Menu
▾
▴
Fwd: Re: [Phpwiki-talk] Wiki spam and the future of phpwiki
|
From: Philip J. H. <ph...@po...> - 2005-03-31 15:49:55
|
This is a resend. Turns out you can't mention certain 'enhancement drugs' in your messages to sourceforge, so the original of this was bounced. -- Philip J. Hollenback ph...@po... www.hollenback.net ----- Original message ----- From: "Philip J. Hollenback" <ph...@po...> To: "Mario Salzer" <ma...@er...>, php...@li... Date: Thu, 31 Mar 2005 10:43:31 -0500 Subject: Re: [Phpwiki-talk] Wiki spam and the future of phpwiki Thanks for the well-reasoned response. It is true I know a lot more about the phpwiki code than the pmwiki code, so you could be entirely right there. However, I do think the point about phpwiki just covering way to many bases (in particular with things like database support) is a really important one - it makes testing phpwiki really, really difficult. The bugs certainly can be fixed - but will they? Or, will new features continue to be added instead? That is what I am unsure about with phpwiki. I am very curious to see the 1.3.11 release. The big thing I like about pmwiki is it's quite a bit simpler than phpwiki, and thus hopefully there are fewer chances for bugs. That's my optimistic guess, anyway. I will say that thanks to the responses on this list about the new features in 1.3.11 (in particular to combat spam) I am beginning to move back towards keeping my site on phpwiki. Plus I'm lazy and converting to another wiki is too much work. :) Some more comments below: On Thu, 31 Mar 2005 17:14:18 +0200, "Mario Salzer" <ma...@er...> said: > I can't comment much on PhpWiki development, but I doubt that any > eventual bugs couldn't be fixed. As for PmWiki, I think you're trading > something robust for spaghetti code and one of the more weird Wiki > markups around, if you'd really switch. The markup is different, but I find it a bit more intuitive in some ways. In particular, the link markup of [[ Some Text -> http://www.hollenback.net ]] or whatever is particularly easy to remember. That's just a personal opinion, though. > Link spam is a problem that escalated only this year, so it's clear > that we all first need to find "THE solution" to it. IP blocking and > whatnot blacklist however seem to be more hassle than they help here. > I had best results with blocking posts that contained more than a > fixed number of new links. AFAIK there is already such a plugin for > PhpWiki, so you should give that a try. (it's called > "LimitExternalLinks" elsewhere) Yes, several people have pointed that out, and it seems a good way to go. > I've lately completed a CAPTCHA, which is extremely easy to integrate > even if you don't have years of PHP experience. > http://freshmeat.net/p/captchaphp While allowing you to keep your Wiki > open, it's still a bit anti-Wiki to use captchas; but as last resort I > would recommend it. I don't particularly like captchas, but I am willing to try using them if it means I can leave my wiki open. > Most link spam hits the Wikis only accidentally, and was originally > targeted at BBcode- or HTML-enabled blog/comment sections. You'll > need something that blocks any "/^<a.+</a>$/" edit form submissions > then (also easy to do). > > In your case (500 edits) it however sounds like you've been attacked > targetedly - in such cases no anti-spam plugin will help you and > cleaning up the mess afterwards is the only solution. If you're using > a SQL database - that's often forgotten - then it's a snap to wipe > hundreds of pages at once, depending on a timestamp. Else you only > need the right tools - the funny WikiCommander and the "mass revert" > tools in the Wiki I'm working on would do. (I'm link spamming here ;) > http://erfurtwiki.sf.net/tools/ Our database API is extremely > simplistic, and so writing up some glue code for PhpWikis should be > trivial (right now we only have a PW plugin without ::DELETE support). It was specifically targeted, but the pages were all fairly similar and they appeared within a few minutes (maybe 30). Thus I think they were scripted in some way. The attack also exhibited some knowledge of phpwiki - the pages were added by a user called WikiGuest, so the attacker know about BogoLogins on phpwiki. I'm actually surprised they were done as 'minor edits' too, which would have kept me from finding them even longer. I was able to delete multiple pages at once by using the admin interface to phpwiki and selecting on page names, so I could delete all 20 pages with certain words in the title, etc. Ideally the admin interface will be expanded so I can do things like 'delete all pages created within the last hour' or similar. If my phpwiki had rate limiting, multiple link page rejection, and mass-delete admin tools, I could have managed this attack pretty quickly. > Whatever, I just wanted to comment that this is not a problem only > PhpWiki faces, and people all around are testing and writing tools to > combat link spam. And simple solutions surprisingly seem to work best. > http://www.emacswiki.org/cw-de/WikiSpam I am totally in agreement and I don't want to make it sound like the spam problem is specific to phpwiki. I think phpwiki-based wikis just get targetted a lot because there are a lot of them out there. This is a really good discussion because up until now this list has not had a lot to say about wiki spam. P. |
