[Pmwiki-users] Re: hackers: Another good reason for authentication
Fri Jun 18 03:04:08 CDT 2004
On Jun 18, 2004, at 11:38 AM, Steven Leite wrote:
> That's a good idea, but to improve on that idea a bit, I would create a
> custom template for the Main/WikiSandbox page. The only difference
> between the default site template and this template would be the text
> the top of the page reading:
> "This page is password protected. The edit password is "xxx".
> This will prevent people from messing with the same message if you had
> typed it in the wiki's page text instead.
I was thinking to do that for the whole site. But what if I defined
the password/authentication domain with "password is x"?
> Other good idea's I've seen include:
> * auto resetting the wiki.d/Main.Sandbox page every xx minutes (after
> the last edit)
I'll probably be doing that next.
> * using robots.txt to instruct search bots NOT to index the Sandbox
> (doesn't help prevent spam, but at least the spammer will be wasting
> their time, at least on that one page).
> * looking at the HTTP_REFERRER to see if it's a browser or bot. If
> a bot, don't allow edits, or if an edit is attempted, just redirect to
> the same page (instead of bringing up the edit dialogue).
How does one do that? (and I'm wondering if that will prevent my own
interface-programs from working)
> * ip banning (counter-attack after abuse has already occured)
This wont work for my 'nice guy' -- he's on a dynamic DNS at an ISP in
> * preventing external links (requiring admin to approve/disapprove
> before they are allowed in the wikitext).
I'd like this as an option. It seems like a very VERY strong security
feature, if some more admin overhead.
Another way to perform a counter-campaign is perhaps to let the people
at the target websites know exactly what it is that they're paying for
with the people who are "increasing their popularity on search engines"
by placing fake links on open-edit community websites. Send an (auto?)
email to the webmaster or customer service (etc) at such domains and
report that such-and-such was posted regarding their company, and
explain how that is used to increase their hit-rate on Google and other
search engines, how it's unethical and as bad as spam (nearly no one
likes spam) and makes the internet a bad place to visit, or work
from...and they can save their money and find legitimate ways to
increase their popularity. Most people running the sites probably have
no idea that they're getting hits because of such unethical practices,
and are probably paying for the service. If it works, it will hit the
spammers where it counts: in their bank accounts. Maybe we can get the
information about the spammer's business from the customer, and report
them to the Better Business Bureau or similar.
i.e. that's the "Waaah! I'm gonna tell Mommy that you hit me!" method.
I'm going to try this when my daily spammer hits my site today.
> If anyone can think of other approaches, add them to this list (or
> create a page on the PmWiki website). Understanding the problem
> clearly, will help a lot in trying to come up with ideas and methods to
> fix the problem.
And publicize them for these critters (people) to take them into
account. I think the information needs to be shared, but temporary
measures will be circumvented quicker -- i.e. they'll find ways around
No man is an island, entire of itself; every man is a piece of the
continent, a part of the main. If a clod be washed away by the sea,
Europe is the less, as well as if a promontory were, as well as if a
manor of thy friends or of thine own were: any man's death diminishes
me, because I am involved in mankind, and therefore never send to know
for whom the bell tolls; it tolls for thee.
-- John Donne, 1624.
More information about the pmwiki-users