Quoting bulia byak <buliabyak@...400...>:
It looks like 82.194.62.17 and 193.188.105.16 automatically spam our wiki, they spammed pages minutes after my reversals. I reverted them several times, but then quit, so they're likely spammed again now.
Maybe it's time to change the password, make it random for each page, and less easy to extract from the text. And in any case, please ban those IPs.
I would be very curious to see what happened if we simply changed the password but left the IPs unbanned. Depending on how quickly (or if) the board is respammed that will give us some idea how the attack is being performed -- i.e.:
Is it parsing the page for the password?
Has the spamming software been manually adjusted for the site?
Are we being specifically targetted?
It might be nice to add a feature for "blackholing" IPs as well -- i.e. accept the submission, but log the attempt and don't update the actual wiki page.
I think collecting hints towards this information would be very helpful.
The point is that blindly making changes may not be the best use of resources; it's better to gather some intelligence about the specifics of the attack (rather than guessing) and focus our efforts accordingly.
-mental