On Aug 11, 2013, at 12:51 PM, Christian Stimming <christ...@cstimming.de> wrote:
> Am Samstag, 10. August 2013, 16:13:30 schrieb John Ralls: >> Christian, >> >> I get notified of changes via RSS to >> http://wiki.gnucash.org/wiki/Special:NewPages rather than RecentChanges, >> and I check my RSS reader 2-3 times a day. >> >> I don't remember seeing any spammer-user who'd created a user page, and when >> I follow the link to one that isn't blocked, I see the "not created" >> message and have no option to delete it. I looked at the last 2000 users >> who "have edits" and found none with User pages.Yet you delete a user page >> for everyone you block. What am I missing? > > I think the RSS feed only shows the RecentChanges in the "(Main)" namespace > [1], which does not include the user pages. I look at the RecentChanges in > the > "all" namespace [2] , which makes it harder to read, but shows some new pages > in the "User" namespace. In this view, I see the leftover spam user page > creations. I delete those and block the respective user, just as you delete > the normal pages and block those users. Yes, I figured that out. It also doesn't show me edited pages, so I've been missing spam that's added to existing pages as well. > >> I'm absolutely in favor of taking a more aggressive approach. By shutting >> off the "normal" registration, do you mean that new users would require an >> administrator to validate them? > > That's how I understand it, yes. I haven't found time to read the additional > information from mediawiki.org. Maybe there are technical solutions to this, > but if not, I'd prefer administrator validation over the continuous spam > pages. > OK. It looks like the easiest way to do that is to remove the create user privilege from "All", but then users will have to ask on the mailing list and we'll need to delete the several bazillion bogus users... and I don't see any interface visible to me for doing that. Ah, there's an extension for getting rid of all of the accounts which have never done an edit: http://www.mediawiki.org/wiki/Manual:RemoveUnusedAccounts.php Maybe run that once a month? For the bad accounts that have made edits, the procedure's a bit more complex: http://www.mediawiki.org/wiki/Manual:Preventing_access#Removing_accounts but they should all be blocked anyway. Next alternative would be to create a class of user called "editor"; if you select "show only users with edits" and "sort by creation date" on http://wiki.gnucash.org/wiki/Special:ListUsers it shows quite a few people with that next to their names. Page creation and editing could be limited to members of that group, and maybe Administrators could be given permission to move properly authenticated users into it. The relevant manual page is http://www.mediawiki.org/wiki/Manual:User_rights_management Regards, John Ralls _______________________________________________ gnucash-devel mailing list gnucash-devel@gnucash.org https://lists.gnucash.org/mailman/listinfo/gnucash-devel
