Topic on User talk:Jdforrester (WMF)

increasing abuse of installations of wikimedia application

Summary by Billinghurst

moved to phab:T222536

Billinghurst (talkcontribs)

Hi James. I wished to leave an observation for the developer community, and not exactly sure of the best place to leave it with regard to the default installation of mediawiki.

In a role of looking at spam activity at WMF wikis, I am now seeing that there are many mediawiki-installed wikis across the web that are becoming spambot-infested eg., and they are either purposefully setup to be targets for spambots, or they are set up and left by whomever installed them. Either way, their abuse is being leveraged to spam, and proliferate spam. I am guessing that they are just default installations of mediawiki, and that the spambots are just able to work their "magic" without much difficulty.

It would seem to me though that our default configuration of mediawiki that is packaged is allowing for this easy abuse of wikis. I would like to see the developer community have a conversation about whether such an open and abusable/misusable configuration is truly in the best interests of wikis, and the secure web. Might there be a better default configuration that could be packaged/utilised to enable less abuse of mediawiki application?

I have started to blacklist numbers of these wikis after investigation that they are abused and that they are otherwise unmanaged. Predominantly these wikis have just been set up with a default administrator account (admin/crat) and these accounts have next to no activity.

Jdforrester (WMF) (talkcontribs)

Hey @Billinghurst, that's an interesting point; thank you for highlighting it. I'm not sure who would be best-placed to run such a conversation, but @CCicalese (WMF) as product owner of MediaWiki itself likely has a few ideas.

Billinghurst (talkcontribs)