[MLB-WIRELESS] wiki and spam

Victor dawormie at gmail.com
Wed Mar 17 00:43:41 EST 2010


Hi Mike,

Unfortunately my expertise sits within taking what someone else made and
tweaking settings for my purpose.
IE: Forums (phpBB / punBB / SMF) / Wiki (MediaWiki) / Wordpress and for a
very brief horrible experience, Joomla.

Regards,
Victor

On Wed, Mar 17, 2010 at 12:32 AM, <mw at freenet.net.au> wrote:

>  Hi Victor,
>
>
>
> Sounds like you have some useful expertise here.  Perhaps you should be a
> part of the coders group?  Interested in contributing?
>
> Cheers!  Mike.
>
>
>
> *From:* Victor [mailto:dawormie at gmail.com]
> *Sent:* Wednesday, 17 March 2010 12:10 AM
> *To:* Tom Fifield
> *Cc:* mike at viewbankrise.net.au; Melbourne Wireless
>
> *Subject:* Re: [MLB-WIRELESS] wiki and spam
>
>
>
> Just noticed I only replied to tom before.
>
> My response to the Captcha comments.
> ----------------
> Look at reCaptcha? It's free to use and in my view in all the sites I've
> used it on... it's done wonders.
>
> A simple Human Check would be enough to stop any bot signups at a basic
> level.
>
>
> 3 questions - 2 of them hold no sway on the end result but need SOMETHING
> in them - the third can ask you what the 4th word of the first question was.
>
> That did wonders for ages on a busy forum I ran for a guild for age of
> conan for ages, every now and then just change the 'real' answer to ask for
> something else.    Perhaps the page title has an extra word in it and users
> need to input what that word is.
> But still, reCaptcha I find is the best one out there so far.
> ----------------
>
> On Wed, Mar 17, 2010 at 12:07 AM, Tom Fifield <
> tfifield at melbournewireless.org.au> wrote:
>
> Thanks for the support!
>
> If it has approval from the people, then I can probably find time to do
> it this week.
>
> Regards,
>
> Tom
>
>
> Mike Everest wrote:
> > Sounds like a real solution - so who is going to have a crack at it?
> >
> > My hand is still up.
> >
> > Cheers.
> >
> >> -----Original Message-----
> >> From: Tom Fifield [mailto:gummay at gmail.com] On Behalf Of Tom Fifield
> >> Sent: Tuesday, 16 March 2010 11:48 PM
> >> To: Steven Haigh
> >> Cc: <mw at freenet.net.au>; committee at melbournewireless.org.au; 'Melbourne
> >> Wireless'; 'Tyson Clugg'; coders at melbournewireless.org.au
> >> Subject: Re: [MLB-WIRELESS] wiki and spam
> >>
>
> >> Hi,
> >>
> >> Random pastings from my postings on the coders list ...
> >>
> >> Based on what we've seen so far, my guess is that spammers:
> >>
> >> * are not members
> >> * don't give us any optional information (address, phone)
> >> * don't use anything advanced (adv & subscribed)
> >> * don't have any nodes
> >>
> >> SELECT * FROM `users` WHERE memberNo=0 AND address = '' AND phone = ''
> >> AND adv IS NULL and subscribed IS NULL AND users.username NOT IN (SELECT
> >> owner from nodes) ORDER BY `users`.`last_seen`  DESC
> >>
> >>
> >> So if we want a permanent solution to the spam problem, we need to
> >> somehow restrict wiki access to accounts fitting the criteria.
> >>
> >> Right now only 835 of the 4000 account fit these criteria - we can
> >> reduce this further by looking at email domain names.
> >>
> >> One idea would be to introduce a captcha for these accounts. However, in
> >> the past I've actually got into email discussions with the spammers ...
> >> and they seem to be real people (in 3rd-world countries) rather than
> >> scripts. One even (in chinese) said he understood and would stop!
> >>
> >> So I'm not convinced a captcha would give results, but it can't hurt too
> >> much to try.
> >>
> >> However, this doesn't stop people creating accounts in the first place.
> >>
> >> ....
> >>
> >> Interestingly, only 100 of our 600+ hotmail users(the most popular
> >> domain) have a node and 77 of those haven't been seen for over a year:
> >> select users.username, users.name, users.last_seen from users INNER
> JOIN
> >> nodes ON nodes.owner=users.username WHERE SUBSTRING_INDEX(email,'@',-1)
> >> ="hotmail.com" AND users.last_seen < '2009-1-29'
> >>
> >> So given current spam levels, I'd probably add hotmail.com to the
> >> email-blacklist.conf too.
> >>
> >>
> >>
> >>
> >> Still thinking.
> >>
> >> Regards,
> >>
> >> Tom
> >>
> >>
> >> Steven Haigh wrote:
> >>> On 16/03/2010, at 11:34 PM, <mw at freenet.net.au> <mw at freenet.net.au>
> >> wrote:
> >>>> Since the issue has been raised and complained about several times, I
> >> guess
> >>>> it is high time that someone put up a hand to chip in and fix it.
> >>>>
> >>>> Before that can be done, there are a couple of obvious questions that
> >> need
> >>>> to be asked:
> >>>>
> >>>> 1.  what is it based on - I assume it is some open source solution
> >> that's
> >>>> been somehow integrated to the MW site, so what is the original
> source?
> >>> I believe Tyson wrote it from scratch. It's a flat file based wiki that
> >> was custom written.
> >>>> 2.  where is the admin for it (if any)?  Again, the assumption is that
> >> there
> >>>> is some kind of admin interface where access security can be set for
> >>>> individual users, grant and revoke read/write rights etc.
> >>> I guess Tyson would be the admin? or writer? Everyone in the
> > melbwireless
> >> group on the server has access to change it - however I don't think
> anyone
> >> is really up to scratch on how it all works.
> >>>> There are two possible solutions to this problem the way I see it:
> >>>>
> >>>> a. shut down write access to the wiki to only users who have been
> > vetted
> >> -
> >>>> e.g financial members or similar
> >>> This would need more discussion - as you wouldn't want to exclude just
> >> about everyone - as that takes away the usefulness of a wiki - however I
> >> think the issue is more a fact that people can automate signups to the
> web
> >> site and then spam away.
> >>>> b. add captcha test on account sign-up
> >>> Might help - but as far as I know, most have been broken at some
> > stage...
> >> It will still be better than it is now however...
> >>>> the latter probably has limited value if a real human is even involved
> >> in
> >>>> creation of user access accounts - dunno if that is the case here
> >> though...?
> >>> I think this was fully automated to eliminate the overhead of someone
> >> actually having to do it.
> >>>> Anyhow, if someone can give up some access details and background
> info,
> >> then
> >>>> if nobody else fesses up to having any skills in this sort of thing,
> >> then
> >>>> let me at it.  I have about as much spare time as the next giy (as in
> >>>> 'bugger all' ;-) so let me at it!
> >>>>
> >>>> Cheers,  Mike.
> >>>>
> >>>>
>
> _______________________________________________
> Melbwireless mailing list
> Melbwireless at wireless.org.au
> http://wireless.org.au/mailman/listinfo/melbwireless
>
>
>
>
> --
> Victor ('Daworm')
> * Melbourne Wireless Node: KDJ & KDT
> * Natural Selection 2 Wiki Sysop (http://www.unknownworlds.com/ns2/wiki/)
> * AoCWiki Sysop  (http://aoc.wikia.com/)
> * Twitter: @dawormie
>
> _______________________________________________
> Melbwireless mailing list
> Melbwireless at wireless.org.au
> http://wireless.org.au/mailman/listinfo/melbwireless
>
>


-- 
Victor ('Daworm')
* Melbourne Wireless Node: KDJ & KDT
* Natural Selection 2 Wiki Sysop (http://www.unknownworlds.com/ns2/wiki/)
* AoCWiki Sysop  (http://aoc.wikia.com/)
* Twitter: @dawormie
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.wireless.org.au/pipermail/melbwireless/attachments/20100317/97fe6b04/attachment.html>


More information about the Melbwireless mailing list