Hello, I've noticed a lot of spam on various Moin-based wikis recently, and I think that this is giving various users and admins reason to reconsider their use of Moin, rightly or wrongly. Although there are guides to anti-spam measures, Moin isn't really set up to resist the ills of the Internet by default, and perhaps we need safer defaults and a coherent guide to the techniques available to defeat spam.
My suggestions, which I will gladly write up in more detail, are as follows: Control access: decide on whether anyone can use or contribute to your wiki and thus who your users are; if you would prefer some form of identification or if you feel that it would help you identify good or bad contributions at a glance (an IP address or hostname in RecentChanges doesn't say a lot), restrict access using the acl_rights_default setting. Control registration: if your users are a predefined set controlled by other means, register them separately and disable the newaccount action using the actions_excluded setting. If you need users to be able to request registration, consider enabling textchas to make sure that only suitable users can register. Really control registration: for extra control over registration, perhaps use the http://www.moinmo.in/MoinMoinPatch/VerifyAccountCreationByEmail patch to require e-mail verification of account registration. Control editing: where the set of users is not limited and where people may be able to register and become eligible for editing, enable textchas to make sure that only suitable users can make edits. If you feel that users should be able to edit without textcha questions upon being registered, add them to the group specified in the textchas_disabled_group setting as soon as you can. Challenge editors properly: it should be said that if spammers have guessed the answer to a textcha question in order to register, they will be able to guess the answer to that question should it be asked upon editing, so it is vital to have high-quality textcha questions. The existing HelpOnSpam page provides plenty of advice on such matters. Really control editing: one action that puts edits in approval queues is http://www.moinmo.in/ActionMarket/ApproveChanges which effectively hides spam edits from most wiki users, although wiki reviewers will still be faced with these edits, albeit tucked away in subpages that can be deleted in their entirety if it all becomes too much work. Does anyone have any opinions about the above? I suspect that some wikis are let down by poor textcha questions or missing access control policy, so I'd like to be able to have something to show to the admins before they give up on Moin or on wikis in general. Paul ------------------------------------------------------------------------------ Learn the latest--Visual Studio 2012, SharePoint 2013, SQL 2012, more! Discover the easy way to master current and previous Microsoft technologies and advance your career. Get an incredible 1,500+ hours of step-by-step tutorial videos with LearnDevNow. Subscribe today and save! http://pubads.g.doubleclick.net/gampad/clk?id=58040911&iu=/4140/ostg.clktrk _______________________________________________ Moin-user mailing list Moin-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/moin-user
