[Mitchell == [EMAIL PROTECTED] on Wed, 27 Apr 2005 09:17:13 -0700] Mitchell> I don't really understand this issue -- Removing wiki spam Mitchell> promptly when it occurs is appreciated and useful, but is Mitchell> there a way to prevent it?
The fundamental issue is the registration process. You (should?) need to register to post, and if the process can be automated by a script, then spamming can be automated. But anyone can still go through the process manually and subsequently defile the public space; tragedy of the commons and all that. Simply the nature and cost of being open. I suspect that last night's round (3 attacks totals) was performed manually, unless for some reason anonymous users are allowed to edit people's home page. (Not sure why attacks were restricted to home pages). I can't really say more about what current TWiki procedures are in place, what specifically happened here, or whether there are TWiki bugs that allowed it without examining the server directly. Like all security issues, the profile/attractiveness of the target and the automatability of the attack govern the overall number of attacks. I suspect that the automatability is low, or you'd see more attacks already. Your attractiveness is low enough that a reasonable plan of record is to address it manually and readdress the issue if the frequency of attacks rise. The idea being that locking down changes across the site to only selected people would reduce OSAF openness, and while relatively few people come out of nowhere to contribute to the wiki, it does happen and is valuable enough to encourage. -- [EMAIL PROTECTED] War is God's way of teaching Americans geography. -Ambrose Bierce _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ Open Source Applications Foundation "Dev" mailing list http://lists.osafoundation.org/mailman/listinfo/dev
