On 10/01/2008, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: > > I had actually forgotten that you can block IP-addresses, that's pointless > in practice IMHO as well. > > > That leaves blocking terms. Too much work, when just doing a > > de-spamming "restore" is already too much work. I see that Simon still > > goes to the trouble, though. > > My experience is that blocking terms has worked really well on > wiki.lyx.org. The only repeat spam attacks within a "topic" are those > where I haven't added new key words to the block list. > > > Cool if there were a link "Restore and block" on the History view that, > > The main problem is picking suitable words to add to the block list, so it > might good if you'd see the original changes to the pages together with > Site.Blocklist, thus more easily being able pick a good word to block. > > Once I've blocked a word, I usually search the wiki and fix any other > pages that have been tampered with. > > The drawback with block words is of course if users of the site wish to > add text about e.g. 'online blackjack'... > > Anyway, this strategy (combined with URL-approve) has worked surprisingly > well to stop the spam attacks that the LyX wiki site used to suffer. > > Best regards > /Christian > > PS. Since I'm not the one that usually fixes spam attacks (others usually > beat me to it...), I look at the diff of the pages to pick out suitable > words to block. Looking at PmWiki, it seems that > > basroouel > > and > > libocacnoc > > might be spam, although it makes no sense to me...
In the recent attack many IP addresses defaced PmWiki by posting one to three messages consisting of unique random series of characters (as you show above). Banning these as keywords was pointless. Blocking IP addresses was effective in this case. Whether or not it makes sense is not the point. The problem is that is rapidly impacts a lot of pages, imho dents PmWiki's credibility, and makes the RecentChanges pages less than useful for following the meaningful and useful updates contributed by the community, and costs someone (eg Patrick) time to fix it up. A similar related problem we see is where no change is made to a page, but the author field has a random entry, again typically the IP address varies. Also, the spammer who replaces a page with 'happy christmas', or 'I like your website', difficult to ban by keyword because of the potential impact on users who might genuinely want to say these things. Food for thought. I'd suggest that the creation of all new groups and pages be protected using a capture or public password (eg see http://caving.wellington.net.nz/pmwiki/pmwiki.php/Main/WikiSandbox?action=edit ). Groups such as Main,Test,PITS,Profiles be similarly protected. cheers Simon See also http://pmwiki.org/wiki/PmWiki/Security#wikivandalism (contributions to this page solicited) _______________________________________________ pmwiki-users mailing list [email protected] http://www.pmichaud.com/mailman/listinfo/pmwiki-users
