Author Topic: Spam (Read 40147 times)

dz · « **on:** September 26, 2007, 12:12:00 pm »

Hey Gents,

I'm not that great with Wiki stuff. I can barely figure out how to message someone on there (it's the talk page, right?). Anyway, could you guys try and find out what anti-spam measures are available to us and I'll implement them? A captcha would be convenient if it's there. I'm looking into merging the accounts tables, but that might take a little bit.

Thanks,
Roy

tux · « **Reply #1 on:** September 26, 2007, 01:20:57 pm »

Quote from: dz

Hey Gents,

I'm not that great with Wiki stuff. I can barely figure out how to message someone on there (it's the talk page, right?). Anyway, could you guys try and find out what anti-spam measures are available to us and I'll implement them? A captcha would be convenient if it's there. I'm looking into merging the accounts tables, but that might take a little bit.

Thanks,
Roy

I think the captcha system is up and running for registration by default. I posted about hoping it would start operating soon, went and started the registration process on the forums and there was a captcha at the bottom of the screen. So I'm assuming that it works. Obviously I didn't complete the process, so I can't confirm that it actually works all the way, but it is present. When the after effects of my self-ban on the wiki wear off I'll start the new registration process there and see if it's really there also.

I'm quite glad about the self-ban. I unbanned myself almost immediately but the system is still banning new accounts from my IP. So that part of banning appears to work. It apparently takes about 24 hours after an unban before you can create another account from the same IP.

As regards the user to user messages, yes it is through the talk page. I've finally realised what that mysterious message on Wikipedia pages means: the one about putting ~~~~, 4 tildes, at the end of your comment. It is an automatic return address and date stamp. Justclick on the link and you go off to the user that left a comment.

dz · « **Reply #2 on:** September 26, 2007, 01:44:30 pm »

Oh ok cool. I tried to unblock you, but I have no idea what I'm doing there and I dont want to break anything. Maybe Meyer knows how to work it.

If you guys find anything that can help you manage the Wiki, let me know and I'll do my best to add them.

tux · « **Reply #3 on:** September 26, 2007, 03:22:04 pm »

Quote from: dz

Oh ok cool. I tried to unblock you, but I have no idea what I'm doing there and I dont want to break anything. Maybe Meyer knows how to work it.

If you guys find anything that can help you manage the Wiki, let me know and I'll do my best to add them.

No problem! I unblocked myself immediately and the log in works fine. The ip ban from creating new accounts runs out by 11 pm my time. About 5 hours before your time I believe. It is a miniscule inconvenience.

I've banned a fair number of bots so far. I don't see too many new ones appearing yet, and the unbanned (as yet) ones are on a break at the moment. I'll keep looking...

You never know I might actually get to do some proper editing soon. TitchyLinux is surely worth a page or two?

Three points of information:

1. I had another look at the registration process on the forum: the captcha system is there claiming to be in operation.
2. I downloaded some attachments and there was no problem with just clicking on it. I'll check an image soon.
3. Users can enable email on the Wiki. It's an option in preferences. It does a validation email when you save the preferences and you click on the link in the message you receive.

Cheers

dz · « **Reply #4 on:** September 26, 2007, 03:26:12 pm »

Quote from: tux

1. I had another look at the registration process on the forum: the captcha system is there claiming to be in operation.
2. I downloaded some attachments and there was no problem with just clicking on it. I'll check an image soon.
3. Users can enable email on the Wiki. It's an option in preferences. It does a validation email when you save the preferences and you click on the link in the message you receive.

Ya the forums I have down fine. It's the Wiki that I want a captcha for. I don't think there's on there, is there? Right now there's nothing stopping new bots from registering right?

tux · « **Reply #5 on:** September 26, 2007, 03:37:43 pm »

Quote from: dz

Quote from: tux
1. I had another look at the registration process on the forum: the captcha system is there claiming to be in operation.
2. I downloaded some attachments and there was no problem with just clicking on it. I'll check an image soon.
3. Users can enable email on the Wiki. It's an option in preferences. It does a validation email when you save the preferences and you click on the link in the message you receive.

Ya the forums I have down fine. It's the Wiki that I want a captcha for. I don't think there's one there, is there? Right now there's nothing stopping new bots from registering right?

Hi again,
I'll check the wiki registration process out tomorrow when the ip ban runs out!

Are you sure that it is a good idea to have editing by unregistered users turned on? I'll keep an eye out and let you know if it is a problem.

dz · « **Reply #6 on:** September 26, 2007, 03:48:55 pm »

Quote from: tux

Quote from: dz
Quote from: tux
1. I had another look at the registration process on the forum: the captcha system is there claiming to be in operation.
2. I downloaded some attachments and there was no problem with just clicking on it. I'll check an image soon.
3. Users can enable email on the Wiki. It's an option in preferences. It does a validation email when you save the preferences and you click on the link in the message you receive.

Ya the forums I have down fine. It's the Wiki that I want a captcha for. I don't think there's one there, is there? Right now there's nothing stopping new bots from registering right?
Hi again,
I'll check the wiki registration process out tomorrow when the ip ban runs out!

Are you sure that it is a good idea to have editing by unregistered users turned on? I'll keep an eye out and let you know if it is a problem.

No, I dont think it's a good idea. Can you change it or is it something I change via ftp?

tux · « **Reply #7 on:** September 26, 2007, 05:01:13 pm »

Quote from: dz

Quote from: tux
Quote from: dz
Quote from: tux
1. I had another look at the registration process on the forum: the captcha system is there claiming to be in operation.
2. I downloaded some attachments and there was no problem with just clicking on it. I'll check an image soon.
3. Users can enable email on the Wiki. It's an option in preferences. It does a validation email when you save the preferences and you click on the link in the message you receive.

Ya the forums I have down fine. It's the Wiki that I want a captcha for. I don't think there's one there, is there? Right now there's nothing stopping new bots from registering right?
Hi again,
I'll check the wiki registration process out tomorrow when the ip ban runs out!

Are you sure that it is a good idea to have editing by unregistered users turned on? I'll keep an eye out and let you know if it is a problem.

No, I dont think it's a good idea. Can you change it or is it something I change via ftp?

I suspect it is something that you deal with. But I did promise to RTFM, so would I find the documentation at one of those links you gave earlier when you were talking about upgrading the software, or somewhere else?

I'm just off for a walk in this damp, cold and dark British autumn. I'll be about an hour and will take a quick look before I go to bed. It is 10 pm my time!

tux · « **Reply #8 on:** September 26, 2007, 07:22:14 pm »

Hi DZ,

looking at the wiki for the software I found a section talking about Different Rights for anonymous users, signed in users etc.., it then explained what the various categories of signed in user were and what they could do.

Are you not the highest level i.e. Developer/Admin? If not I think you might need to be.

At the bottom of this list it said Other permission schemes (e.g. only signed in users can edit pages) can be configured.

So the possibility is there. I'll rummage in the user forums and see what they say about doing that and what level of user you need to be to do it. I also looked at Special Pages in the Wiki. There was one near the bottom about dealing with user rights. You can apparently deal with groups. There doesn't seem to be an anonymous / non-logged in group. I'm not sure that it would make a difference if there was. I think, at first sight, that these groups are just filters to make looking for users a bit easier.

Obviously I need to look harder. I suspect you need to be a developer to twiddle with these permission schemes. I did say I thought it might be something you do.

I will keep looking but not much more tonight, I've got to run a dance class tomorrow and I'm still in sleep deficit from starting out with TitchyLinux this time last week. I'm also going to have a bit of a social life tomorrow evening, so I won't be on until midnight my time!

I'm slightly puzzled by the fact that there is so little spam activity in the Recent Pages. Am I right in thinking that the link to the wiki is slightly different, in the same way as the forums? If so perhaps the spambots are confused! Perhaps all these bots were coming from a fairly small range of ips and the side effect of those bans I've put in have had an effect? We'll find out.

Cheers

Meyer · « **Reply #9 on:** September 27, 2007, 03:34:54 am »

I guess the wiki upgrade has confused the spambots for now, but I'm sure it's only a temporary respite from the clever buggers.

I think the upgrade has given us some better tools for fighting them, at least if we install a couple of wiki extensions (captchas on user registration or edits, edit screening by content, and others). Note that the wiki does not currently have captcha protection on anything.

I've posted some references and thoughts on the spambot problem on the wiki.

tux · « **Reply #10 on:** September 27, 2007, 06:25:46 pm »

Quote from: Meyer

I guess the wiki upgrade has confused the spambots for now, but I'm sure it's only a temporary respite from the clever buggers.

I think the upgrade has given us some better tools for fighting them, at least if we install a couple of wiki extensions (captchas on user registration or edits, edit screening by content, and others). Note that the wiki does not currently have captcha protection on anything.

I've posted some references and thoughts on the spambot problem on the wiki.

Hi Meyer,

just had a quick read through the sources you put on the Wiki Administrators page. Seems to make sense. I'll reread it and start looking at the pdf documentation I downloaded from the Wikimedia site tomorrow.

Meyer · « **Reply #11 on:** September 27, 2007, 07:31:09 pm »

Which PDF documentation?

tux · « **Reply #12 on:** September 28, 2007, 04:27:50 am »

Quote from: Meyer

Which PDF documentation?

Hi Meyer,

dz posted some links when he was talking about the new software. There are pdf manuals for download. I'll try putting them here.

Sorry these are for the forum software!

http://www.invisionpower.com/community/board/index.html
http://www.invisionpower.com/community/downloads/index.html
http://forums.invisionpower.com/index.php?showtopic=226814

I don't know how much help they are, I haven't had time to sit down and read them yet.

I think after a quick browse I'll think about printing out the bits and go off to town and the library and study them the old-fashioned way. I've given the computer screens far too much eyeball to be sensible this last ten days or so.

Cheers

tux · « **Reply #13 on:** September 28, 2007, 05:09:11 am »

Hi dz and Meyer,

just looked at the documentation on the mediawiki site. In the FAQ I found the following which I think is relevant to disallowing anonymous editing. This is one that dz would have to do.

Here is the section I found immediately relevant: Help - User Rights

I've cut and pasted an example:

Anonymous users cannot edit

This example will disable editing of all pages, then re-enable for registered users only.

$wgGroupPermissions['*']['edit'] = false;
$wgGroupPermissions['user']['edit'] = true;

HTH.
HAND

tux · « **Reply #14 on:** September 29, 2007, 11:40:13 am »

Hi Roy, Dave,

I know that changes to the Wiki setup are taking place this weekend. I hope that blocking anonymous/unlogged in edits is high on the agenda. The last few bits of banning and reverting that I have done have been to anonymous/unlogged users putting little snippets of gibberish in. This looks like the Wiki is beginning to be a target again. Not very much at the moment,let's knock it on the head now.

With the captcha helping out against robot registration, we should be pretty much immune from vandalism and spam if anonymous editing is blocked.

We can always reinstate anonymous editing later on, when all the defensive bots, filters etc come into play. Or not, if nobody much complains about it!

Me I'm going to spend some time looking at how Redirect works on pages and how to cope with pages that involve Redirects. I think I've only got a very small number of spambot created pages to finally remove all trace of. I even found time to try and write some pages.

See you later.

News:

Author Topic: Spam (Read 40147 times)