(12-19-2020, 04:50 PM)Bob Schroeck Wrote: Honestly, kill it with fire. I don't think we should have anything left to attract the CM whackjobs.
Yeah, aside from a locked main page and some quotes, I'd kill anything else.
Also, for admins and anyone else interested, here's a short version of how spam creation programs work.
First off, if you manage to track down the sites where these scum shill their garbage, they NEVER advertise it as spam software, but "advertisement software", and they all work using a series of automated steps.
1. The spam creator creates one or more templates for whatever they want to plaster all over the internet for the program.
2. The program is then fed a list of sites to attempt to sign up to for the spreading of spam.
3. Depending on the site, they will run a bot script that automates the basic process of entering the basic information for an account on the site (wikis are easy targets, and some of the more advanced spam creators have captcha guessing built in to defeat the less sophisticated captchas, which can be overcome with some automated practice to determine the captchas pattern of operation)
4. Once the account is verified to work, the bot script then plasters the spam however the target site accept data (for wikis, they will either plaster it on the userpage of the spam account or create a new page, or both)
5. To deter being shut down easily, these programs are routed through rotating proxies and VPNs to defy and defeat IP blocking, and some of the more determined will even spoof legit IPs to defeat IP blocklists.
6. The random usernames are generated by a script as well, generally defaulting to some combination of a random name and some numbers since those are less likely to be taken, and if they are, one can always change a few digits or characters via the automated scripting.
In short, the Moderation extension end runs around all the ways this garbage works and simply asks the admins to approve a new page or account edits before they get posted, as some spammers are clever enough to try burying spam links in existing content, and spammers have no defense against it because they get no warnings from their spam creator as their accounts are never truly blocked. Instead, since spammers rarely check to see if their spam is hitting a target, Moderation gulls them into thinking they are getting through even though the client side (user-visible end) will never show any of their spam unless it's allowed through manually.