On wednesday, we had a little bit of a spam issue on the wiki. Over the course of some hours, a lot of users created a huge amount of spam pages with shady support telephone number and spam links to external sites. I was relatively confused by this action since just recently, we improved our bot protection on signup, so it should not be possible to sign up automatically.
As it turned out, the account creation was not done by bots. Someone apparently hired a bunch of people in an Indian company to create accounts, then those were used for spamming around. Yes, you’ve read that right, some people actually manually created accounts in our wiki to spam around.
Since it is pretty clear that our CAPTCHA and other automated measurements will not work in such cases. Locking down wiki signups entirely and have people ask for accounts on IRC/Discourse would certainly be a possibility, but that’s not really contributor friendly either and creates a lot of work for us. However, since we apparently can’t trust new users, we need to way of “checking” the users first.
So, we have enabled a kind of moderation queue in the wiki. This means that everyone is able to sign up and edit straight away, but their edits will not be public until a moderator has checked them. The user editing the pages will be able to edit other pages and they will always see their changes, so the moderation queue is not really blocking the contributions, but the edits won’t be public.
Everyone in the “community staff” team is able to view the moderation queue and able to reject or approve changes. However, @waithamai opted voluntarily for keeping an eye on the queue on a regular basis.
So far, the amount of spam is going far down, and the number of spam coming through our filters is 0, so this seems to be a working solution for now.
Feel free to raise concerns or ask questions!