New Forums

Please go vote on the new forums now. Let's get this shipped.

You are here

NWN Lexicon site attacked by spamtards

19 posts / 0 new
Last post
MrZork
NWN Lexicon site attacked by spamtards

I am sorry to say that, visiting the NWN Lexicon site (https://nwnlexicon.com/) recently, I see that it has been ravaged by spam-posting losers. It's so bad on some pages that the entire page of scripting-related information has been replaced by the idiot ads. I reverted several pages last night, but it quickly became clear that there are too many to do one-by-one like that.

I know that spammers are a periodic problem and I don't know if the latest wave happened over a short period of time or not. I wonder if it's possible to roll back to a cleaner version from before the bulk of the problem started?

The NWN Lexicon is a great resource and it's sad to see it victim to this sort of thing. Anyway, I am posting here mostly so that people will know and see if there is some way to undo the damage. (I think Tarot is an admin on the Lexicon site. But, my contant info was in the form of messages on the Bioware Forums. RIP.)

  • up
    50%
  • down
    50%
Trinital

The problem with unvetted open Wiki pages I'm afraid. This is why I was such a advocate for the vault wiki. (https://wiki.neverwintervault.org/)

We need an authenticated wiki that we own can ensure won't disappear randomly under Spam / Lack of Host Payments. (As Painful as it might be)

I feel very confident that Niv will keep this place running as long as there are players who want to be a apart of this amazing community.

 

 

 

  • up
    100%
  • down
    0%
Proleric
Proleric's picture

I have a shout out to the Lexicon adminstrators about this.

As I understand it, the Lexicon you see today is now hosted by the Vault, so there should be no continuity issues.

The old site had been locked down so that only registered users could post, but unfortunately that seems to have been overlooked when it migrated here.

Hopefully the site will be cleaned up and secured shortly. 

I have offered to help, but I don't have admin rights at this time.

NWN and DAO adventures at http://proleric.com/

  • up
    50%
  • down
    50%
Baaleos

Is it just me or has the functions menu on the left changed?

No longer expands - instead takes you to a subpage?

Temporary or permanent change?

  • up
    50%
  • down
    50%
Drewskie

It's changed since the attack.  There used to be a lyceum section, with introductory material, which I no longer see.  Not sure why the lexicon needs to be a dynamic, living document at this point as there have been no major changes that I know of for years... other than spamming/hacking retards of course.  It needs to be locked down.

  • up
    50%
  • down
    50%
MrZork

Well, having it editable has allowed for some changes to be made. I know I have made some myself. People are still discovering quirks in the scripting, or at least still reporting them for the first time. ;-)

However, I think there should be a reasonable middle ground between a static lexicon that can't be improved or corrected over time and a totally open to any jackass being paid $0.001 per link to some viagra site. IMO, one option is to make people register (that is, no guest edits) and have manual confirmations of the registrations. With reCAPTCHA and maybe a requirement that a prospective registrant answer one relevant question (E.g. "Describe specifically a page you want to edit and why."), the admins should be able to quickly parse the spammers.

  • up
    100%
  • down
    0%
Proleric
Proleric's picture

Significant improvements have been made to the Lexicon in recent years, so we need to keep it open.

Anyone who wants a locked down version can download an out-of-date copy here.

We know from past experience that spam can be eliminated by blocking anonymous edits.

The real problem here is Vault admin capacity to change that setting, and repair the damage (including the Lyceum link).

That could be fixed in short order if the Vault were willing to give admin rights to a volunteer.

  • up
    100%
  • down
    0%
thirdmouse

I tilted at windmills of spam for a few days a few months back and then threw in the towel, so having someone at the helm that can notice that sort of thing and take broader action than many individual reversions would be nice :) 

  • up
    50%
  • down
    50%
Tarot Redhand

I don't know how relevant it is for fixing the current lexicon but there is a snapshot of it from 6th November 2015 (last update 26th July same year) on the wayback machine here.

  • up
    50%
  • down
    50%
henesua

I revereted the front page back from the spamtastic crap. BUt yeah, the lexicon is hurting.

  • up
    50%
  • down
    50%
Cleitanious

OnFailToOpen page is totally gone.

  • up
    50%
  • down
    50%
Proleric
Proleric's picture

I restored that page.

Much damage has been done to the Lexicon contents and links. However, you can still find pages by Googling e.g.

nwnlexicon onfailtoopen

As it stands, there is a risk that this will open pages containing spam, but you can still see the original contents by using the Compare feature on the History tab.

@VAULT ADMIN - can you explain why access has not been restricted to registered users, as requested some time ago? Why the silence, and hesitation to give admin rights to a volunteer, if that's what it takes? I'm reluctant to do any more cleaning while the site remains vulnerable to spam.

  • up
    50%
  • down
    50%
Cleitanious

Celowin - Part VI Loops is now gone.

The Lexicon website is useless in it's current condition. It needs to be locked down.

  • up
    50%
  • down
    50%
Fester Pot

Lexicon is locked down. No new accounts or annon edits are allowed during the clean up. (thanks Niv!)

FP!

  • up
    100%
  • down
    0%
meaglyn

Was there no backup?

  • up
    50%
  • down
    50%
Fester Pot

There are three backups supplied. I do not know how clean they are.

DONE
 

  • A to Z fake entries (AnthonyYule839 to ZulikaJones83 as examples) removed.
  • Individual links checked and spam edited entries rolled back.
  • Banned IP ranges of known bots making majority of edits (#.#.0.0/16)
  • Turned off permission to Create New Accounts and make annon Edits.
    $wgGroupPermissions['*']['edit'] = false; 
    $wgGroupPermissions['*']['createaccount'] = false;
     

TO DO:

Check individual links for spam under:

  • Resource: *
  • Function.*.*

Except for those two ranges of entries, the rest of the site has been cleaned up on a link per link basis.

I'll finish checking the Resource and Function links on a later day.

FP!

  • up
    100%
  • down
    0%
meaglyn

Wow, thanks for doing all that! That seems like a huge amount of work.

  • up
    100%
  • down
    0%
shadguy

Thank you Fester Pot!

 

-Dave

  • up
    100%
  • down
    0%
Baaleos

I have a question around ownership of the NWNLexicon content.
Is there any rules around distribution of its content or hosting of it?

I know some of the content on the vault is setup with licensing clauses that prohibit further hosting/distribution beyond hosting on the vault etc.

Edit:

Found it--

License

Copyright © 2002-2004 NWN Lexicon Group. Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.1 or any later version published by the Free Software Foundation. A copy of the license is included in the section entitled "License".

Neverwinter Nights © 2004 Infogrames Entertainment, S.A. Some code examples © 2001-2004 BioWare Corp. BioWare, BioWare Aurora Engine, Shadows of Undrentide, and Hordes of the Underdark are trademarks of BioWare Corp. Neverwinter Nights, Forgotten Realms, Dungeons & Dragons, and D&D are trademarks owned by Wizards of the Coast, Inc., a subsidiary of Hasbro, Inc. All other trademarks are the property of their respective owners.

  • up
    100%
  • down
    0%