[MLB-WIRELESS] wiki and spam

Wed Mar 17 00:07:06 EST 2010

Thanks for the support!

If it has approval from the people, then I can probably find time to do 
it this week.

Regards,

Tom

Mike Everest wrote:
> Sounds like a real solution - so who is going to have a crack at it?
> 
> My hand is still up.
> 
> Cheers.
> 
>> -----Original Message-----
>> From: Tom Fifield [mailto:gummay at gmail.com] On Behalf Of Tom Fifield
>> Sent: Tuesday, 16 March 2010 11:48 PM
>> To: Steven Haigh
>> Cc: <mw at freenet.net.au>; committee at melbournewireless.org.au; 'Melbourne
>> Wireless'; 'Tyson Clugg'; coders at melbournewireless.org.au
>> Subject: Re: [MLB-WIRELESS] wiki and spam
>>
>> Hi,
>>
>> Random pastings from my postings on the coders list ...
>>
>> Based on what we've seen so far, my guess is that spammers:
>>
>> * are not members
>> * don't give us any optional information (address, phone)
>> * don't use anything advanced (adv & subscribed)
>> * don't have any nodes
>>
>> SELECT * FROM `users` WHERE memberNo=0 AND address = '' AND phone = ''
>> AND adv IS NULL and subscribed IS NULL AND users.username NOT IN (SELECT
>> owner from nodes) ORDER BY `users`.`last_seen`  DESC
>>
>>
>> So if we want a permanent solution to the spam problem, we need to
>> somehow restrict wiki access to accounts fitting the criteria.
>>
>> Right now only 835 of the 4000 account fit these criteria - we can
>> reduce this further by looking at email domain names.
>>
>> One idea would be to introduce a captcha for these accounts. However, in
>> the past I've actually got into email discussions with the spammers ...
>> and they seem to be real people (in 3rd-world countries) rather than
>> scripts. One even (in chinese) said he understood and would stop!
>>
>> So I'm not convinced a captcha would give results, but it can't hurt too
>> much to try.
>>
>> However, this doesn't stop people creating accounts in the first place.
>>
>> ....
>>
>> Interestingly, only 100 of our 600+ hotmail users(the most popular
>> domain) have a node and 77 of those haven't been seen for over a year:
>> select users.username, users.name, users.last_seen from users INNER JOIN
>> nodes ON nodes.owner=users.username WHERE SUBSTRING_INDEX(email,'@',-1)
>> ="hotmail.com" AND users.last_seen < '2009-1-29'
>>
>> So given current spam levels, I'd probably add hotmail.com to the
>> email-blacklist.conf too.
>>
>>
>>
>>
>> Still thinking.
>>
>> Regards,
>>
>> Tom
>>
>>
>> Steven Haigh wrote:
>>> On 16/03/2010, at 11:34 PM, <mw at freenet.net.au> <mw at freenet.net.au>
>> wrote:
>>>> Since the issue has been raised and complained about several times, I
>> guess
>>>> it is high time that someone put up a hand to chip in and fix it.
>>>>
>>>> Before that can be done, there are a couple of obvious questions that
>> need
>>>> to be asked:
>>>>
>>>> 1.  what is it based on - I assume it is some open source solution
>> that's
>>>> been somehow integrated to the MW site, so what is the original source?
>>> I believe Tyson wrote it from scratch. It's a flat file based wiki that
>> was custom written.
>>>> 2.  where is the admin for it (if any)?  Again, the assumption is that
>> there
>>>> is some kind of admin interface where access security can be set for
>>>> individual users, grant and revoke read/write rights etc.
>>> I guess Tyson would be the admin? or writer? Everyone in the
> melbwireless
>> group on the server has access to change it - however I don't think anyone
>> is really up to scratch on how it all works.
>>>> There are two possible solutions to this problem the way I see it:
>>>>
>>>> a. shut down write access to the wiki to only users who have been
> vetted
>> -
>>>> e.g financial members or similar
>>> This would need more discussion - as you wouldn't want to exclude just
>> about everyone - as that takes away the usefulness of a wiki - however I
>> think the issue is more a fact that people can automate signups to the web
>> site and then spam away.
>>>> b. add captcha test on account sign-up
>>> Might help - but as far as I know, most have been broken at some
> stage...
>> It will still be better than it is now however...
>>>> the latter probably has limited value if a real human is even involved
>> in
>>>> creation of user access accounts - dunno if that is the case here
>> though...?
>>> I think this was fully automated to eliminate the overhead of someone
>> actually having to do it.
>>>> Anyhow, if someone can give up some access details and background info,
>> then
>>>> if nobody else fesses up to having any skills in this sort of thing,
>> then
>>>> let me at it.  I have about as much spare time as the next giy (as in
>>>> 'bugger all' ;-) so let me at it!
>>>>
>>>> Cheers,  Mike.
>>>>
>>>>