Development wiki being spammed
Neil Williams
linux at codehelp.co.uk
Sun Apr 24 06:25:42 EDT 2005
On Sunday 24 April 2005 10:48 am, Christian Stimming wrote:
> Am Sonntag, 24. April 2005 11:29 schrieb Neil Williams:
> > http://gnomesupport.org/wiki/index.php/GnuCashDevelopment
> >
> > has got some dubious adverts in the More section. Anyone free to keep an
> > eye on spammers?
>
> @$%! Yes, I check this daily on each workday, but not on weekends. Have a
> look at the "Recent changes" page.
:-) Sorry, Christian! I know how you feel!
These ads are posted from automated scripts on compromised Windows boxes -
there are bots that can spam 1,000 wiki pages per hit. I got hit by one that
added 1Mb to the Wiki in one spam!
> http://gnomesupport.org/wiki/index.php/RecentChanges This is the reason why
> the GnuCash page itself is locked.
OK. I've solved a similar issue with a LUG Wiki.
I simply put the Wiki behind a .htaccess directory and required every user to
be logged in. I also record the ID of the user in the changelog of the wiki
page. I have two versions of the wiki - a read only public version and a
members-only editable version. That's ErfurtWiki and it does support such
necessary and realistic restrictions on the wiki model.
Whilst it remains possible for someone to create a new account and spam the
wiki, it has not happened because there are easier targets. Plus the ID log
means that I can throw them off and they would have to create another
account. I can easily ban certain email addresses from receiving a new
account password and by the time you force them to come back with a genuine
email account (due to the password being sent to that account) every time
they are thrown off, it's simply not worthwhile.
> Since this wiki is used pretty much only for gnucash, having to check for
> spammers daily is quite some overhead. In this status this wiki comes close
> to being unhelpful for our purposes.
The wiki ideal is just that - an ideal. It is far too open to abuse and the
ones who abuse it most are the ones who care the least. To me, wiki's must
always be behind some form of identifiable login. It's against the spirit of
a wiki but it's the only way to keep it maintainable.
--
Neil Williams
=============
http://www.dcglug.org.uk/
http://www.nosoftwarepatents.com/
http://www.linux.codehelp.co.uk/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.gnucash.org/pipermail/gnucash-devel/attachments/20050424/e06b6319/attachment.bin
More information about the gnucash-devel
mailing list