Re: [Nix-dev] Wiki spam
On Wed, Nov 13, 2013 at 4:12 PM, Eelco Dolstra eelco.dols...@logicblox.comwrote: Hi all, I've done another purge of spam pages / accounts on the wiki [1]. Let's try to keep it spam-free this time :-) If you care about making/keeping the wiki useful and want to help, please let me know and I can give you access rights to block spammers and all that. This is great, thanks! I would love to join the fight against spam, my wiki user is: Goibhniu I've also enabled the spam blacklist extension (http://www.mediawiki.org/wiki/Extension:SpamBlacklist), which might help a bit. [1] Mostly done by deleting almost all pages that had no incoming links. Hopefully I didn't delete any legitimate content :-) Please make sure that when you add a page, it is linked from another article. Otherwise it may get nuked in the future. -- Eelco Dolstra | LogicBlox, Inc. | http://nixos.org/~eelco/ ___ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev ___ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev
Re: [Nix-dev] Wiki spam
2013/11/13 Eelco Dolstra eelco.dols...@logicblox.com: Hi all, I've done another purge of spam pages / accounts on the wiki [1]. Let's try to keep it spam-free this time :-) If you care about making/keeping the wiki useful and want to help, please let me know and I can give you access rights to block spammers and all that. Count me in :-) .. I'm plcplc on the wiki. I've also enabled the spam blacklist extension (http://www.mediawiki.org/wiki/Extension:SpamBlacklist), which might help a bit. [1] Mostly done by deleting almost all pages that had no incoming links. Hopefully I didn't delete any legitimate content :-) Please make sure that when you add a page, it is linked from another article. Otherwise it may get nuked in the future. -- Eelco Dolstra | LogicBlox, Inc. | http://nixos.org/~eelco/ ___ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev ___ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev
Re: [Nix-dev] Wiki spam
Well done (Thanks!). Pressing random page link 10 times only showed 'nix' content this time. Please make sure that when you add a page, it is linked from another article. This is mentioned here: https://nixos.org/wiki/Contributing briefly now. help .. I'd like to prevent spam rather then deleting spam. Thus if If there are still problems I'd like to implement what I proposed. The proposal is mentioned on this updated page: https://nixos.org/wiki/TODO_-_Cleaning_up_wiki_spam It was about introducing a custom cookie which must be set in order to see the standard registration/login forms. That would be set by redirecting to a simple form whose action would set the cookie. Thus if there are still problems please let me know. Marc Weber ___ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev
Re: [Nix-dev] Wiki spam
On Tuesday, October 01, 2013 03:29:53 PM Marc Weber wrote: Excerpts from phreedom's message of Tue Oct 01 14:59:09 +0200 2013: Because both are off by default and require whitelisting, cookies off? If cookies are off how does Mediawiki remember my name after logging in? it doesn't, but it provides a clear message that you need them enabled. There are of course better ways to track logins like session IDs, but that's another topic. Thinking about maintainability: We could also introduce a simple stateful proxy. user - proxy - media wiki the proxy returns special you're human login test if register new user form is requested. No idea which would be the best technology to implement it. Probbaly there are many ways. ___ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev
Re: [Nix-dev] Wiki spam
Excerpts from phreedom's message of Sat Oct 05 18:34:13 +0200 2013: it doesn't, but it provides a clear message that you need them enabled. There are of course better ways to track logins like session IDs, but that's another topic. So all we need is Eelco telling me Please test those 20 lines of PHP code an send me that small patch. Thus if he tells me try it I'l take care and spend the time. Note: Only the login page and create new user page will be affected. And if you login you need cookies anyway. Marc Weber ___ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev
Re: [Nix-dev] Wiki spam
On Monday, September 30, 2013 08:58:41 PM Marc Weber wrote: Excerpts from Philip Lykke Carlsen's message of Mon Sep 30 20:38:09 +0200 2013: If it was common practise for wikis to require user registrations lay a money deposit as security for constructive behaviour the problem would go away overnight. Sure. but can't we try a less intrusive non standard way first? Such as: if create user page / edit page is requested test for our own cookie. If cookie does not exist: redirect to custom password protection page, if simple password gets typed right, set cookie, redirect to previous page (also passing GET/POST vars) If cookie does exists: behave normally? then at least we'll know whether we get spammed by bots or humans. Humans will suceed. Bots should fail, because they were programmed to spawn standarrd media wikis only. Such an implementation is about 20-30 PHP lines or less which can be added to index.php ? Just tell me do it and I'll provide that code. We have somebody who is willing to delete the spam, what else do we need to win this situation? All these cookies and javascripts tend to break secure and efficient setups :( Long-term automated solutions to *prevent* spam don't exist for a growing community like nixos. Making it unprofitable though might work: pre-moderation(at least when links are added/modified), marking links as no-follow for search engines. Having a git-based wiki should help to efficiently delete spam. qgit + git cherry-pick should be like an order of magnitude faster than any web interface. ___ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev
Re: [Nix-dev] Wiki spam
All these cookies and javascripts tend to break secure and efficient setups :( Please make me understand why ? My change is about adding a simple require_once 'create-user-guard.php' file. That can be automated. And even if not, it *does solve the problem* unless I get proven wrong. And if we do, we can be pretty sure that humans are spamming the wiki. And that would be a step towards solving the issue, too. Long-term automated solutions to *prevent* spam don't exist for a growing community like nixos. Don't overengineer. Don't think today about problems which may happen in 2 years. Maybe its even enough to hide the string Media Wiki on each page? You can do so by adding a simple regex post processing to apache AFAIK. We have to 1) document what has been tried 2) try new cheap things to find out whether bots are spamming - then there should be simple soultions - or whether humans are spamming. But I'll shut up. I've offered help. I don't have access, so I cannot change anything. If you want me to setup a demo how the addiotional non standard password protection would look like let me know. But let's consider trying the trivial things first before asking people to spend money or concluding that changes are not maintainable. Count the packages in nixpkgs to see how powerful the nixos community actually is. We should be able to cope with such a simple problem, unless the attackers spend much more effort than we do. Another way to solve this issue would be not allowing to create new users automatically. Setup a simple form: You want to become a wiki member? username [ .. ] password [ .. ] and process this once every 2 weeks. This should be less effort than deleting spam, too. Marc Weber ___ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev
Re: [Nix-dev] Wiki spam
On Tuesday, October 01, 2013 02:52:14 PM Marc Weber wrote: All these cookies and javascripts tend to break secure and efficient setups :( Please make me understand why ? Because both are off by default and require whitelisting, after you discover that something is broken. This should at least print a useful error message. A slightly tweaked registration form sounds like a much better idea though. My change is about adding a simple require_once 'create-user-guard.php' file. That can be automated. And even if not, it *does solve the problem* unless I get proven wrong. And if we do, we can be pretty sure that humans are spamming the wiki. And that would be a step towards solving the issue, too. Long-term automated solutions to *prevent* spam don't exist for a growing community like nixos. Don't overengineer. Don't think today about problems which may happen in 2 years. I agree that a simple solution should be tried first. We'll still have a problem with useless web interface though :/ Maybe its even enough to hide the string Media Wiki on each page? You can do so by adding a simple regex post processing to apache AFAIK. We have to 1) document what has been tried 2) try new cheap things to find out whether bots are spamming - then there should be simple soultions - or whether humans are spamming. But I'll shut up. I've offered help. I don't have access, so I cannot change anything. If you want me to setup a demo how the addiotional non standard password protection would look like let me know. But let's consider trying the trivial things first before asking people to spend money or concluding that changes are not maintainable. Count the packages in nixpkgs to see how powerful the nixos community actually is. We should be able to cope with such a simple problem, unless the attackers spend much more effort than we do. Another way to solve this issue would be not allowing to create new users automatically. Setup a simple form: You want to become a wiki member? username [ .. ] password [ .. ] and process this once every 2 weeks. This should be less effort than deleting spam, too. Marc Weber ___ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev ___ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev
Re: [Nix-dev] Wiki spam
Excerpts from phreedom's message of Tue Oct 01 14:59:09 +0200 2013: Because both are off by default and require whitelisting, cookies off? If cookies are off how does Mediawiki remember my name after logging in? Thinking about maintainability: We could also introduce a simple stateful proxy. user - proxy - media wiki the proxy returns special you're human login test if register new user form is requested. No idea which would be the best technology to implement it. Probbaly there are many ways. Marc Weber ___ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev
Re: [Nix-dev] Wiki spam
Hi, On 30/09/13 06:53, Philip Carlsen wrote: I just joined this mailing list because nix(+os) seems like a very promising project. But the wiki is quite filled with spam pages, which I find off-putting as a newcomer, as it's usually a sign of a stagnating community. Now, I could just start manually deleting pages, but surely there is a better way. Most of the spam seems to originate from the same 5'ish accounts, so if there is a way to delete pages according to user that would seem the most effective measure. Unfortunately all attempts to prevent wiki spam (registration, captchas, etc.) have been in vain, and I don't really feel like spending an hour each week deleting spam accounts/pages. We may be better off switching to the GitHub wiki. -- Eelco Dolstra | LogicBlox, Inc. | http://nixos.org/~eelco/ ___ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev
Re: [Nix-dev] Wiki spam
On Monday, September 30, 2013 11:08:00 AM Eelco Dolstra wrote: Hi, On 30/09/13 06:53, Philip Carlsen wrote: I just joined this mailing list because nix(+os) seems like a very promising project. But the wiki is quite filled with spam pages, which I find off-putting as a newcomer, as it's usually a sign of a stagnating community. Now, I could just start manually deleting pages, but surely there is a better way. Most of the spam seems to originate from the same 5'ish accounts, so if there is a way to delete pages according to user that would seem the most effective measure. Unfortunately all attempts to prevent wiki spam (registration, captchas, etc.) have been in vain, and I don't really feel like spending an hour each week deleting spam accounts/pages. We may be better off switching to the GitHub wiki. and it also means you can edit wiki using sane tools like text editor and git ___ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev
Re: [Nix-dev] Wiki spam
Eelco: Have a look at vim-wiki.mawercer.de I have not yet had any spam. and if it happens its as easy as git revert. There is *no* password protection at all. You just have to use special ?get parameter. I know the design is not that pretty, its just a hack so that I don't have to type and talk about the same topics again. Maybe its also much less popular than nixos.org/wiki ... I seriously think that bots (or humans?) are specialized on media wiki. I think the real fix is using non standard wikis or doing anything non-standard, such as protecting login page by htaccess and dummy password. Something simple such as 'nixonixo' would probably be enough and more effective than captchas. If irc knowns about it .. Me too thinks that its bad to host spam. Additional alternatives such as github wiki has been discussed. And they are options, too. You can also access those git repositories easily. The community is strong enough to handle this. We just have to make a list of features we want and we must get started. Some additional discussions took place on this mailinglist earlier. How much spam does exist? Click the random page 10 times, then you'll know. click1: Multi-level Marketing Two Schools Of Believed Collide click2: Women's Manner Trend Principles To Stay By click3: Ageing Tips That Can Help You In The Process click4: Meet The Equipment Shop Manager click5: Picking out Straightforward Advice For beauty salon insurance I'm stopping here, you get it, all 5 pages are spam. I'm protecting against arbitrary spammers by adding a 1x1 px input spam bots are likely to fill, but humans miss. Thus if such a field is non empty I can disregard the request. The wiki is one of the weakest parts of this project. People spend their time on the libraries, packages and the core instead mostly. Marc Weber ___ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev
Re: [Nix-dev] Wiki spam
You don't have spam because nixos.org has pagerank 5, which makes it attractive to spammers in a way that humans are paid to enter spam links. Your site has pagerank of 0. On Mon, Sep 30, 2013 at 3:12 PM, Marc Weber marco-owe...@gmx.de wrote: Eelco: Have a look at vim-wiki.mawercer.de I have not yet had any spam. and if it happens its as easy as git revert. There is *no* password protection at all. You just have to use special ?get parameter. I know the design is not that pretty, its just a hack so that I don't have to type and talk about the same topics again. Maybe its also much less popular than nixos.org/wiki ... I seriously think that bots (or humans?) are specialized on media wiki. I think the real fix is using non standard wikis or doing anything non-standard, such as protecting login page by htaccess and dummy password. Something simple such as 'nixonixo' would probably be enough and more effective than captchas. If irc knowns about it .. Me too thinks that its bad to host spam. Additional alternatives such as github wiki has been discussed. And they are options, too. You can also access those git repositories easily. The community is strong enough to handle this. We just have to make a list of features we want and we must get started. Some additional discussions took place on this mailinglist earlier. How much spam does exist? Click the random page 10 times, then you'll know. click1: Multi-level Marketing Two Schools Of Believed Collide click2: Women's Manner Trend Principles To Stay By click3: Ageing Tips That Can Help You In The Process click4: Meet The Equipment Shop Manager click5: Picking out Straightforward Advice For beauty salon insurance I'm stopping here, you get it, all 5 pages are spam. I'm protecting against arbitrary spammers by adding a 1x1 px input spam bots are likely to fill, but humans miss. Thus if such a field is non empty I can disregard the request. The wiki is one of the weakest parts of this project. People spend their time on the libraries, packages and the core instead mostly. Marc Weber ___ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev ___ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev
Re: [Nix-dev] Wiki spam
On Monday 30 September 2013 15:18:19 Domen Kožar wrote: You don't have spam because nixos.org has pagerank 5, which makes it attractive to spammers in a way that humans are paid to enter spam links. Your site has pagerank of 0. On Mon, Sep 30, 2013 at 3:12 PM, Marc Weber marco-owe...@gmx.de wrote: Eelco: Have a look at vim-wiki.mawercer.de I have not yet had any spam. and if it happens its as easy as git revert. There is *no* password protection at all. You just have to use special ?get parameter. I know the design is not that pretty, its just a hack so that I don't have to type and talk about the same topics again. Maybe its also much less popular than nixos.org/wiki ... I seriously think that bots (or humans?) are specialized on media wiki. I think the real fix is using non standard wikis or doing anything non-standard, such as protecting login page by htaccess and dummy password. Something simple such as 'nixonixo' would probably be enough and more effective than captchas. If irc knowns about it .. Me too thinks that its bad to host spam. Additional alternatives such as github wiki has been discussed. And they are options, too. You can also access those git repositories easily. The community is strong enough to handle this. We just have to make a list of features we want and we must get started. Some additional discussions took place on this mailinglist earlier. How much spam does exist? Click the random page 10 times, then you'll know. click1: Multi-level Marketing Two Schools Of Believed Collide click2: Women's Manner Trend Principles To Stay By click3: Ageing Tips That Can Help You In The Process click4: Meet The Equipment Shop Manager click5: Picking out Straightforward Advice For beauty salon insurance I'm stopping here, you get it, all 5 pages are spam. I'm protecting against arbitrary spammers by adding a 1x1 px input spam bots are likely to fill, but humans miss. Thus if such a field is non empty I can disregard the request. The wiki is one of the weakest parts of this project. People spend their time on the libraries, packages and the core instead mostly. Marc Weber ___ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev If it was common practise for wikis to require user registrations lay a money deposit as security for constructive behaviour the problem would go away overnight. But it isn't, and implementing it would probably be a rather non-trivial task and also raise the bar to entry (due to inconvenience) for new good members too. If there is an effective interface (available to users) I don't mind spending some time tonight deleting spam.. -plc ___ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev
Re: [Nix-dev] Wiki spam
Excerpts from Philip Lykke Carlsen's message of Mon Sep 30 20:38:09 +0200 2013: If it was common practise for wikis to require user registrations lay a money deposit as security for constructive behaviour the problem would go away overnight. Sure. but can't we try a less intrusive non standard way first? Such as: if create user page / edit page is requested test for our own cookie. If cookie does not exist: redirect to custom password protection page, if simple password gets typed right, set cookie, redirect to previous page (also passing GET/POST vars) If cookie does exists: behave normally? then at least we'll know whether we get spammed by bots or humans. Humans will suceed. Bots should fail, because they were programmed to spawn standarrd media wikis only. Such an implementation is about 20-30 PHP lines or less which can be added to index.php ? Just tell me do it and I'll provide that code. We have somebody who is willing to delete the spam, what else do we need to win this situation? Marc Weber ___ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev
