WikiSpam seems to
be on the rise. Today, a link to a porn site was added.
It didn't last long, but perhaps we should begin planning for the
inevitable.
I'm not a big fan of blacklists, nor do I think this would be
particularly effective in this case. The latest was by
somebody simply surfing in on a Google query for
wiki.
Things I am considering:
Locking down the FrontPage, and possibly the Roadmap.
These seem to be the primary point of entry and are rarely updated
except to leave and revert spam.
Creating a wiki-wide password, which I will freely share on the
atom-syntax mailing list. The goal here is to lock out the
casual opportunists, not the people who desire to contribute.
Require registration and login. May have the side effect
of reducing contributions, but in fact doesn't actually exclude
anyone who desires to contribute.
Suggestions welcome.
LinkDump
Blog Maverick The Mark Cuban Weblog microsöft.com Google PageRank Report WikiSpam RSS and BitTorrent Bruce Sterling Rant-A-Thon, 2004......
[more]
Jay Allen's MT-Blacklist blocks spam by recognising the URLs the spammers are inserting. Since the URLs change relatively slowly, it is effective - I'm blocking at least four out of five blogspams.
I would get an even better hit rate if I regularly shared and updated the URL blacklist. Perhaps the wiki community will be better at sharing than the blogging community.
I've been dealing with this on my personal wiki ([link]) and the Personal Telco wiki ([link]) for ages.
To my surprise I've discovered that simply making the few entry pages (FrontPage, RecentChanges and any other main points of entry) read only almost completely solved it. As a work around I used the include macro so the actual content was on another open page but wasn't obvious to people stopping by.
Even better, simply using MoinMoin's ACL feature to require registration on those pages (which is automatic and easy) for editing privledges worked just as well and had no effect on anyone that wanted to contribute.
Generate an image of a random string, ask the poster to enter the character in a randomly chosen position. Just like how Yahoo (?) does it for signing up for an account.
On the other hand, Hotmail has an audio option for the CAPTCHA, which is sufficiently ungarbled that you can actually hear it. Which surely means that it's bot-decipherable without even using horny decoders.
Sam, are we looking for bot-defenses, or human opportunist defenses? Makes an enormous difference, whether the POST comes thirty seconds after the GET or a fraction of a second.
The most appropriate defense, though, would seem to be encouraging everyone to subscribe to a feed of changes to the most vulnerable pages, with a revert link in the item content. You might get a little excess load as dozens of people all hit the link at once, screaming "die puny spammer!", but it ought to work. (I see that MoinMoin also has an email subscription feature, not turned on, but that's not nearly as much fun.)
Sam, are we looking for bot-defenses, or human opportunist defenses?
Opportunist humans.
It looks like the best bet is to require login for select pages. This is easily accomplished with MoinMoin 1.2. I'm currently running 1.0, so an upgrade is in order.
The line to be added to the top of those pages would look something like this:
To Mark: Why do spammers need free mail accounts? All 'from' addresses are fake anyway. I don't read any spam so I don't know how one is supposed to respond to such: By visiting a web site or sending reply to one of these free mail accounts?
Anyways yeah a human who drives by and wants to paint graffiti on a wiki will answer the captcha.
How about displaying a word in 'leet or SMS-ese and asking the human to type in the correct spelling! ;-) Need not be an image, works with blind people too.
Ah, souvenir, quand tu nous tiens… Saviez-vous que certains vieux disques vinyl contenaient des données informatiques [1]? C’était à l’époque glorieuse de notre tout premier ordinateur (le boulier chinois ne comptant pas): le ”Speccy [2]” Après...
I've installed and configured a test version of the Atom wiki using MoinMoin 1.2.1. The intent is to cut over so that Acess Control can be used to require valid logins on selected pages in an attempt to reduce WikiSpam. At the moment, POSTs are disa...
[more]