[MLB-WIRELESS] wiki and spam

mw at freenet.net.au mw at freenet.net.au
Wed Mar 17 00:31:28 EST 2010 

Fwiw, you have /my/ approval ;-)

But honestly, you will get a less ambiguous authority to proceed if you say
instead:  "unless anyone complains, that is what I am going to do" :-D

Cheers!

Mike.

> -----Original Message-----
> From: Tom Fifield [mailto:gummay at gmail.com] On Behalf Of Tom Fifield
> Sent: Wednesday, 17 March 2010 12:07 AM
> To: mike at viewbankrise.net.au
> Cc: 'Melbourne Wireless'
> Subject: Re: [MLB-WIRELESS] wiki and spam
> 
> Thanks for the support!
> 
> If it has approval from the people, then I can probably find time to do
> it this week.
> 
> Regards,
> 
> Tom
> 
> Mike Everest wrote:
> > Sounds like a real solution - so who is going to have a crack at it?
> >
> > My hand is still up.
> >
> > Cheers.
> >
> >> -----Original Message-----
> >> From: Tom Fifield [mailto:gummay at gmail.com] On Behalf Of Tom Fifield
> >> Sent: Tuesday, 16 March 2010 11:48 PM
> >> To: Steven Haigh
> >> Cc: <mw at freenet.net.au>; committee at melbournewireless.org.au; 'Melbourne
> >> Wireless'; 'Tyson Clugg'; coders at melbournewireless.org.au
> >> Subject: Re: [MLB-WIRELESS] wiki and spam
> >>
> >> Hi,
> >>
> >> Random pastings from my postings on the coders list ...
> >>
> >> Based on what we've seen so far, my guess is that spammers:
> >>
> >> * are not members
> >> * don't give us any optional information (address, phone)
> >> * don't use anything advanced (adv & subscribed)
> >> * don't have any nodes
> >>
> >> SELECT * FROM `users` WHERE memberNo=0 AND address = '' AND phone = ''
> >> AND adv IS NULL and subscribed IS NULL AND users.username NOT IN
(SELECT
> >> owner from nodes) ORDER BY `users`.`last_seen`  DESC
> >>
> >>
> >> So if we want a permanent solution to the spam problem, we need to
> >> somehow restrict wiki access to accounts fitting the criteria.
> >>
> >> Right now only 835 of the 4000 account fit these criteria - we can
> >> reduce this further by looking at email domain names.
> >>
> >> One idea would be to introduce a captcha for these accounts. However,
in
> >> the past I've actually got into email discussions with the spammers ...
> >> and they seem to be real people (in 3rd-world countries) rather than
> >> scripts. One even (in chinese) said he understood and would stop!
> >>
> >> So I'm not convinced a captcha would give results, but it can't hurt
too
> >> much to try.
> >>
> >> However, this doesn't stop people creating accounts in the first place.
> >>
> >> ....
> >>
> >> Interestingly, only 100 of our 600+ hotmail users(the most popular
> >> domain) have a node and 77 of those haven't been seen for over a year:
> >> select users.username, users.name, users.last_seen from users INNER
JOIN
> >> nodes ON nodes.owner=users.username WHERE SUBSTRING_INDEX(email,'@',-1)
> >> ="hotmail.com" AND users.last_seen < '2009-1-29'
> >>
> >> So given current spam levels, I'd probably add hotmail.com to the
> >> email-blacklist.conf too.
> >>
> >>
> >>
> >>
> >> Still thinking.
> >>
> >> Regards,
> >>
> >> Tom
> >>
> >>
> >> Steven Haigh wrote:
> >>> On 16/03/2010, at 11:34 PM, <mw at freenet.net.au> <mw at freenet.net.au>
> >> wrote:
> >>>> Since the issue has been raised and complained about several times, I
> >> guess
> >>>> it is high time that someone put up a hand to chip in and fix it.
> >>>>
> >>>> Before that can be done, there are a couple of obvious questions that
> >> need
> >>>> to be asked:
> >>>>
> >>>> 1.  what is it based on - I assume it is some open source solution
> >> that's
> >>>> been somehow integrated to the MW site, so what is the original
> source?
> >>> I believe Tyson wrote it from scratch. It's a flat file based wiki
that
> >> was custom written.
> >>>> 2.  where is the admin for it (if any)?  Again, the assumption is
that
> >> there
> >>>> is some kind of admin interface where access security can be set for
> >>>> individual users, grant and revoke read/write rights etc.
> >>> I guess Tyson would be the admin? or writer? Everyone in the
> > melbwireless
> >> group on the server has access to change it - however I don't think
> anyone
> >> is really up to scratch on how it all works.
> >>>> There are two possible solutions to this problem the way I see it:
> >>>>
> >>>> a. shut down write access to the wiki to only users who have been
> > vetted
> >> -
> >>>> e.g financial members or similar
> >>> This would need more discussion - as you wouldn't want to exclude just
> >> about everyone - as that takes away the usefulness of a wiki - however
I
> >> think the issue is more a fact that people can automate signups to the
> web
> >> site and then spam away.
> >>>> b. add captcha test on account sign-up
> >>> Might help - but as far as I know, most have been broken at some
> > stage...
> >> It will still be better than it is now however...
> >>>> the latter probably has limited value if a real human is even
involved
> >> in
> >>>> creation of user access accounts - dunno if that is the case here
> >> though...?
> >>> I think this was fully automated to eliminate the overhead of someone
> >> actually having to do it.
> >>>> Anyhow, if someone can give up some access details and background
> info,
> >> then
> >>>> if nobody else fesses up to having any skills in this sort of thing,
> >> then
> >>>> let me at it.  I have about as much spare time as the next giy (as in
> >>>> 'bugger all' ;-) so let me at it!
> >>>>
> >>>> Cheers,  Mike.
> >>>>
> >>>>

More information about the Melbwireless mailing list