Just noticed I only replied to tom before.<br><br>My response to the Captcha comments.<br>----------------<br>Look at reCaptcha? It's free to use and in my view in all the sites I've used it on... it's done wonders.<br>
<br>A simple Human Check
would be enough to stop any bot signups at a basic level.<br><br><br>3 questions
- 2 of them hold no sway on the end result but need SOMETHING in them -
the third can ask you what the 4th word of the first question was.<br>
<br>That did wonders for ages on a busy forum I ran for a guild for age
of conan for ages, every now and then just change the 'real' answer to
ask for something else. Perhaps the page title has an extra word in
it and users need to input what that word is.<br>
But still, reCaptcha I find is the best one out there so far.<br>----------------<br><br><div class="gmail_quote">On Wed, Mar 17, 2010 at 12:07 AM, Tom Fifield <span dir="ltr"><<a href="mailto:tfifield@melbournewireless.org.au">tfifield@melbournewireless.org.au</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">Thanks for the support!<br>
<br>
If it has approval from the people, then I can probably find time to do<br>
it this week.<br>
<br>
Regards,<br>
<font color="#888888"><br>
Tom<br>
</font><div class="im"><br>
Mike Everest wrote:<br>
> Sounds like a real solution - so who is going to have a crack at it?<br>
><br>
> My hand is still up.<br>
><br>
> Cheers.<br>
><br>
>> -----Original Message-----<br>
>> From: Tom Fifield [mailto:<a href="mailto:gummay@gmail.com">gummay@gmail.com</a>] On Behalf Of Tom Fifield<br>
>> Sent: Tuesday, 16 March 2010 11:48 PM<br>
>> To: Steven Haigh<br>
>> Cc: <<a href="mailto:mw@freenet.net.au">mw@freenet.net.au</a>>; <a href="mailto:committee@melbournewireless.org.au">committee@melbournewireless.org.au</a>; 'Melbourne<br>
>> Wireless'; 'Tyson Clugg'; <a href="mailto:coders@melbournewireless.org.au">coders@melbournewireless.org.au</a><br>
>> Subject: Re: [MLB-WIRELESS] wiki and spam<br>
>><br>
</div><div><div></div><div class="h5">>> Hi,<br>
>><br>
>> Random pastings from my postings on the coders list ...<br>
>><br>
>> Based on what we've seen so far, my guess is that spammers:<br>
>><br>
>> * are not members<br>
>> * don't give us any optional information (address, phone)<br>
>> * don't use anything advanced (adv & subscribed)<br>
>> * don't have any nodes<br>
>><br>
>> SELECT * FROM `users` WHERE memberNo=0 AND address = '' AND phone = ''<br>
>> AND adv IS NULL and subscribed IS NULL AND users.username NOT IN (SELECT<br>
>> owner from nodes) ORDER BY `users`.`last_seen` DESC<br>
>><br>
>><br>
>> So if we want a permanent solution to the spam problem, we need to<br>
>> somehow restrict wiki access to accounts fitting the criteria.<br>
>><br>
>> Right now only 835 of the 4000 account fit these criteria - we can<br>
>> reduce this further by looking at email domain names.<br>
>><br>
>> One idea would be to introduce a captcha for these accounts. However, in<br>
>> the past I've actually got into email discussions with the spammers ...<br>
>> and they seem to be real people (in 3rd-world countries) rather than<br>
>> scripts. One even (in chinese) said he understood and would stop!<br>
>><br>
>> So I'm not convinced a captcha would give results, but it can't hurt too<br>
>> much to try.<br>
>><br>
>> However, this doesn't stop people creating accounts in the first place.<br>
>><br>
>> ....<br>
>><br>
>> Interestingly, only 100 of our 600+ hotmail users(the most popular<br>
>> domain) have a node and 77 of those haven't been seen for over a year:<br>
>> select users.username, <a href="http://users.name" target="_blank">users.name</a>, users.last_seen from users INNER JOIN<br>
>> nodes ON nodes.owner=users.username WHERE SUBSTRING_INDEX(email,'@',-1)<br>
>> ="<a href="http://hotmail.com" target="_blank">hotmail.com</a>" AND users.last_seen < '2009-1-29'<br>
>><br>
>> So given current spam levels, I'd probably add <a href="http://hotmail.com" target="_blank">hotmail.com</a> to the<br>
>> email-blacklist.conf too.<br>
>><br>
>><br>
>><br>
>><br>
>> Still thinking.<br>
>><br>
>> Regards,<br>
>><br>
>> Tom<br>
>><br>
>><br>
>> Steven Haigh wrote:<br>
>>> On 16/03/2010, at 11:34 PM, <<a href="mailto:mw@freenet.net.au">mw@freenet.net.au</a>> <<a href="mailto:mw@freenet.net.au">mw@freenet.net.au</a>><br>
>> wrote:<br>
>>>> Since the issue has been raised and complained about several times, I<br>
>> guess<br>
>>>> it is high time that someone put up a hand to chip in and fix it.<br>
>>>><br>
>>>> Before that can be done, there are a couple of obvious questions that<br>
>> need<br>
>>>> to be asked:<br>
>>>><br>
>>>> 1. what is it based on - I assume it is some open source solution<br>
>> that's<br>
>>>> been somehow integrated to the MW site, so what is the original source?<br>
>>> I believe Tyson wrote it from scratch. It's a flat file based wiki that<br>
>> was custom written.<br>
>>>> 2. where is the admin for it (if any)? Again, the assumption is that<br>
>> there<br>
>>>> is some kind of admin interface where access security can be set for<br>
>>>> individual users, grant and revoke read/write rights etc.<br>
>>> I guess Tyson would be the admin? or writer? Everyone in the<br>
> melbwireless<br>
>> group on the server has access to change it - however I don't think anyone<br>
>> is really up to scratch on how it all works.<br>
>>>> There are two possible solutions to this problem the way I see it:<br>
>>>><br>
>>>> a. shut down write access to the wiki to only users who have been<br>
> vetted<br>
>> -<br>
>>>> e.g financial members or similar<br>
>>> This would need more discussion - as you wouldn't want to exclude just<br>
>> about everyone - as that takes away the usefulness of a wiki - however I<br>
>> think the issue is more a fact that people can automate signups to the web<br>
>> site and then spam away.<br>
>>>> b. add captcha test on account sign-up<br>
>>> Might help - but as far as I know, most have been broken at some<br>
> stage...<br>
>> It will still be better than it is now however...<br>
>>>> the latter probably has limited value if a real human is even involved<br>
>> in<br>
>>>> creation of user access accounts - dunno if that is the case here<br>
>> though...?<br>
>>> I think this was fully automated to eliminate the overhead of someone<br>
>> actually having to do it.<br>
>>>> Anyhow, if someone can give up some access details and background info,<br>
>> then<br>
>>>> if nobody else fesses up to having any skills in this sort of thing,<br>
>> then<br>
>>>> let me at it. I have about as much spare time as the next giy (as in<br>
>>>> 'bugger all' ;-) so let me at it!<br>
>>>><br>
>>>> Cheers, Mike.<br>
>>>><br>
>>>><br>
<br>
_______________________________________________<br>
Melbwireless mailing list<br>
<a href="mailto:Melbwireless@wireless.org.au">Melbwireless@wireless.org.au</a><br>
<a href="http://wireless.org.au/mailman/listinfo/melbwireless" target="_blank">http://wireless.org.au/mailman/listinfo/melbwireless</a><br>
</div></div></blockquote></div><br><br clear="all"><br>-- <br>Victor ('Daworm')<br>* Melbourne Wireless Node: KDJ & KDT<br>* Natural Selection 2 Wiki Sysop (<a href="http://www.unknownworlds.com/ns2/wiki/">http://www.unknownworlds.com/ns2/wiki/</a>)<br>
* AoCWiki Sysop (<a href="http://aoc.wikia.com/">http://aoc.wikia.com/</a>)<br>* Twitter: @dawormie<br>