Development wiki being spammed

Neil Williams linux at codehelp.co.uk
Sun Apr 24 06:25:42 EDT 2005 

On Sunday 24 April 2005 10:48 am, Christian Stimming wrote:
> Am Sonntag, 24. April 2005 11:29 schrieb Neil Williams:
> > http://gnomesupport.org/wiki/index.php/GnuCashDevelopment
> >
> > has got some dubious adverts in the More section. Anyone free to keep an
> > eye on spammers?
>
> @$%! Yes, I check this daily on each workday, but not on weekends. Have a
> look at the "Recent changes" page.

:-) Sorry, Christian! I know how you feel!

These ads are posted from automated scripts on compromised Windows boxes - 
there are bots that can spam 1,000 wiki pages per hit. I got hit by one that 
added 1Mb to the Wiki in one spam!

> http://gnomesupport.org/wiki/index.php/RecentChanges This is the reason why
> the GnuCash page itself is locked.

OK. I've solved a similar issue with a LUG Wiki.

I simply put the Wiki behind a .htaccess directory and required every user to 
be logged in. I also record the ID of the user in the changelog of the wiki 
page. I have two versions of the wiki - a read only public version and a 
members-only editable version. That's ErfurtWiki and it does support such 
necessary and realistic restrictions on the wiki model.

Whilst it remains possible for someone to create a new account and spam the 
wiki, it has not happened because there are easier targets. Plus the ID log 
means that I can throw them off and they would have to create another 
account. I can easily ban certain email addresses from receiving a new 
account password and by the time you force them to come back with a genuine 
email account (due to the password being sent to that account) every time 
they are thrown off, it's simply not worthwhile.

> Since this wiki is used pretty much only for gnucash, having to check for
> spammers daily is quite some overhead. In this status this wiki comes close
> to being unhelpful for our purposes.

The wiki ideal is just that - an ideal. It is far too open to abuse and the 
ones who abuse it most are the ones who care the least. To me, wiki's must 
always be behind some form of identifiable login. It's against the spirit of 
a wiki but it's the only way to keep it maintainable.


-- 

Neil Williams
=============
http://www.dcglug.org.uk/
http://www.nosoftwarepatents.com/
http://www.linux.codehelp.co.uk/

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.gnucash.org/pipermail/gnucash-devel/attachments/20050424/e06b6319/attachment.bin

More information about the gnucash-devel mailing list