John Ackermann N8UR wrote:
HI David --
There's a bug (or more accurately, an unpleasant interaction)
Also know as "a feature" !
in the
combination of wiki software (moinmoin) and web server (apache with
mod-cgi) that I'm running that prevents second-level wiki names from
working without some special magic. I haven't had a chance to implement
that magic yet...
The "BadContent" page is actually an automatic download that drives a
simple spam prevention system.
I gathered it was for spam prevention.
The page is read-only and is
automatically updated daily from a server. There's really no harm in
having it visible, as the content can't be mucked with and it's all
publicly available from the upstream source. I don't know how well it
works yet, but the reports from others are that it's at least modestly
helpful. I'm hoping that the fact the wiki is set up to allow only
registered users to add or change pages will help, though that's far
from complete protection.
I'd beg to differ.
In the following, I am using a T rather than a V for the well known drug:
I can see the word Tiagra is in the list, but I can easily tell that by
swapping the i for a 1, it will be OK. Since that swap of i for 1 is
common, other spam filters will pick up on it. But you are basically
giving your rule set away.
I take your point that the list can be downloaded, but the average idiot
finding that will not download the source code and check. They are far
more likely to try a few combinations then give up. I think by making
the list too public on your own site, the effectiveness is reduced.
I would say it is a bug if the software you use requires the file to be
readable to the world. I would have thought it only necessary for a
script to parse that file, not make it publically visable.
The default apache configuruation stops any files begginging .ht from
being sent to a browser, yet they must have read permissions to the world.
I gave up on my guestbook years ago when it got spammed by DeutschePorn,
and I ended up turning comments off on my blog (which I use as a lab
notebook -- http://www.febo.com/geekworks/blog) when the same thing
happened. It's amazing how *anything* attracts spam.
Yes, I can understand you giving up with a guest book. I find it useful,
as the one I run often gets comments from those in the railway industry,
that I suspect might be relectant to post them if they had to register.
By the way -- for anyone interested, all the febo.com stuff is
self-hosted and I use my ISP (Roadrunner) purely for bandwidth -- all
the mail, web, ftp and other services run on a bunch of Linux machines
in my basement.
That works fine, if you don't have huge files. My uplink (download for
you) is only 256 kbit/s, which would be far too small to host that 600MB
5370B manual!!
I've got a few large files at http://www.g8wrb.org/ that really need
professional hosting, but other sites I run, I host myself. (Old Sun
SPARCstation 20).
John
----
David Kirkby wrote:
John Ackermann N8UR wrote:
I've set up a wiki at http://www.febo.com/time-nuts (I want to change
that to /wiki/time-nuts, but at the moment that doesn't seem to work).
John,
If you mean http://www.febo.com/wiki/time-nuts there is no reason that
can't be done. Any server should be able to handle that.
Or how about wiki.febo.com/time-nuts ?? That is harder to configure, but
can be done, if you have the right control at your ISP who your domain
is registered with.
I doubt you want to make this page public
http://www.febo.com/time-nuts/BadContent
It's a feast for those that want to circumvent the protection. w.
I run a guest book on
http://www.southminster-branch-line.org.uk/guest-book/guest-book.html
and have a bit of a battle with the idiots who try to put things on
there I don't want them too. What measures are taken (and some are) are
best kept to yourself.
I keep a record of all attempts at posts. Every time a post is made, a
record of it is kept. It is quite amusing to look at all the failed
attempts to circumvent the protection. Every time one manages to do
something I don't want them doing, I try to add a bit to keep one step
ahead.
_______________________________________________
time-nuts mailing list
[email protected]
https://www.febo.com/cgi-bin/mailman/listinfo/time-nuts
--
David Kirkby,
G8WRB
Please check out http://www.g8wrb.org/
of if you live in Essex http://www.southminster-branch-line.org.uk/
_______________________________________________
time-nuts mailing list
[email protected]
https://www.febo.com/cgi-bin/mailman/listinfo/time-nuts
