[pmwiki-users] PmWiki and Spam
5ko at 5ko.fr
Sat Jan 12 04:07:00 CST 2008
> > I'm willing to do a captcha, at least for a while, if someone will
> > prototype a replacement Site.EditForm page for it.
I am strongly against a Captcha solution. If I have to do one and only edit in
the day, a Captcha is acceptable. But as we may be doing several of edits or
fixes, it is really a pain.
> Maybe the blocklist does the job.
Blocklist clearly does not the job. Every edit comes from a different IP
address. I feel that this is a spambot using a list of open proxies to post
these nonsense strings.
And here is the proof:
(188.8.131.52 edited PITS.00108)
I also do not understand why in the Blocklist there are whole ranges of
blocked IPs, like :
Are we sure all the 255 IPs are compromized? Blocking a range this way is only
an effective prevention against dial-up users from tiny ISPs that can
disconnect and reconnect and get another IP in the same range. Even if it is
the case (which is not: these are open proxies), there are 254 legitimate
innocent IPs that are blocked.
> > We could site-protect all pages, but I'm not sure how we could make
> > newcomers aware of the password in a way that makes sense to them.
If this is not a malicious attack by someone who hates us, what I beleve to be
best is to have an edit password on the groups that we are cleaning every
day. It may be written in the Site.EditForm :
Please enter '''pmwiki''' in the following textbox in order to edit.
This is less annoying than a Captcha and may work.
> Protecting all sites is not good - wikis shouldn't be read only.
We may have the PmWiki.PmWiki and the Main.WikiSandbox pages with @nopass edit
restriction. And possibly pages PmWiki/ FAQ, AQ, Questions.
More information about the pmwiki-users