[Xastir] Wiki spam --- again

Tom Russo russo at bogodyn.org
Fri Jan 15 14:44:44 EST 2010 

In November the access control to the Wiki was changed to require only a 
CAPTCHA for registration.  All users who pass the CAPTCHA are allowed to 
edit pages.  No verification of email address is apparently necessary, and
there is no longer a restriction of editing only for those in the wikieditor
group.

This has apparently been noticed already, and the wiki is starting to get 
spammed gently.  So far it is not the rampant "tons of gibberish and 
lists of links" type of spam we were getting before the old wikieditor
mechanism was put in place -- right now it's coherent text linking to 
outside commercial sites.  It isn't frequent, yet.  And it doesn't seem to
be bot-driven yet, either, since it gets past the CAPTCHA.  Unless the 
CAPTCHA is particularly bad.

I suggest that all xastir users and developers who care for the integrity
of the Xastir wiki be diligent in checking the "recent changes" list every
few days and watching for spam.  Fortunately, there is now a very easy way
to roll back changes --- just click the "rollback" link next to the change
in the recent changes list.

Since I'm one of the wiki Sysops, I've been blocking any user (and their
IP address) who spams in addition to rolling back their changes.  Most users 
can't do that.  So if you do roll back spam, please drop me a note and I'll
go block the user, too.

Chuck:  I think it's time to rethink wiki access policies again.  Perhaps
the whole "wikieditor" technique was unmaintainable, but this new open policy
is going to lead to the wiki being useless eventually, unless users and sysops
spend a lot of time policing it manually.  Perhaps requiring a verified email,
at a minimum, before being allowed to edit?  The registration page says that 
is currently required, but as far as I can tell, it isn't working.

-- 
Tom Russo    KM5VY   SAR502   DM64ux          http://www.swcp.com/~russo/
Tijeras, NM  QRPL#1592 K2#398  SOC#236        http://kevan.org/brain.cgi?DDTNM
  In some cultures what I do would be considered normal. 
                                  -- Ineffective daily affirmation

More information about the Xastir mailing list