Re: [Mwiki] a massive spam attack. Again
Am 02/07/2014 12:45 AM, schrieb Rob Weir: On Thu, Feb 6, 2014 at 6:21 PM, jan ij...@apache.org wrote: On 6 February 2014 23:42, Andrea Pescettipesce...@apache.org wrote: jan i wrote: I warned about exactly that, but I was asked (see JIRAs) to remove the cats (captcha). If you read the JIRA (which was watched be several in here) you will see my warning. The idea was to replace the CAPTCHA with something better, otherwise we can (should) keep the current CAPTCHA and discuss a better solution in the meantime. The cats cause incompatibilities and other issues, but if they are much more effective than the replacement let's go back to the cats as soon as possible and in the see what's best to replace them (but something MORE effective, not LESS effective!). May I politely correct you, the idea was NOT to replace the cats. The jira was implemented by the word ! The exact wording is: Wiki6: Cats/Dogs CAPTCHA for new user registration is quite broken. It doesn't work in several browser configurations, it includes HTTP instead of HTTPS https://issues.apache.org/ooo/show_bug.cgi?id=123695 - Recommended solution: drop it entirely. That statement is pretty clear, how it can be read as moving to something more effective slips my mind. later the jira contains: accessibility suggestion from Tyler (haven't tested MediaWiki compatibility): there is a website which provides text-based CAPTCHA's in the form of logic questions, math problems, etc. It provides an XML API. See http://www.textcaptcha.com/ Apart from the facts, thats its a suggestion and not a decision (like that above), we do not use extensions that are not supported by mediawiki (meaning downloadable from mediawiki.com and verified for our release). As a sidenote, that captcha is pretty much the same as the standard which are active right now. There are quite a lot of captcha´s out there, just looking at mediawiki.com extensions gives a lot of choises. At this point in time we have several choices: 1) leave the config as it is 2) reinstall cats 3) choose another captcha (in this case we need to decide which one). I am not the one to overrule a community decision (Wiki6), but I will happely implement another community decision. I hope you can simply restore cats if that can be done without too much trouble. Then we can discuss further and come to a community decision on what else to do, if anything. I hope you agree that there is zero benefit to accumulating additional spam while we discuss. Fix the immediate problem, then we can discuss longer term. This one area that Apache Infra knows how to do well. They know when it is important to act rather than discuss. I suggest that this is one of those times. Right, especially when there is already a solution that is working (mostly resp. for the most people). Thanks Jan. Marcus - To unsubscribe, e-mail: dev-unsubscr...@openoffice.apache.org For additional commands, e-mail: dev-h...@openoffice.apache.org
Re: [Mwiki] a massive spam attack. Again
On Thu, Feb 6, 2014 at 12:06 PM, Rob Weir robw...@apache.org wrote: On Thu, Feb 6, 2014 at 1:28 PM, jan i j...@apache.org wrote: On 6 February 2014 19:00, helen helenruss...@gmail.com wrote: Hi there, I'm Helen, a Wi admin. https://wiki.openoffice.org/wiki/User:Helen_russian Since 5th Feb. MWiki is under a massive spam attack. Please take a look: https://wiki.openoffice.org/wiki/Special:Log/delete, https://wiki.openoffice.org/wiki/Special:Log/block I warned about exactly that, but I was asked (see JIRAs) to remove the cats (captcha). If you read the JIRA (which was watched be several in here) you will see my warning. The simple captcha we have in place, is browser safe, but not very efficient. I assume the admins as such wanted the change (otherwise I am sure the task would not have been added). Another captcha was suggested, but with the note not tested on mediawiki (or something similar). We only install extensions supported by mediawiki of course. A simpler solution: Why not add back the cat captcha, but only show it to the spammers? LOL! Regards, -Rob (OK. That is a joke. But I was once asked by a manager, many years ago, to improve a spell checker so it only reported misspellings of words that were in the dictionary.) If the admins wants a change, then please have a discussion about it on the ML, and once agreed upon, file a JIRA. rgds jan I. Please help. -- Regards, Helen - To unsubscribe, e-mail: dev-unsubscr...@openoffice.apache.org For additional commands, e-mail: dev-h...@openoffice.apache.org - To unsubscribe, e-mail: dev-unsubscr...@openoffice.apache.org For additional commands, e-mail: dev-h...@openoffice.apache.org -- - MzK Cats do not have to be shown how to have a good time, for they are unfailing ingenious in that respect. -- James Mason
Re: [Mwiki] a massive spam attack. Again
On 6 February 2014 21:06, Rob Weir robw...@apache.org wrote: On Thu, Feb 6, 2014 at 1:28 PM, jan i j...@apache.org wrote: On 6 February 2014 19:00, helen helenruss...@gmail.com wrote: Hi there, I'm Helen, a Wi admin. https://wiki.openoffice.org/wiki/User:Helen_russian Since 5th Feb. MWiki is under a massive spam attack. Please take a look: https://wiki.openoffice.org/wiki/Special:Log/delete, https://wiki.openoffice.org/wiki/Special:Log/block I warned about exactly that, but I was asked (see JIRAs) to remove the cats (captcha). If you read the JIRA (which was watched be several in here) you will see my warning. The simple captcha we have in place, is browser safe, but not very efficient. I assume the admins as such wanted the change (otherwise I am sure the task would not have been added). Another captcha was suggested, but with the note not tested on mediawiki (or something similar). We only install extensions supported by mediawiki of course. A simpler solution: Why not add back the cat captcha, but only show it to the spammers? Regards, -Rob (OK. That is a joke. But I was once asked by a manager, many years ago, to improve a spell checker so it only reported misspellings of words that were in the dictionary.) I am happy, someone can make a joke out of a self imposed spam attack. I am surely too serious in my work, but would much more ike to see a community agreed solution, before we end having all admins fight spam (just remember last time). rgds jan I. If the admins wants a change, then please have a discussion about it on the ML, and once agreed upon, file a JIRA. rgds jan I. Please help. -- Regards, Helen - To unsubscribe, e-mail: dev-unsubscr...@openoffice.apache.org For additional commands, e-mail: dev-h...@openoffice.apache.org - To unsubscribe, e-mail: dev-unsubscr...@openoffice.apache.org For additional commands, e-mail: dev-h...@openoffice.apache.org
Re: [Mwiki] a massive spam attack. Again
jan i wrote: I warned about exactly that, but I was asked (see JIRAs) to remove the cats (captcha). If you read the JIRA (which was watched be several in here) you will see my warning. The idea was to replace the CAPTCHA with something better, otherwise we can (should) keep the current CAPTCHA and discuss a better solution in the meantime. The cats cause incompatibilities and other issues, but if they are much more effective than the replacement let's go back to the cats as soon as possible and in the meantime see what's best to replace them (but something MORE effective, not LESS effective!). Regards, Andrea. - To unsubscribe, e-mail: dev-unsubscr...@openoffice.apache.org For additional commands, e-mail: dev-h...@openoffice.apache.org
Re: [Mwiki] a massive spam attack. Again
On 6 February 2014 23:42, Andrea Pescetti pesce...@apache.org wrote: jan i wrote: I warned about exactly that, but I was asked (see JIRAs) to remove the cats (captcha). If you read the JIRA (which was watched be several in here) you will see my warning. The idea was to replace the CAPTCHA with something better, otherwise we can (should) keep the current CAPTCHA and discuss a better solution in the meantime. The cats cause incompatibilities and other issues, but if they are much more effective than the replacement let's go back to the cats as soon as possible and in the see what's best to replace them (but something MORE effective, not LESS effective!). May I politely correct you, the idea was NOT to replace the cats. The jira was implemented by the word ! The exact wording is: Wiki6: Cats/Dogs CAPTCHA for new user registration is quite broken. It doesn't work in several browser configurations, it includes HTTP instead of HTTPS https://issues.apache.org/ooo/show_bug.cgi?id=123695 - Recommended solution: drop it entirely. That statement is pretty clear, how it can be read as moving to something more effective slips my mind. later the jira contains: accessibility suggestion from Tyler (haven't tested MediaWiki compatibility): there is a website which provides text-based CAPTCHA's in the form of logic questions, math problems, etc. It provides an XML API. See http://www.textcaptcha.com/ Apart from the facts, thats its a suggestion and not a decision (like that above), we do not use extensions that are not supported by mediawiki (meaning downloadable from mediawiki.com and verified for our release). As a sidenote, that captcha is pretty much the same as the standard which are active right now. There are quite a lot of captcha´s out there, just looking at mediawiki.com extensions gives a lot of choises. At this point in time we have several choices: 1) leave the config as it is 2) reinstall cats 3) choose another captcha (in this case we need to decide which one). I am not the one to overrule a community decision (Wiki6), but I will happely implement another community decision. rgds jan I. Regards, Andrea. - To unsubscribe, e-mail: dev-unsubscr...@openoffice.apache.org For additional commands, e-mail: dev-h...@openoffice.apache.org
Re: [Mwiki] a massive spam attack. Again
On Thu, Feb 6, 2014 at 6:21 PM, jan i j...@apache.org wrote: On 6 February 2014 23:42, Andrea Pescetti pesce...@apache.org wrote: jan i wrote: I warned about exactly that, but I was asked (see JIRAs) to remove the cats (captcha). If you read the JIRA (which was watched be several in here) you will see my warning. The idea was to replace the CAPTCHA with something better, otherwise we can (should) keep the current CAPTCHA and discuss a better solution in the meantime. The cats cause incompatibilities and other issues, but if they are much more effective than the replacement let's go back to the cats as soon as possible and in the see what's best to replace them (but something MORE effective, not LESS effective!). May I politely correct you, the idea was NOT to replace the cats. The jira was implemented by the word ! The exact wording is: Wiki6: Cats/Dogs CAPTCHA for new user registration is quite broken. It doesn't work in several browser configurations, it includes HTTP instead of HTTPS https://issues.apache.org/ooo/show_bug.cgi?id=123695 - Recommended solution: drop it entirely. That statement is pretty clear, how it can be read as moving to something more effective slips my mind. later the jira contains: accessibility suggestion from Tyler (haven't tested MediaWiki compatibility): there is a website which provides text-based CAPTCHA's in the form of logic questions, math problems, etc. It provides an XML API. See http://www.textcaptcha.com/ Apart from the facts, thats its a suggestion and not a decision (like that above), we do not use extensions that are not supported by mediawiki (meaning downloadable from mediawiki.com and verified for our release). As a sidenote, that captcha is pretty much the same as the standard which are active right now. There are quite a lot of captcha´s out there, just looking at mediawiki.com extensions gives a lot of choises. At this point in time we have several choices: 1) leave the config as it is 2) reinstall cats 3) choose another captcha (in this case we need to decide which one). I am not the one to overrule a community decision (Wiki6), but I will happely implement another community decision. I hope you can simply restore cats if that can be done without too much trouble. Then we can discuss further and come to a community decision on what else to do, if anything. I hope you agree that there is zero benefit to accumulating additional spam while we discuss. Fix the immediate problem, then we can discuss longer term. This one area that Apache Infra knows how to do well. They know when it is important to act rather than discuss. I suggest that this is one of those times. Thanks! -Rob rgds jan I. Regards, Andrea. - To unsubscribe, e-mail: dev-unsubscr...@openoffice.apache.org For additional commands, e-mail: dev-h...@openoffice.apache.org - To unsubscribe, e-mail: dev-unsubscr...@openoffice.apache.org For additional commands, e-mail: dev-h...@openoffice.apache.org
Re: [Mwiki] a massive spam attack. Again
On 7 February 2014 00:45, Rob Weir robw...@apache.org wrote: On Thu, Feb 6, 2014 at 6:21 PM, jan i j...@apache.org wrote: On 6 February 2014 23:42, Andrea Pescetti pesce...@apache.org wrote: jan i wrote: I warned about exactly that, but I was asked (see JIRAs) to remove the cats (captcha). If you read the JIRA (which was watched be several in here) you will see my warning. The idea was to replace the CAPTCHA with something better, otherwise we can (should) keep the current CAPTCHA and discuss a better solution in the meantime. The cats cause incompatibilities and other issues, but if they are much more effective than the replacement let's go back to the cats as soon as possible and in the see what's best to replace them (but something MORE effective, not LESS effective!). May I politely correct you, the idea was NOT to replace the cats. The jira was implemented by the word ! The exact wording is: Wiki6: Cats/Dogs CAPTCHA for new user registration is quite broken. It doesn't work in several browser configurations, it includes HTTP instead of HTTPS https://issues.apache.org/ooo/show_bug.cgi?id=123695 - Recommended solution: drop it entirely. That statement is pretty clear, how it can be read as moving to something more effective slips my mind. later the jira contains: accessibility suggestion from Tyler (haven't tested MediaWiki compatibility): there is a website which provides text-based CAPTCHA's in the form of logic questions, math problems, etc. It provides an XML API. See http://www.textcaptcha.com/ Apart from the facts, thats its a suggestion and not a decision (like that above), we do not use extensions that are not supported by mediawiki (meaning downloadable from mediawiki.com and verified for our release). As a sidenote, that captcha is pretty much the same as the standard which are active right now. There are quite a lot of captcha´s out there, just looking at mediawiki.com extensions gives a lot of choises. At this point in time we have several choices: 1) leave the config as it is 2) reinstall cats 3) choose another captcha (in this case we need to decide which one). I am not the one to overrule a community decision (Wiki6), but I will happely implement another community decision. I hope you can simply restore cats if that can be done without too much trouble. Then we can discuss further and come to a community decision on what else to do, if anything. I hope you agree that there is zero benefit to accumulating additional spam while we discuss. Wiki have been upgraded, and respecting the jira I did not move the cat extension. Fix the immediate problem, then we can discuss longer term. This one area that Apache Infra knows how to do well. They know when it is important to act rather than discuss. I suggest that this is one of those times. I happen to agree with you, and it has actually not been possible to create new accounts for a while now. The configuration is changed so that only sysops can create new accounts. Now to the other partwe have discussed these issues for quite a long time, so it was a fair assumption to accept the jira as the community wish. Thanks! -Rob rgds jan I. Regards, Andrea. - To unsubscribe, e-mail: dev-unsubscr...@openoffice.apache.org For additional commands, e-mail: dev-h...@openoffice.apache.org - To unsubscribe, e-mail: dev-unsubscr...@openoffice.apache.org For additional commands, e-mail: dev-h...@openoffice.apache.org
Re: [Mwiki] a massive spam attack. Again
Hi - The JIRA is quoted but links or the JIRA ID would be helpful along with a link to the ML thread where the decision was made. It is hard to review this incident without these helpful pointers. Thanks, Dave On Feb 6, 2014, at 4:22 PM, jan i wrote: On 7 February 2014 00:45, Rob Weir robw...@apache.org wrote: On Thu, Feb 6, 2014 at 6:21 PM, jan i j...@apache.org wrote: On 6 February 2014 23:42, Andrea Pescetti pesce...@apache.org wrote: jan i wrote: I warned about exactly that, but I was asked (see JIRAs) to remove the cats (captcha). If you read the JIRA (which was watched be several in here) you will see my warning. The idea was to replace the CAPTCHA with something better, otherwise we can (should) keep the current CAPTCHA and discuss a better solution in the meantime. The cats cause incompatibilities and other issues, but if they are much more effective than the replacement let's go back to the cats as soon as possible and in the see what's best to replace them (but something MORE effective, not LESS effective!). May I politely correct you, the idea was NOT to replace the cats. The jira was implemented by the word ! The exact wording is: Wiki6: Cats/Dogs CAPTCHA for new user registration is quite broken. It doesn't work in several browser configurations, it includes HTTP instead of HTTPS https://issues.apache.org/ooo/show_bug.cgi?id=123695 - Recommended solution: drop it entirely. That statement is pretty clear, how it can be read as moving to something more effective slips my mind. later the jira contains: accessibility suggestion from Tyler (haven't tested MediaWiki compatibility): there is a website which provides text-based CAPTCHA's in the form of logic questions, math problems, etc. It provides an XML API. See http://www.textcaptcha.com/ Apart from the facts, thats its a suggestion and not a decision (like that above), we do not use extensions that are not supported by mediawiki (meaning downloadable from mediawiki.com and verified for our release). As a sidenote, that captcha is pretty much the same as the standard which are active right now. There are quite a lot of captcha´s out there, just looking at mediawiki.com extensions gives a lot of choises. At this point in time we have several choices: 1) leave the config as it is 2) reinstall cats 3) choose another captcha (in this case we need to decide which one). I am not the one to overrule a community decision (Wiki6), but I will happely implement another community decision. I hope you can simply restore cats if that can be done without too much trouble. Then we can discuss further and come to a community decision on what else to do, if anything. I hope you agree that there is zero benefit to accumulating additional spam while we discuss. Wiki have been upgraded, and respecting the jira I did not move the cat extension. Fix the immediate problem, then we can discuss longer term. This one area that Apache Infra knows how to do well. They know when it is important to act rather than discuss. I suggest that this is one of those times. I happen to agree with you, and it has actually not been possible to create new accounts for a while now. The configuration is changed so that only sysops can create new accounts. Now to the other partwe have discussed these issues for quite a long time, so it was a fair assumption to accept the jira as the community wish. Thanks! -Rob rgds jan I. Regards, Andrea. - To unsubscribe, e-mail: dev-unsubscr...@openoffice.apache.org For additional commands, e-mail: dev-h...@openoffice.apache.org - To unsubscribe, e-mail: dev-unsubscr...@openoffice.apache.org For additional commands, e-mail: dev-h...@openoffice.apache.org - To unsubscribe, e-mail: dev-unsubscr...@openoffice.apache.org For additional commands, e-mail: dev-h...@openoffice.apache.org
Re: [Mwiki] a massive spam attack. Again
2014-02-07 6:22 GMT+06:00 jan i j...@apache.org: The configuration is changed so that only sysops can create new accounts. A lot of thank you, Jan! You are our savior. For last 48 hours 3 wiki admins have deleted more than 1300 spam pages and blocked more than 800 spammer accounts. -- WBR, Helen - To unsubscribe, e-mail: dev-unsubscr...@openoffice.apache.org For additional commands, e-mail: dev-h...@openoffice.apache.org
Re: [Mwiki] a massive spam attack. Again
On 07/02/2014 jan i wrote: May I politely correct you, the idea was NOT to replace the cats. The jira was implemented by the word ! Yes, probably, but it was badly written in my mail that was then copied to JIRA. You, and a few others, know that the contents of that JIRA issue https://issues.apache.org/jira/browse/INFRA-7173 result from an afternoon I spent during the holidays trying to put together all pending improvement suggestions that had come to us through many channels. I didn't take care to put many explanations there. Wiki6: Cats/Dogs CAPTCHA for new user registration is quite broken. It doesn't work in several browser configurations, it includes HTTP instead of HTTPS https://issues.apache.org/ooo/show_bug.cgi?id=123695 - Recommended solution: drop it entirely. That specific suggestion was worded that way because I had read from someone (you, maybe?) that with the new improvements there could (just a possibility) be the possibility to do without the CAPTCHA. We tried, it didn't work and it's no problem to fix it immediately. That statement is pretty clear, how it can be read as moving to something more effective slips my mind. I wrote it in a wrong way giving somehow for granted that the MWiki upgrade would feature some native anti-spam measures and that those measures would suit our purpose. Again, we tried, they didn't, no problem to revert quickly. At this point in time we have several choices: 1) leave the config as it is 2) reinstall cats 3) choose another captcha (in this case we need to decide which one). I am not the one to overrule a community decision (Wiki6), but I will happely implement another community decision. The current remedy you put in place (no self account creation) will obviously work for the time being, thanks for being fast in reacting. So let's move forward and see what we can implement now: where's the list of CAPTCHA solutions on mediawiki.com? Do you have any recommendations or, on the contrary, any extensions that Infra is not going to allow? (By the way, the CAPTCHA issue exploded before I could review all items, but thank you for the work on all other pending issues! And let's get this one done properly too) Regards, Andrea. - To unsubscribe, e-mail: dev-unsubscr...@openoffice.apache.org For additional commands, e-mail: dev-h...@openoffice.apache.org
Re: [Mwiki] a massive spam attack. Again
On 7 February 2014 08:48, Andrea Pescetti pesce...@apache.org wrote: On 07/02/2014 jan i wrote: May I politely correct you, the idea was NOT to replace the cats. The jira was implemented by the word ! Yes, probably, but it was badly written in my mail that was then copied to JIRA. You, and a few others, know that the contents of that JIRA issue https://issues.apache.org/jira/browse/INFRA-7173 result from an afternoon I spent during the holidays trying to put together all pending improvement suggestions that had come to us through many channels. I didn't take care to put many explanations there. Wiki6: Cats/Dogs CAPTCHA for new user registration is quite broken. It doesn't work in several browser configurations, it includes HTTP instead of HTTPS https://issues.apache.org/ooo/show_bug.cgi?id=123695 - Recommended solution: drop it entirely. That specific suggestion was worded that way because I had read from someone (you, maybe?) that with the new improvements there could (just a possibility) be the possibility to do without the CAPTCHA. We tried, it didn't work and it's no problem to fix it immediately. That statement is pretty clear, how it can be read as moving to something more effective slips my mind. I wrote it in a wrong way giving somehow for granted that the MWiki upgrade would feature some native anti-spam measures and that those measures would suit our purpose. Again, we tried, they didn't, no problem to revert quickly. At this point in time we have several choices: 1) leave the config as it is 2) reinstall cats 3) choose another captcha (in this case we need to decide which one). I am not the one to overrule a community decision (Wiki6), but I will happely implement another community decision. The current remedy you put in place (no self account creation) will obviously work for the time being, thanks for being fast in reacting. So let's move forward and see what we can implement now: where's the list of CAPTCHA solutions on mediawiki.com? Do you have any recommendations or, on the contrary, any extensions that Infra is not going to allow? Anything found in http://www.mediawiki.org/wiki/Extension_Matrix/AllExtensions where mediawiki version allows 1.22 should do. Especially for CAPTCHA there is one other limitation. The extension must be self supported, NO calls to third party sites (since this is often used to collect information). rgds jan I. (By the way, the CAPTCHA issue exploded before I could review all items, but thank you for the work on all other pending issues! And let's get this one done properly too) Regards, Andrea. - To unsubscribe, e-mail: dev-unsubscr...@openoffice.apache.org For additional commands, e-mail: dev-h...@openoffice.apache.org
