way for any wiki software to detect this, because the methods for spamming will rapidly change.

[Dan Grossman]

Any page with a form on it is going to get spammed by bots. It's inevitable. I have dozens of forms across my network of sites and they all get hit, from blogs to contact forms to custom applications.

1) Get mod_security running to avoid anyone finding a way into your server through the POST data. It's happened.
2) Add image verification to any forms whose posting results are immediately publically viewable. SitePoint has a good tutorial on it, it doesn't take a whole lot of code and can be done pretty foolproof.
3) Where the results don't go somewhere immediately public, you can always keep some type of moderation queue and filter out the spam yourself.

[Erin]

Great advice, Dan. Thanks.

I've got another spammer on my hands now. Here's the code the bot's using. It's hilarious:

Code:

<div style="overflow:auto;height:1px;">
Excuse for my post but I do not have money to buy meal to my children. Forgive me please.
[http://x y z.r a p i d f o r u m.com pharmacy]
<<the hundred other links removed>>
</div>

[Dan Grossman]

That's hilarious

Image verification, after patching some holes I found in my implementation of it, has reduced the number of spam posts to the thousands of guestbooks I host from 800 a day to <10 a day. Unless the spammers stopped writing about prescription drugs and online gambling, but I doubt that.