[pmwiki-users] PmWiki and Spam

Simon nzskiwi at gmail.com
Wed Jan 9 13:33:07 CST 2008

On 10/01/2008, christian.ridderstrom at gmail.com
<christian.ridderstrom at gmail.com> wrote:
> I had actually forgotten that you can block IP-addresses, that's pointless
> in practice IMHO as well.
> > That leaves blocking terms.  Too much work, when just doing a
> > de-spamming "restore" is already too much work.  I see that Simon still
> > goes to the trouble, though.
> My experience is that blocking terms has worked really well on
> wiki.lyx.org. The only repeat spam attacks within a "topic" are those
> where I haven't added new key words to the block list.
> > Cool if there were a link "Restore and block" on the History view that,
> The main problem is picking suitable words to add to the block list, so it
> might good if you'd see the original changes to the pages together with
> Site.Blocklist, thus more easily being able pick a good word to block.
> Once I've blocked a word, I usually search the wiki and fix any other
> pages that have been tampered with.
> The drawback with block words is of course if users of the site wish to
> add text about e.g. 'online blackjack'...
> Anyway, this strategy (combined with URL-approve) has worked surprisingly
> well to stop the spam attacks that the LyX wiki site used to suffer.
> Best regards
> /Christian
> PS. Since I'm not the one that usually fixes spam attacks (others usually
> beat me to it...), I look at the diff of the pages to pick out suitable
> words to block.  Looking at PmWiki, it seems that
>         basroouel
> and
>         libocacnoc
> might be spam, although it makes no sense to me...

In the recent attack many IP addresses defaced PmWiki by posting one
to three messages consisting of unique random series of characters (as
you show above). Banning these as keywords was pointless. Blocking IP
addresses was effective in this case.

Whether or not it makes sense is not the point. The problem is that is
rapidly impacts a lot of pages, imho dents PmWiki's credibility, and
makes the RecentChanges pages less than useful for following the
meaningful and useful updates contributed by the community, and costs
someone (eg Patrick) time to fix it up.

A similar related problem we see is where no change is made to a page,
but the author field has a random entry, again typically the IP
address varies.
Also, the spammer who replaces a page with 'happy christmas', or 'I
like your website', difficult to ban by keyword because of the
potential impact on users who might genuinely want to say these

Food for thought.

I'd suggest that the creation of all new groups and pages be protected
using a capture or public password (eg see
Groups such as Main,Test,PITS,Profiles be similarly protected.



See also http://pmwiki.org/wiki/PmWiki/Security#wikivandalism
(contributions to this page solicited)

More information about the pmwiki-users mailing list