[MLB-WIRELESS] wiki and spam
mw at freenet.net.au
mw at freenet.net.au
Wed Mar 17 00:05:38 EST 2010
Sounds like a real solution - so who is going to have a crack at it?
My hand is still up.
Cheers.
> -----Original Message-----
> From: Tom Fifield [mailto:gummay at gmail.com] On Behalf Of Tom Fifield
> Sent: Tuesday, 16 March 2010 11:48 PM
> To: Steven Haigh
> Cc: <mw at freenet.net.au>; committee at melbournewireless.org.au; 'Melbourne
> Wireless'; 'Tyson Clugg'; coders at melbournewireless.org.au
> Subject: Re: [MLB-WIRELESS] wiki and spam
>
> Hi,
>
> Random pastings from my postings on the coders list ...
>
> Based on what we've seen so far, my guess is that spammers:
>
> * are not members
> * don't give us any optional information (address, phone)
> * don't use anything advanced (adv & subscribed)
> * don't have any nodes
>
> SELECT * FROM `users` WHERE memberNo=0 AND address = '' AND phone = ''
> AND adv IS NULL and subscribed IS NULL AND users.username NOT IN (SELECT
> owner from nodes) ORDER BY `users`.`last_seen` DESC
>
>
> So if we want a permanent solution to the spam problem, we need to
> somehow restrict wiki access to accounts fitting the criteria.
>
> Right now only 835 of the 4000 account fit these criteria - we can
> reduce this further by looking at email domain names.
>
> One idea would be to introduce a captcha for these accounts. However, in
> the past I've actually got into email discussions with the spammers ...
> and they seem to be real people (in 3rd-world countries) rather than
> scripts. One even (in chinese) said he understood and would stop!
>
> So I'm not convinced a captcha would give results, but it can't hurt too
> much to try.
>
> However, this doesn't stop people creating accounts in the first place.
>
> ....
>
> Interestingly, only 100 of our 600+ hotmail users(the most popular
> domain) have a node and 77 of those haven't been seen for over a year:
> select users.username, users.name, users.last_seen from users INNER JOIN
> nodes ON nodes.owner=users.username WHERE SUBSTRING_INDEX(email,'@',-1)
> ="hotmail.com" AND users.last_seen < '2009-1-29'
>
> So given current spam levels, I'd probably add hotmail.com to the
> email-blacklist.conf too.
>
>
>
>
> Still thinking.
>
> Regards,
>
> Tom
>
>
> Steven Haigh wrote:
> > On 16/03/2010, at 11:34 PM, <mw at freenet.net.au> <mw at freenet.net.au>
> wrote:
> >
> >> Since the issue has been raised and complained about several times, I
> guess
> >> it is high time that someone put up a hand to chip in and fix it.
> >>
> >> Before that can be done, there are a couple of obvious questions that
> need
> >> to be asked:
> >>
> >> 1. what is it based on - I assume it is some open source solution
> that's
> >> been somehow integrated to the MW site, so what is the original source?
> >
> > I believe Tyson wrote it from scratch. It's a flat file based wiki that
> was custom written.
> >
> >> 2. where is the admin for it (if any)? Again, the assumption is that
> there
> >> is some kind of admin interface where access security can be set for
> >> individual users, grant and revoke read/write rights etc.
> >
> > I guess Tyson would be the admin? or writer? Everyone in the
melbwireless
> group on the server has access to change it - however I don't think anyone
> is really up to scratch on how it all works.
> >
> >> There are two possible solutions to this problem the way I see it:
> >>
> >> a. shut down write access to the wiki to only users who have been
vetted
> -
> >> e.g financial members or similar
> >
> > This would need more discussion - as you wouldn't want to exclude just
> about everyone - as that takes away the usefulness of a wiki - however I
> think the issue is more a fact that people can automate signups to the web
> site and then spam away.
> >
> >> b. add captcha test on account sign-up
> >
> > Might help - but as far as I know, most have been broken at some
stage...
> It will still be better than it is now however...
> >
> >> the latter probably has limited value if a real human is even involved
> in
> >> creation of user access accounts - dunno if that is the case here
> though...?
> >
> > I think this was fully automated to eliminate the overhead of someone
> actually having to do it.
> >
> >> Anyhow, if someone can give up some access details and background info,
> then
> >> if nobody else fesses up to having any skills in this sort of thing,
> then
> >> let me at it. I have about as much spare time as the next giy (as in
> >> 'bugger all' ;-) so let me at it!
> >>
> >> Cheers, Mike.
> >>
> >>
> >
More information about the Melbwireless
mailing list