[pmwiki-users] PmWiki and Spam
Patrick R. Michaud
pmichaud at pobox.com
Sat Jan 12 21:20:09 CST 2008
On Sat, Jan 12, 2008 at 11:07:00AM +0100, Petko Yotov wrote:
> Hello all,
> > > I'm willing to do a captcha, at least for a while, if someone will
> > > prototype a replacement Site.EditForm page for it.
> I am strongly against a Captcha solution. If I have to do one and
> only edit in the day, a Captcha is acceptable. But as we may be
> doing several of edits or fixes, it is really a pain.
Captchas in PmWiki are once-per-session -- i.e., once you've
verified a captcha, that verification is good for all subsequent
edits until the session expires.
> And here is the proof:
> (188.8.131.52 edited PITS.00108)
> I also do not understand why in the Blocklist there are whole ranges of
> blocked IPs, like :
For a long time it was too much trouble to list individual addresses,
and we _would_ receive spam posts from multiple addresses in the range.
> Even if it is
> the case (which is not: these are open proxies), there are 254 legitimate
> innocent IPs that are blocked.
I'm fine with guilt-by-associate for now. I've never run into a
case where a legitimate poster complained about being inadvertently
blocked by one of these address ranges.
> If this is not a malicious attack by someone who hates us, what I
> beleve to be best is to have an edit password on the groups that
> we are cleaning every day. It may be written in the Site.EditForm :
> Please enter '''pmwiki''' in the following textbox in order to edit.
> This is less annoying than a Captcha and may work.
The issue I have with this approach is that someone viewing and
interacting with PmWiki for the first time can get very confused
by this. For one, if the page is protected by a password other
than "pmwiki" (and there are some), then the new author will be
very confused by the fact that the statement doesn't seem to work.
Beyond that, I think that newcomers who don't understand that the
password is being used as a spam mechanism will be likewise
confused. I can envision people thinking "What good is it to
publicly display the edit password?" and concluding that
"PmWiki isn't very secure." That's not really the impression
I want to leave newcomers to the site.
More information about the pmwiki-users