On Mon, April 26, 2010 11:36 am, Matthias Schmidt wrote: > Hi, > > as you might noticed the amount of spam in our wiki increases (at least > in my opinion).
I'm only noticing one "spamming" event maybe every couple of weeks. Am I missing more items? I watch page changes through RSS. The old wiki was getting spammed multiple times an hour, so this is light, relatively speaking. I think we've really benefited from the wiki free-to-edit-and-revert style; the number of people making changes has gone up significantly. "zero", the number we had before, is easy to improve on - but even since it became truly wiki-like and open to editing the amount of contributions has improved. > - Registering a new account is no longer possible without administrator > approval. Is this supported by ikiwiki or would this lead to an > enormous amount of approval posts? Maybe Justin can comment on this > ... We can set it so that people need a password to create a new account; it could be a commonly known password or even something on the web page, like a lazy captcha. http://ikiwiki.info/plugins/passwordauth/ (account_creation_password option) I don't know how much difference this will make. There's also a spam filter: http://ikiwiki.info/plugins/blogspam/ This will reject changes that look spamm; I have not tried it but it won't hurt. Also, since it's stored in git, we can revert easily. If I (or someone) got around to setting the permissions right on the actual git repo, /usr/local/www/ikiwiki-srcdir/, you could even pull and revert without having to re-enter anything. > - Add some captchas to the wiki. I really hate (!) captchas, but if > this helps I'm fine with it. I haven't seen a single automated spam hit our site. They've all been attempts from individuals, as far as I can tell; the wiki equivalent of gold farmers. A captcha won't help with that. > - Maybe more ... > > IMO the current protection of our main website is too fragile. Some > weeks ago a malicious guy even managed it to remove our main site. And > while I'm here: it would be nice if we could enforce "commit messages" > for the wiki. Most people change things without explaining what > they're doing and you have to look into the git > changelog to figure it out. I'd like to see enforced messages too. I don't see an easy way to do that.
