Help - Search - Members - Calendar
Full Version: Spam
OESF Forums > Everything Else > OESF Wiki
dz
Hey Gents,

I'm not that great with Wiki stuff. I can barely figure out how to message someone on there (it's the talk page, right?). Anyway, could you guys try and find out what anti-spam measures are available to us and I'll implement them? A captcha would be convenient if it's there. I'm looking into merging the accounts tables, but that might take a little bit.

Thanks,
Roy
tux
QUOTE(dz @ Sep 26 2007, 05:12 PM) *
Hey Gents,

I'm not that great with Wiki stuff. I can barely figure out how to message someone on there (it's the talk page, right?). Anyway, could you guys try and find out what anti-spam measures are available to us and I'll implement them? A captcha would be convenient if it's there. I'm looking into merging the accounts tables, but that might take a little bit.

Thanks,
Roy

cool.gif I think the captcha system is up and running for registration by default. I posted about hoping it would start operating soon, went and started the registration process on the forums and there was a captcha at the bottom of the screen. So I'm assuming that it works. Obviously I didn't complete the process, so I can't confirm that it actually works all the way, but it is present. When the after effects of my self-ban on the wiki wear off I'll start the new registration process there and see if it's really there also.

I'm quite glad about the self-ban. I unbanned myself almost immediately but the system is still banning new accounts from my IP. So that part of banning appears to work. biggrin.gif It apparently takes about 24 hours after an unban before you can create another account from the same IP.

As regards the user to user messages, yes it is through the talk page. I've finally realised what that mysterious message on Wikipedia pages means: the one about putting ~~~~, 4 tildes, at the end of your comment. It is an automatic return address and date stamp. Justclick on the link and you go off to the user that left a comment.
dz
Oh ok cool. I tried to unblock you, but I have no idea what I'm doing there and I dont want to break anything. Maybe Meyer knows how to work it.

If you guys find anything that can help you manage the Wiki, let me know and I'll do my best to add them.
tux
QUOTE(dz @ Sep 26 2007, 06:44 PM) *
Oh ok cool. I tried to unblock you, but I have no idea what I'm doing there and I dont want to break anything. Maybe Meyer knows how to work it.

If you guys find anything that can help you manage the Wiki, let me know and I'll do my best to add them.

cool.gif No problem! I unblocked myself immediately and the log in works fine. The ip ban from creating new accounts runs out by 11 pm my time. About 5 hours before your time I believe. It is a miniscule inconvenience.

I've banned a fair number of bots so far. I don't see too many new ones appearing yet, and the unbanned (as yet) ones are on a break at the moment. I'll keep looking...

You never know I might actually get to do some proper editing soon. TitchyLinux is surely worth a page or two? biggrin.gif

Three points of information:

1. I had another look at the registration process on the forum: the captcha system is there claiming to be in operation.
2. I downloaded some attachments and there was no problem with just clicking on it. I'll check an image soon.
3. Users can enable email on the Wiki. It's an option in preferences. It does a validation email when you save the preferences and you click on the link in the message you receive.

Cheers smile.gif
dz
QUOTE(tux @ Sep 26 2007, 02:22 PM) *
1. I had another look at the registration process on the forum: the captcha system is there claiming to be in operation.
2. I downloaded some attachments and there was no problem with just clicking on it. I'll check an image soon.
3. Users can enable email on the Wiki. It's an option in preferences. It does a validation email when you save the preferences and you click on the link in the message you receive.


Ya the forums I have down fine. It's the Wiki that I want a captcha for. I don't think there's on there, is there? Right now there's nothing stopping new bots from registering right?
tux
QUOTE(dz @ Sep 26 2007, 08:26 PM) *
QUOTE(tux @ Sep 26 2007, 02:22 PM) *
1. I had another look at the registration process on the forum: the captcha system is there claiming to be in operation.
2. I downloaded some attachments and there was no problem with just clicking on it. I'll check an image soon.
3. Users can enable email on the Wiki. It's an option in preferences. It does a validation email when you save the preferences and you click on the link in the message you receive.


Ya the forums I have down fine. It's the Wiki that I want a captcha for. I don't think there's one there, is there? Right now there's nothing stopping new bots from registering right?

Hi again,
I'll check the wiki registration process out tomorrow when the ip ban runs out! wink.gif

Are you sure that it is a good idea to have editing by unregistered users turned on? I'll keep an eye out and let you know if it is a problem. cool.gif
dz
QUOTE(tux @ Sep 26 2007, 02:37 PM) *
QUOTE(dz @ Sep 26 2007, 08:26 PM) *
QUOTE(tux @ Sep 26 2007, 02:22 PM) *
1. I had another look at the registration process on the forum: the captcha system is there claiming to be in operation.
2. I downloaded some attachments and there was no problem with just clicking on it. I'll check an image soon.
3. Users can enable email on the Wiki. It's an option in preferences. It does a validation email when you save the preferences and you click on the link in the message you receive.


Ya the forums I have down fine. It's the Wiki that I want a captcha for. I don't think there's one there, is there? Right now there's nothing stopping new bots from registering right?

Hi again,
I'll check the wiki registration process out tomorrow when the ip ban runs out! wink.gif

Are you sure that it is a good idea to have editing by unregistered users turned on? I'll keep an eye out and let you know if it is a problem. cool.gif


No, I dont think it's a good idea. Can you change it or is it something I change via ftp?
tux
QUOTE(dz @ Sep 26 2007, 08:48 PM) *
QUOTE(tux @ Sep 26 2007, 02:37 PM) *
QUOTE(dz @ Sep 26 2007, 08:26 PM) *
QUOTE(tux @ Sep 26 2007, 02:22 PM) *
1. I had another look at the registration process on the forum: the captcha system is there claiming to be in operation.
2. I downloaded some attachments and there was no problem with just clicking on it. I'll check an image soon.
3. Users can enable email on the Wiki. It's an option in preferences. It does a validation email when you save the preferences and you click on the link in the message you receive.


Ya the forums I have down fine. It's the Wiki that I want a captcha for. I don't think there's one there, is there? Right now there's nothing stopping new bots from registering right?

Hi again,
I'll check the wiki registration process out tomorrow when the ip ban runs out! wink.gif

Are you sure that it is a good idea to have editing by unregistered users turned on? I'll keep an eye out and let you know if it is a problem. cool.gif


No, I dont think it's a good idea. Can you change it or is it something I change via ftp?

sad.gif I suspect it is something that you deal with. unsure.gif But I did promise to RTFM, so would I find the documentation at one of those links you gave earlier when you were talking about upgrading the software, or somewhere else?

I'm just off for a walk in this damp, cold and dark British autumn. I'll be about an hour and will take a quick look before I go to bed. It is 10 pm my time! cool.gif
tux
cool.gif Hi DZ,

looking at the wiki for the software I found a section talking about Different Rights for anonymous users, signed in users etc.., it then explained what the various categories of signed in user were and what they could do.

Are you not the highest level i.e. Developer/Admin? If not I think you might need to be.

At the bottom of this list it said Other permission schemes (e.g. only signed in users can edit pages) can be configured.

So the possibility is there. I'll rummage in the user forums and see what they say about doing that and what level of user you need to be to do it. I also looked at Special Pages in the Wiki. There was one near the bottom about dealing with user rights. You can apparently deal with groups. There doesn't seem to be an anonymous / non-logged in group. I'm not sure that it would make a difference if there was. I think, at first sight, that these groups are just filters to make looking for users a bit easier.

Obviously I need to look harder. I suspect you need to be a developer to twiddle with these permission schemes. I did say I thought it might be something you do. rolleyes.gif

I will keep looking but not much more tonight, I've got to run a dance class tomorrow and I'm still in sleep deficit from starting out with TitchyLinux this time last week. I'm also going to have a bit of a social life tomorrow evening, so I won't be on until midnight my time!

I'm slightly puzzled by the fact that there is so little spam activity in the Recent Pages. unsure.gif Am I right in thinking that the link to the wiki is slightly different, in the same way as the forums? If so perhaps the spambots are confused! laugh.gif Perhaps all these bots were coming from a fairly small range of ips and the side effect of those bans I've put in have had an effect? We'll find out. biggrin.gif

Cheers
Meyer
I guess the wiki upgrade has confused the spambots for now, but I'm sure it's only a temporary respite from the clever buggers.

I think the upgrade has given us some better tools for fighting them, at least if we install a couple of wiki extensions (captchas on user registration or edits, edit screening by content, and others). Note that the wiki does not currently have captcha protection on anything.

I've posted some references and thoughts on the spambot problem on the wiki.
tux
QUOTE(Meyer @ Sep 27 2007, 08:34 AM) *
I guess the wiki upgrade has confused the spambots for now, but I'm sure it's only a temporary respite from the clever buggers.

I think the upgrade has given us some better tools for fighting them, at least if we install a couple of wiki extensions (captchas on user registration or edits, edit screening by content, and others). Note that the wiki does not currently have captcha protection on anything.

I've posted some references and thoughts on the spambot problem on the wiki.

cool.gif Hi Meyer,

just had a quick read through the sources you put on the Wiki Administrators page. Seems to make sense. I'll reread it and start looking at the pdf documentation I downloaded from the Wikimedia site tomorrow. biggrin.gif
Meyer
Which PDF documentation?
tux
QUOTE(Meyer @ Sep 28 2007, 12:31 AM) *
Which PDF documentation?

cool.gif Hi Meyer,

dz posted some links when he was talking about the new software. There are pdf manuals for download. I'll try putting them here.

Sorry these are for the forum software! rolleyes.gif

http://www.invisionpower.com/community/board/index.html
http://www.invisionpower.com/community/downloads/index.html
http://forums.invisionpower.com/index.php?showtopic=226814

I don't know how much help they are, I haven't had time to sit down and read them yet. sad.gif

I think after a quick browse I'll think about printing out the bits and go off to town and the library and study them the old-fashioned way. I've given the computer screens far too much eyeball to be sensible this last ten days or so. rolleyes.gif

Cheers biggrin.gif
tux
cool.gif Hi dz and Meyer,

just looked at the documentation on the mediawiki site. In the FAQ I found the following which I think is relevant to disallowing anonymous editing. This is one that dz would have to do.

Here is the section I found immediately relevant: Help - User Rights

I've cut and pasted an example:

Anonymous users cannot edit

This example will disable editing of all pages, then re-enable for registered users only.

$wgGroupPermissions['*']['edit'] = false;
$wgGroupPermissions['user']['edit'] = true;


HTH.
HAND biggrin.gif

tux
cool.gif Hi Roy, Dave,

I know that changes to the Wiki setup are taking place this weekend. I hope that blocking anonymous/unlogged in edits is high on the agenda. The last few bits of banning and reverting that I have done have been to anonymous/unlogged users putting little snippets of gibberish in. This looks like the Wiki is beginning to be a target again. sad.gif Not very much at the moment,let's knock it on the head now. biggrin.gif

With the captcha helping out against robot registration, we should be pretty much immune from vandalism and spam if anonymous editing is blocked. tongue.gif

We can always reinstate anonymous editing later on, when all the defensive bots, filters etc come into play. smile.gif Or not, if nobody much complains about it! laugh.gif

Me I'm going to spend some time looking at how Redirect works on pages and how to cope with pages that involve Redirects. I think I've only got a very small number of spambot created pages to finally remove all trace of. I even found time to try and write some pages. rolleyes.gif

See you later.

cool.gif

tux
QUOTE(tux @ Sep 29 2007, 04:40 PM) *
cool.gif Hi Roy, Dave,

I know that changes to the Wiki setup are taking place this weekend. I hope that blocking anonymous/unlogged in edits is high on the agenda. The last few bits of banning and reverting that I have done have been to anonymous/unlogged users putting little snippets of gibberish in. This looks like the Wiki is beginning to be a target again. sad.gif Not very much at the moment,let's knock it on the head now. biggrin.gif

sad.gif The anonymous gibberbots are increasing in number. I really hope the captcha and the anonymous editing changes are going well. smile.gif

It is 23:11 my time and I went to bed about 05:30 this morning. No it wasn't wiki business, this TitchyLinux is getting quite engrossing! biggrin.gif

So 'Goodnight Each!'

Antikx
thanks for all your hard work, tux!
Meyer
QUOTE(tux @ Sep 30 2007, 02:14 PM) *
sad.gif The anonymous gibberbots are increasing in number. I really hope the captcha and the anonymous editing changes are going well. smile.gif


It's disappointing what some people think of as fun.

1-word gibberish edits are at least an improvement over the link spam, but I agree we need to get rid of them, too.

If disallowing anonymous edits is the only way to do it, I don't think that will be much of a loss in practical terms. However, in principle I think it's better to keep the wiki as open and free as we can.

The ConfirmEdit captcha extension is configurable to trigger a captcha on edits by anonymous users while leaving registered users alone. I'd like to see if that's enough to block the gibberish.

Of course, if it's not bots but people sitting at their PCs typing "klsdfoisdf" into wiki pages, the captcha won't do much good. In that case blocking all anonymous edits is probably the only thing we can do.

adf
QUOTE(Meyer @ Sep 30 2007, 06:42 PM) *
QUOTE(tux @ Sep 30 2007, 02:14 PM) *
sad.gif The anonymous gibberbots are increasing in number. I really hope the captcha and the anonymous editing changes are going well. smile.gif


It's disappointing what some people think of as fun.

1-word gibberish edits are at least an improvement over the link spam, but I agree we need to get rid of them, too.

If disallowing anonymous edits is the only way to do it, I don't think that will be much of a loss in practical terms. However, in principle I think it's better to keep the wiki as open and free as we can.

The ConfirmEdit captcha extension is configurable to trigger a captcha on edits by anonymous users while leaving registered users alone. I'd like to see if that's enough to block the gibberish.

Of course, if it's not bots but people sitting at their PCs typing "klsdfoisdf" into wiki pages, the captcha won't do much good. In that case blocking all anonymous edits is probably the only thing we can do.

How really difficult is it to register? Is there a mail address available so someone with a brilliant insight who can't be bothered to register to post it can mail it to the admin? What do you think would be lost by requiring a simple free registration, and possible posting an easy way for a human to mail the admin? I'm obviously a fan of open stuff, but making things easy on assholes seems like a bad idea...
Meyer
QUOTE(adf @ Sep 30 2007, 07:02 PM) *
How really difficult is it to register? Is there a mail address available so someone with a brilliant insight who can't be bothered to register to post it can mail it to the admin? What do you think would be lost by requiring a simple free registration, and possible posting an easy way for a human to mail the admin? I'm obviously a fan of open stuff, but making things easy on assholes seems like a bad idea...


I think we're largely in agreement, except I would say you can't tell who's an asshole and who's not at least until they make their first edit.

Registration is not difficult, and it is hard for me to imagine why someone would be reluctant to do so. But it is also possible that someone with a legitimate reason I have failed to imagine wants to contribute to the wiki, and I'd prefer we let them without interference if it's possible to do so without making the wiki a spam dumping-ground.

If it's not possible to do both, then, yes, loss of anonymous edits will be a low-impact sacrifice. I just think "no stricter than necessary" is the better policy.
tux
Welcome back David!! biggrin.gif

Over the last month or so an increasing number of IP editors have been creating new pages with walls of text. I assume there is some 'payload' in there? I think it might well be time to bar IP editing for a period of time.

Also editors are registering and doing the same thing. They are also uploading various images. Again I presume there is some 'payload' in there. Has the 'captcha' for registering been turned off? I don't have that many calls on my time but the amount of blocking and deleting I am doing at the moment is very tedious!

Is there some connection with the obvious robot registrations for forum membership? Any forum admin care to comment there?

Cheers cool.gif
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
Invision Power Board © 2001-2014 Invision Power Services, Inc.