Wiki spam

[Gavin Sinclair]

Folks,

As many people will know, the RubyGarden wiki
(http://www.rubygarden.org/ruby) has been under constant spam attacks for
a while now. Does anyone have any idea how to prevent these attacks?

Cheers,
Gavin

 

[Robert Klemme]

Folks,

As many people will know, the RubyGarden wiki
(http://www.rubygarden.org/ruby) has been under constant spam attacks for
a while now. Does anyone have any idea how to prevent these attacks?

Better login / authentication? OTOH, the problem is, that Wiki's are
meant to be extended and filled by anybody - so there's a certain conflict
between openness and security...

Kind regards

robert

 

[gabriele renzi]

il Mon, 5 Jul 2004 18:31:12 +0900, "Gavin Sinclair"

Folks,

As many people will know, the RubyGarden wiki
(http://www.rubygarden.org/ruby) has been under constant spam attacks for
a while now. Does anyone have any idea how to prevent these attacks?

add a uman detection system on the edit page. Mothing fancy, just
soemthing like "what color Napoleon's white horse was?" and a text
box. Real users answer the question, spambot don't.

 

[Patrick May]

Hello,

As many people will know, the RubyGarden wiki
(http://www.rubygarden.org/ruby) has been under constant spam attacks
for
a while now. Does anyone have any idea how to prevent these attacks?

Do the spam attacks seem come from the same set of individuals, or are
spammers in general looking for wikis with high Page Ranks?

I have sneaky ideas on how to deal with the former. Once you've
identified a vandal, instead of denying access you automate a process
of quietly discarding their edits in a way that is hard to notice and
that wastes their time.

The latter is bothersome -- you might need to setup the same sort of
"enter the number in the image" process as network solutions, ebay, etc.

Cheers,

Patrick

 

[Aredridel]

Folks,

As many people will know, the RubyGarden wiki
(http://www.rubygarden.org/ruby) has been under constant spam attacks for
a while now. Does anyone have any idea how to prevent these attacks?

Yes. Alter the engine so that external URLs go to a non-indexed-by-
search-engines "leaving the site" page. It effectively kills any
pagerank that adding a link would add to the linkee. That's both good
and bad, but it's a short-term solution.

It may be that a simple HTTP redirect script would work, too, but I'm
not sure.

Ari

 

[Jamis Buck]

Patrick May wrote:
[snip]

The latter is bothersome -- you might need to setup the same sort of
"enter the number in the image" process as network solutions, ebay, etc.

FWIW, I've got a CAPTCHA library on rubyforge that does just this. As
long as you've got the freetype and gd libraries installed, it should
just drop right in.

http://rubyforge.org/projects/captcha

--
Jamis Buck
(e-mail address removed)
http://www.jamisbuck.org/jamis

ruby -ropenssl
-e'k="01234567";p((c,c.padding,c.iv,c.key=OpenSSL::Cipher::BF.new,0,k,k*2)[0].decrypt.update("1A81803C452C324619D319F980D5B84DBB45FC0FE2BAA045".scan(/../).map{|n|n.to_i(16).chr}.join))'

 

[David G. Andersen]

Yes. Alter the engine so that external URLs go to a non-indexed-by-
search-engines "leaving the site" page. It effectively kills any
pagerank that adding a link would add to the linkee. That's both good
and bad, but it's a short-term solution.

It may be that a simple HTTP redirect script would work, too, but I'm
not sure.

This removes the long term incentive, but the spammers can't
be counted on to realize that their spam isn't effective... just
as they don't care about filling my mailbox, even though I'll never
click.

The capcha solution seems like the most preferable way to go
about it. Just make sure it has an alternative non-visual captcha
for the visually impaired.

-Dave

 

[Aredridel]

This removes the long term incentive, but the spammers can't
be counted on to realize that their spam isn't effective... just
as they don't care about filling my mailbox, even though I'll never
click.

I'm not sure. It seems to have effectively cut down on link-spam in a
blog I visted this morning. It's hard to tell, though, with the editing.

They do post that they've done so, though.

The capcha solution seems like the most preferable way to go
about it. Just make sure it has an alternative non-visual captcha
for the visually impaired.

I'd only go Capcha if the other failed, though.

Ari