Amount of wiki spam
Justin C. Sherrill
justin at shiningsilence.com
Mon Apr 26 11:47:05 PDT 2010
On Mon, April 26, 2010 11:36 am, Matthias Schmidt wrote:
> Hi,
>
> as you might noticed the amount of spam in our wiki increases (at least
> in my opinion).
I'm only noticing one "spamming" event maybe every couple of weeks. Am I
missing more items? I watch page changes through RSS. The old wiki was
getting spammed multiple times an hour, so this is light, relatively
speaking.
I think we've really benefited from the wiki free-to-edit-and-revert
style; the number of people making changes has gone up significantly.
"zero", the number we had before, is easy to improve on - but even since
it became truly wiki-like and open to editing the amount of contributions
has improved.
> - Registering a new account is no longer possible without administrator
> approval. Is this supported by ikiwiki or would this lead to an
> enormous amount of approval posts? Maybe Justin can comment on this
> ...
We can set it so that people need a password to create a new account; it
could be a commonly known password or even something on the web page, like
a lazy captcha.
http://ikiwiki.info/plugins/passwordauth/ (account_creation_password option)
I don't know how much difference this will make. There's also a spam filter:
http://ikiwiki.info/plugins/blogspam/
This will reject changes that look spamm; I have not tried it but it won't
hurt.
Also, since it's stored in git, we can revert easily. If I (or someone)
got around to setting the permissions right on the actual git repo,
/usr/local/www/ikiwiki-srcdir/, you could even pull and revert without
having to re-enter anything.
> - Add some captchas to the wiki. I really hate (!) captchas, but if
> this helps I'm fine with it.
I haven't seen a single automated spam hit our site. They've all been
attempts from individuals, as far as I can tell; the wiki equivalent of
gold farmers. A captcha won't help with that.
> - Maybe more ...
>
> IMO the current protection of our main website is too fragile. Some
> weeks ago a malicious guy even managed it to remove our main site. And
> while I'm here: it would be nice if we could enforce "commit messages"
> for the wiki. Most people change things without explaining what
> they're doing and you have to look into the git
> changelog to figure it out.
I'd like to see enforced messages too. I don't see an easy way to do that.
More information about the Users
mailing list