[pmwiki-users] PmWiki and Spam

Petko Yotov 5ko at 5ko.fr
Sat Jan 12 04:07:00 CST 2008


Hello all,

> > I'm willing to do a captcha, at least for a while, if someone will
> > prototype a replacement Site.EditForm page for it.

I am strongly against a Captcha solution. If I have to do one and only edit in 
the day, a Captcha is acceptable. But as we may be doing several of edits or 
fixes, it is really a pain.

> Maybe the blocklist does the job.

Blocklist clearly does not the job. Every edit comes from a different IP 
address. I feel that this is a spambot using a list of open proxies to post 
these nonsense strings.

And here is the proof:
   http://google.com/search?q=%2262.140.77.68%22+proxy

(62.140.77.68 edited PITS.00108)

I also do not understand why in the Blocklist there are whole ranges of 
blocked IPs, like :
   block:12.43.115.*

Are we sure all the 255 IPs are compromized? Blocking a range this way is only 
an effective prevention against dial-up users from tiny ISPs that can 
disconnect and reconnect and get another IP in the same range. Even if it is 
the case (which is not: these are open proxies), there are 254 legitimate 
innocent IPs that are blocked.

> > We could site-protect all pages, but I'm not sure how we could make
> > newcomers aware of the password in a way that makes sense to them.

If this is not a malicious attack by someone who hates us, what I beleve to be 
best is to have an edit password on the groups that we are cleaning every 
day. It may be written in the Site.EditForm :

  Please enter '''pmwiki''' in the following textbox in order to edit.

This is less annoying than a Captcha and may work.

> Protecting all sites is not good - wikis shouldn't be read only.

We may have the PmWiki.PmWiki and the Main.WikiSandbox pages with @nopass edit 
restriction. And possibly pages PmWiki/ FAQ, AQ, Questions.

Thanks,
Petko




More information about the pmwiki-users mailing list