Amount of wiki spam

Justin C. Sherrill justin at shiningsilence.com
Mon Apr 26 11:47:05 PDT 2010


On Mon, April 26, 2010 11:36 am, Matthias Schmidt wrote:
> Hi,
>
> as you might noticed the amount of spam in our wiki increases (at least
> in my opinion).

I'm only noticing one "spamming" event maybe every couple of weeks.  Am I
missing more items?  I watch page changes through RSS.   The old wiki was
getting spammed multiple times an hour, so this is light, relatively
speaking.

I think we've really benefited from the wiki free-to-edit-and-revert
style; the number of people making changes has gone up significantly. 
"zero", the number we had before, is easy to improve on - but even since
it became truly wiki-like and open to editing the amount of contributions
has improved.

> - Registering a new account is no longer possible without administrator
>   approval.  Is this supported by ikiwiki or would this lead to an
>   enormous amount of approval posts?  Maybe Justin can comment on this
>   ...

We can set it so that people need a password to create a new account; it
could be a commonly known password or even something on the web page, like
a lazy captcha.

http://ikiwiki.info/plugins/passwordauth/ (account_creation_password option)

I don't know how much difference this will make.  There's also a spam filter:

http://ikiwiki.info/plugins/blogspam/

This will reject changes that look spamm; I have not tried it but it won't
hurt.

Also, since it's stored in git, we can revert easily.  If I (or someone)
got around to setting the permissions right on the actual git repo,
/usr/local/www/ikiwiki-srcdir/, you could even pull and revert without
having to re-enter anything.


> - Add some captchas to the wiki.  I really hate (!) captchas, but if
>   this helps I'm fine with it.

I haven't seen a single automated spam hit our site.  They've all been
attempts from individuals, as far as I can tell; the wiki equivalent of
gold farmers.  A captcha won't help with that.

> - Maybe more ...
>
> IMO the current protection of our main website is too fragile.  Some
> weeks ago a malicious guy even managed it to remove our main site.  And
> while I'm here: it would be nice if we could enforce "commit messages"
> for the wiki.  Most people change things without explaining what
> they're doing and you have to look into the git
> changelog to figure it out.

I'd like to see enforced messages too.  I don't see an easy way to do that.








More information about the Users mailing list