Sounds reasonable, but if accounts are indeed manually created, how is spam getting into the wiki then?
________________________________ From: Chris Buechler <[email protected]> To: [email protected] Sent: Fri, May 7, 2010 7:39:41 PM Subject: Re: [ossec-list] Re: Comprehensive manual - or - something On Thu, May 6, 2010 at 7:18 PM, Alessandro Di Giuseppe <[email protected]> wrote: > Re: Watch for spam and or defacement > Can't a CAPTCHA be implemented to prevent spambot from posting? > That's not nearly as effective as you might think, speaking from experience with involvement in other popular open source projects. After wasting entirely too much time cleaning up spam, I switched the sites I manage to only allow administrators to create of wiki accounts, as captchas only greatly reduced the spam (still leaving way too much to deal with, vs. the number of legit accounts that needed to be created). Manually creating the accounts, even several dozen a year, takes far less time than fighting spam. I believe OSSEC has used the same process from day one, as I recall having to email dcid to get my wiki account activated. Unless you have a site that's going to be edited by huge numbers of people like Wikipedia or something, it's just easier that way unfortunately.
