discuss: Thread: wiki spam

wiki have again been spammed, and history is not able to give my own 
editing from yesterday!!!

if this is not changed very soon, anybody will give up using it!!

at least make the editing restricted to registered people (anybody can 
register) or use a public password

I *can* setup a PmWiki for LDP on my own server, but this seems 
ridiculous and anyway could certainly not survive any success

jdd
-- 
http://www.dodin.net

On Fri, May 30, 2008 at 7:57 AM, jdd ####@####.#### wrote:
> wiki have again been spammed, and history is not able to give my own editing
> from yesterday!!!
>
> if this is not changed very soon, anybody will give up using it!!
>
> at least make the editing restricted to registered people (anybody can
> register) or use a public password
>
> I *can* setup a PmWiki for LDP on my own server, but this seems ridiculous
> and anyway could certainly not survive any success

I have no response from ibiblio and other people from LDP,
so I can do nothing.

IMHO you should be more patient.

-- 
http://pawlowicz.name/

Sergiusz Pawlowicz wrote:
> On Fri, May 30, 2008 at 7:57 AM, ####@####.####  wrote:
>> wiki have again been spammed, and history is not able to give my own editing
>> from yesterday!!!
>>
>> if this is not changed very soon, anybody will give up using it!!
>>
>> at least make the editing restricted to registered people (anybody can
>> register) or use a public password
>>
>> I *can* setup a PmWiki for LDP on my own server, but this seems ridiculous
>> and anyway could certainly not survive any success
>
> I have no response from ibiblio and other people from LDP,
> so I can do nothing.
>
> IMHO you should be more patient.
>
I don't blame you :-)

But I wont wait months...

right now I could restore the front page

jdd

-- 
http://www.dodin.net

Quoting jdd ####@####.####

> wiki have again been spammed, and history is not able to give my own 
> editing from yesterday!!!
> 
> if this is not changed very soon, anybody will give up using it!!
> 
> at least make the editing restricted to registered people (anybody can 
> register) or use a public password

For now, it appears that the energetic Robert E. Spencer of South Africa
has deleted the (latest) spam.  However, _indeed_, Robert's willingness
to outwork the world's spambots, while meritorious, is no basis for an
online system. 

So, I agree.  Wikis / guestbooks limited to registered users have
ongoing spam problems, too[1], but attempting to run one with anonymous
access enabled in 2008 is sheer madness.

[1] http://www.blogherald.com/2007/03/05/what-will-stop-comment-spam/

Rick Moen wrote:

> So, I agree.  Wikis / guestbooks limited to registered users have
> ongoing spam problems, too[1], but attempting to run one with anonymous
> access enabled in 2008 is sheer madness.

right now, always the same IP spams the LDP, and only the home page.

So banning this IP and making the home page write accessable by the 
admin could fix the problem for now, but only the admin can do so, 
according to moinmoin documentation

http://moinmoin.wikiwikiweb.de/HelpOnAccessControlLists

insert this in the home page:
#acl SomeUser:read,write All:read

Notice: most discussion about spam in the wiki world (enough to search 
for "spam" in the moinmoin doc) is mostly pointless, because paranoid.

LDP wiki *may* be very much exposed, but if this happen it will be a 
good sign :-). Is most cases simple system like a publicly spread 
password have very good results (I use it an I'm never spammed). 
Robots *can* be very smart, but most spammers don't even worry doing so.

jdd


-- 
http://www.dodin.net

Quoting jdd ####@####.####

> So banning this IP and making the home page write accessable by the 
> admin could fix the problem for now...

I'll give you one guess about how useful and worthwhile I predict that
fix will prove, based on experience elsewhere.  (You're welcome to more
guesses, but really need only one.  ;->  )


> Notice: most discussion about spam in the wiki world (enough to search 
> for "spam" in the moinmoin doc) is mostly pointless, because paranoid.

For the more-obscure wikis / blogs: good point.  But I imagine that a
thriving LDP wiki (much more than the current contents!) would, by
contrast, become more of a target.

> LDP wiki *may* be very much exposed, but if this happen it will be a 
> good sign :-). Is most cases simple system like a publicly spread 
> password have very good results (I use it an I'm never spammed). 
> Robots *can* be very smart, but most spammers don't even worry doing so.

The problem has never been keeping spam load low; the problem is keeping
spam load low while not impairing legitimate use overmuch.  (The very
idea of wikis being wide participation, you have an inherent conflict of
goals.)  Several types of solution suffice to keep generic spambots out, 
e.g., a site-specific question ("What's Einstein's surname?"), a widely
known but site-specific password, and so on.  That leaves customised and
fully human-driven defacements, which seem, by and large, to go after
only prominent sites.  Which gets back to my point (above) about
obscurity and targets.

Quoting jdd ####@####.####

> So banning this IP and making the home page write accessable by the 
> admin could fix the problem for now...

FYI, the most recent defacements appear to be coming _not_ from just one
single IP, but from two different PPP dial-in _netblocks_ owned by
Comstar in Moscow.  Thus, blocking one IP address would seem neither
appropriate nor sufficient.

Can we use something like the email verification like the one in the mail
lists? So, the user receives an email to confirm the registration. This
probably will reduce huge amount of spam. Another solutions is if we could
use some kind of BAN for some users or IPs. But mix of them both would be
better.
Are there any wiki anti-spam extensions?

Svetoslav P.chukov

On Sat, May 31, 2008 at 1:44 AM, Rick Moen ####@####.#### wrote:

> Quoting jdd ####@####.####
>
> > wiki have again been spammed, and history is not able to give my own
> > editing from yesterday!!!
> >
> > if this is not changed very soon, anybody will give up using it!!
> >
> > at least make the editing restricted to registered people (anybody can
> > register) or use a public password
>
> For now, it appears that the energetic Robert E. Spencer of South Africa
> has deleted the (latest) spam.  However, _indeed_, Robert's willingness
> to outwork the world's spambots, while meritorious, is no basis for an
> online system.
>
> So, I agree.  Wikis / guestbooks limited to registered users have
> ongoing spam problems, too[1], but attempting to run one with anonymous
> access enabled in 2008 is sheer madness.
>
> [1] http://www.blogherald.com/2007/03/05/what-will-stop-comment-spam/
>
> ______________________
> http://lists.tldp.org/
>
>

Le 2008-06-01 13:14:25 +0300, Svetoslav P. Chukov écrivait :
> Can we use something like the email verification like the one in the mail
> lists? So, the user receives an email to confirm the registration. This
> probably will reduce huge amount of spam. Another solutions is if we could
> use some kind of BAN for some users or IPs. But mix of them both would be
> better.
> Are there any wiki anti-spam extensions?

Recent versions of MoinMoin (1.6.x) come with TextCha, a simple text 
captcha, that has, up to now, proven very apt at detering spam.

It's also possible to limit write access to known people (people who 
have created an account on the wiki).

HTH.

-- 
Jean-Philippe Guérard
http://tigreraye.org

Jean-Philippe Guérard wrote:

> Recent versions of MoinMoin (1.6.x) come with TextCha, a simple text
> captcha, that has, up to now, proven very apt at detering spam.

I hate captcha :-(

>
> It's also possible to limit write access to known people (people who
> have created an account on the wiki).

any simple anti spam mesure should be nice for now

if we have tremendous success (:-)), we will have the manpower to do 
better

jdd

-- 
http://www.dodin.net