[Pmwiki-users] Hashcash ... an interesting idea for preventing span

Fábio Reis Cecin fcecin
Fri Dec 3 06:12:42 CST 2004


Date: Fri, 3 Dec 2004 14:18:18 +1100
From: Nathan Jones <pmwiki at optimo.com.au>

 > However, it does remind me of a scheme used on web sites to
 > prevent use by bots - captchas:
 >
 > http://www.captcha.net/
 > http://en.wikipedia.org/wiki/Captcha
 >
 > If combined with a wiki engine, it would ensure that a human
 > is editing the page by asking him/her to enter the text
 > displayed in an obscured image.

Cool idea!

But this would work better if users weren't bothered by it
too much. For instance, if the user has a certain cookie
in their browser, the image is not shown. The cookie is
set after the user enters the "magic text" successfully.

And this could also have other benefits, like the wiki being
able to identify "who" (browser+machine) is editing a page,
regardless of dynamic IPs. So, if you do a "restore" on a
page because of spamming, you can also "block" the browser
of whoever had the "magic cookie" when the page was edited.

Of course, the cookie could be simply erased by the client
(or the client could just block cookies) but at least it
would be another annoyance to the spammer, which would also
have to enter the "text on the obscured image" again...
increasing the chance that he would just give up.

For people that don't accept cookies, entering the "magic
text" successfully would also work for an entire "session" or
maybe X hours for the user's IP address or something
like that.

 > It doesn't prevent a spammer from manually editing a page,
 > but it prevents spammers from creating automated processes
 > that crawl the web to find wikis and automatically alter them.

I guess that human spammers are a lesser problem, because wikis
usually have limited audiences (school, etc) and so the payoff
for manually spamming individual wikis is lower, especially if
you put a few hindrances to editing - for the spammer visiting
hundreds of wikis those certainly add up.

But bot-spamming IS profitable (especially if you use your
"zombie PCs" to do it for you... :-)

Fabio



More information about the pmwiki-users mailing list