Problem with the Boost Wiki?
Hi, I did many fixes yesterday on http://www.crystalclearsoftware.com/cgi-bin/boost_wiki/wiki.pl?BoostConfig but they seem to have been reverted. Anyone knowing what's going on? --Gennaro.
Gennaro Prota wrote:
Hi,
I did many fixes yesterday on
http://www.crystalclearsoftware.com/cgi-bin/boost_wiki/wiki.pl?BoostConfig
but they seem to have been reverted. Anyone knowing what's going on?
Sorry, I had to revert a huge spam attack and I missed that you had made changes. Should be restored now. Jeff
Jeff Garland <jeff@crystalclearsoftware.com> writes:
Gennaro Prota wrote:
Hi,
I did many fixes yesterday on
http://www.crystalclearsoftware.com/cgi-bin/boost_wiki/wiki.pl?BoostConfig
but they seem to have been reverted. Anyone knowing what's going on?
Sorry, I had to revert a huge spam attack and I missed that you had made changes. Should be restored now.
Jeff, I still don't understand why we don't have a simple "register and reply to an email before editing" interface as so many public sites do. This constant battle against wiki spammers hardly seems worth the trouble. -- Dave Abrahams Boost Consulting www.boost-consulting.com
On Sun, 18 Jun 2006 15:38:45 -0400, David Abrahams <dave@boost-consulting.com> wrote:
Jeff,
I still don't understand why we don't have a simple "register and reply to an email before editing" interface as so many public sites do. This constant battle against wiki spammers hardly seems worth the trouble.
Indeed. And also having the user to enter the text content of a raster image (some Wikimedia wikis do this when links are added to a page, for instance) after any edit. --Gennaro.
Gennaro Prota wrote:
On Sun, 18 Jun 2006 15:38:45 -0400, David Abrahams <dave@boost-consulting.com> wrote:
Jeff,
I still don't understand why we don't have a simple "register and reply to an email before editing" interface as so many public sites do. This constant battle against wiki spammers hardly seems worth the trouble.
Indeed. And also having the user to enter the text content of a raster image (some Wikimedia wikis do this when links are added to a page, for instance) after any edit.
A captcha test might be a reasonable way to cut down on the robo spammers. But realize, there are lots of spammers out there and there are strategies for defeating captcha as well. And captcha is a problem for the visually impaired and dyslexics. For the most part, spammers currently get one shot at the Boost Wiki and then they are shut out via content banning -- I won't describe the details in public, but it is very effective. Yes, if they change their content then they can respam, but I typically IP ban as well. That said, the "big guys" have lots of bot machines to spam with, so IP banning doesn't do much. Anyway, what I've seen is that after a few tries when the spammers see quick reversions and content banning they give up... Jeff
David Abrahams wrote:
Jeff Garland <jeff@crystalclearsoftware.com> writes:
Gennaro Prota wrote:
Hi,
I did many fixes yesterday on
http://www.crystalclearsoftware.com/cgi-bin/boost_wiki/wiki.pl?BoostConfig
but they seem to have been reverted. Anyone knowing what's going on? Sorry, I had to revert a huge spam attack and I missed that you had made changes. Should be restored now.
Jeff,
I still don't understand why we don't have a simple "register and reply to an email before editing" interface as so many public sites do. This constant battle against wiki spammers hardly seems worth the trouble.
Two reasons. That requires a software upgrade including data conversion to new wiki software. Second, based on my discussion with other wiki administrators it doesn't stop spammers -- they just register with a free email address and off they go. Bottom line is that today's system takes me about 10 minutes per day. The only bad part is that it sometimes takes a bit more time to roll back if I don't happen to be online. Jeff
Jeff Garland <jeff@crystalclearsoftware.com> writes:
David Abrahams wrote:
Jeff Garland <jeff@crystalclearsoftware.com> writes:
Two reasons. That requires a software upgrade including data conversion to new wiki software. Second, based on my discussion with other wiki administrators it doesn't stop spammers -- they just register with a free email address and off they go.
Of course a few will do that. But isn't most spam done by automatic webcrawling software that seeks out open wikis and forums? As long as those abound, fewer spammers will bother with the protected one, right? That must also be why image verification is so widely used. If spammers were content to deface these sites by hand and use arbitrary amounts of subterfuge to do so, pretty much nothing could be effective against them.
Bottom line is that today's systeam takes me about 10 minutes per day. The only bad part is that it sometimes takes a bit more time to roll back if I don't happen to be online.
As long as you don't mind doing the work, I appreciate it, and of course it's okay with me. -- Dave Abrahams Boost Consulting www.boost-consulting.com
David Abrahams wrote:
Jeff Garland <jeff@crystalclearsoftware.com> writes:
David Abrahams wrote:
Jeff Garland <jeff@crystalclearsoftware.com> writes: Two reasons. That requires a software upgrade including data conversion to new wiki software. Second, based on my discussion with other wiki administrators it doesn't stop spammers -- they just register with a free email address and off they go.
Of course a few will do that. But isn't most spam done by automatic webcrawling software that seeks out open wikis and forums? As long as those abound, fewer spammers will bother with the protected one, right?
Nope, from what I understand the email registration test just doesn't work at all unless you want to put a human in the loop on all approvals, which prevents the casual update. Remember, we are dealing with folks that have hacked hundreds of machines, so a bunch of throwaway email addresses isn't a problem for them. A typical 200 page spam attack is done from 15-20 different IP addresses with each one spamming at about 1 page every 5 minutes. The reason they do this slowly is that many wiki's added a feature to prevent robo spamming by only allowing a slow number of changes per ip per unit time. So the spammers adapted...
That must also be why image verification is so widely used. If spammers were content to deface these sites by hand and use arbitrary amounts of subterfuge to do so, pretty much nothing could be effective against them.
Content banning is the most effective and that's what we currently do (see other mail). One thing I could do better is keeping up to date with some blacklists, but I just checked the main one I know of (http://chongqed.org/) and having the latest version of their database wouldn't have prevented the last 3 attacks.
Bottom line is that today's systeam takes me about 10 minutes per day. The only bad part is that it sometimes takes a bit more time to roll back if I don't happen to be online.
As long as you don't mind doing the work, I appreciate it, and of course it's okay with me.
In my ideal world we would upgrade the software and it would enable a group of moderators to trivially manage/revert/stop spam. We'll get there at some point, but the solution we have now is working well enough and I'm busy enough that I don't plan on pursuing this for awhile. Jeff
Jeff Garland <jeff@crystalclearsoftware.com> writes:
David Abrahams wrote:
Jeff Garland <jeff@crystalclearsoftware.com> writes:
David Abrahams wrote:
Jeff Garland <jeff@crystalclearsoftware.com> writes: Two reasons. That requires a software upgrade including data conversion to new wiki software. Second, based on my discussion with other wiki administrators it doesn't stop spammers -- they just register with a free email address and off they go.
Of course a few will do that. But isn't most spam done by automatic webcrawling software that seeks out open wikis and forums? As long as those abound, fewer spammers will bother with the protected one, right?
Nope, from what I understand the email registration test just doesn't work at all unless you want to put a human in the loop on all approvals, which prevents the casual update. Remember, we are dealing with folks that have hacked hundreds of machines, so a bunch of throwaway email addresses isn't a problem for them. A typical 200 page spam attack is done from 15-20 different IP addresses with each one spamming at about 1 page every 5 minutes. The reason they do this slowly is that many wiki's added a feature to prevent robo spamming by only allowing a slow number of changes per ip per unit time. So the spammers adapted...
In that case, I wonder why we never see spam posts by first-time Boost posters.
Bottom line is that today's systeam takes me about 10 minutes per day. The only bad part is that it sometimes takes a bit more time to roll back if I don't happen to be online.
As long as you don't mind doing the work, I appreciate it, and of course it's okay with me.
In my ideal world we would upgrade the software and it would enable a group of moderators to trivially manage/revert/stop spam. We'll get there at some point, but the solution we have now is working well enough and I'm busy enough that I don't plan on pursuing this for awhile.
Understood. -- Dave Abrahams Boost Consulting www.boost-consulting.com
participants (3)
-
David Abrahams -
Gennaro Prota -
Jeff Garland