Menu
▾
▴
phpwiki-talk
|
From: Steve W. <sw...@pa...> - 2004-06-07 17:34:48
|
Nothing new here except a higher profile for the idea... http://news.netcraft.com/archives/2004/06/04/wikis_the_next_frontier_for_spammers.html ~swain ---- http://www.panix.com/~swain/ "It has all the faults of a photograph." -- David Hockney ---- |
|
From: Reini U. <ru...@x-...> - 2004-06-07 20:15:18
|
Steve Wainstead schrieb: > Nothing new here except a higher profile for the idea... > > http://news.netcraft.com/archives/2004/06/04/wikis_the_next_frontier_for_spammers.html Excluding the SandBox (robots.txt) is a very good idea. I did some more work on a new WikiAccessRestrictions plugin, but it's not ready yet. -- Reini Urban http://xarch.tu-graz.ac.at/home/rurban/ |
|
From: Dmitry M. <dm...@la...> - 2004-06-07 21:37:58
|
On Mon, Jun 07, 2004 at 10:15:12PM +0200, Reini Urban wrote: > Excluding the SandBox (robots.txt) is a very good idea. I'm not sure I understand. Why is the SandBox being singled out? It seems like pretty much any (unlocked) well-linked page could be abused in this way. Am I missing something? -D |
|
From: Reini U. <ru...@x-...> - 2004-06-07 21:57:01
|
Dmitry M. schrieb: > On Mon, Jun 07, 2004 at 10:15:12PM +0200, Reini Urban wrote: > >>Excluding the SandBox (robots.txt) is a very good idea. > > > I'm not sure I understand. Why is the SandBox being singled out? It > seems like pretty much any (unlocked) well-linked page could be abused > in this way. > > Am I missing something? Yes, that spammers are very lazy, and typically only edit the SandBox. Which is a luck for us because we even have a PhpWikiAdministration button to rake the sandbox, which can be done periodically and automatically. And the Sandbox is for sure linked from the HomePage, so it gets higher google ranks then other pages, which the spammer doesn't know by a short look (or an automatic script) -- Reini Urban http://xarch.tu-graz.ac.at/home/rurban/ |
|
From: Jon <d9...@na...> - 2004-06-07 20:23:45
|
On Mon, Jun 07, 2004 at 01:34:45PM -0400, Steve Wainstead wrote: > Nothing new here except a higher profile for the idea... > > http://news.netcraft.com/archives/2004/06/04/wikis_the_next_frontier_for_spammers.html If the goal of the spammer is higher google pagerank you could just force every link outside the wiki to a redirect script something like this: http://phpwiki.sourceforge.net/phpwiki/redirect?http://www.veryniceproduct.com or using google itself like described here: http://simon.incutio.com/archive/2003/10/13/linkRedirects http://simon.incutio.com/archive/2004/05/11/approved It looks a bit ugly and sometimes you do want to make normal links, but I guess it wouldn't hurt if this was enabled by default. It would probably mean a lot less spammers if they knew not to even bother with phpwikis. -- Jon Åslund |
|
From: electron <ele...@mg...> - 2004-06-08 07:54:48
|
I like the redirect idea. Plugin here we come.... It might also be an idea for anonymous edits to have to be approved by a registered user before making the current version of a page.=20 That's not in the spirit of wiki, but this next idea might be: Expanding on that idea: Based on referrer or user agent, we show a = version of the page that was last edited by a real user to the bot and leave the current version as it is to regular browsers. Any phpwikis get spammed recently? -Electrawn I've stopped 7,726 spam messages. You can too! One month FREE spam protection at http://www.cloudmark.com/spamnetsig/} -----Original Message----- From: php...@li... [mailto:php...@li...] On Behalf Of Steve Wainstead Sent: Monday, June 07, 2004 12:35 PM To: php...@li... Subject: [Phpwiki-talk] Wikis: The Next Frontier for Spammers? Nothing new here except a higher profile for the idea... http://news.netcraft.com/archives/2004/06/04/wikis_the_next_frontier_for_= spa mmers.html ~swain ---- http://www.panix.com/~swain/ "It has all the faults of a photograph." -- David Hockney ---- ------------------------------------------------------- This SF.Net email is sponsored by: GNOME Foundation Hackers Unite! GUADEC: The world's #1 Open Source Desktop Event. GNOME Users and Developers European Conference, 28-30th June in Norway http://2004/guadec.org _______________________________________________ Phpwiki-talk mailing list Php...@li... https://lists.sourceforge.net/lists/listinfo/phpwiki-talk |
|
From: Reini U. <ru...@x-...> - 2004-06-09 14:35:57
|
electron schrieb: > I like the redirect idea. Plugin here we come.... Well, I'm not convinced, since the backbutton will break. Maybe a list of registered external links will make sense. > It might also be an idea for anonymous edits to have to be approved by a > registered user before making the current version of a page. User approval? Not a bad idea. I'm just doing the gForge.org integration so that they can use phpwiki as plugin. They have such an approval scheme. FYI: gForge is the software which runs behind sourceforge.net. > That's not in the spirit of wiki, but this next idea might be: > > Expanding on that idea: Based on referrer or user agent, we show a version > of the page that was last edited by a real user to the bot and leave the > current version as it is to regular browsers. > > Any phpwikis get spammed recently? Not automatically yet. Just some trial sandbox spam with lots of links. I guess they just try if an automatic phpwiki spam-pester will make sense in terms of google ranks. -- Reini Urban http://xarch.tu-graz.ac.at/home/rurban/ |
|
From: Matthew P. <mp...@he...> - 2004-06-10 01:27:59
|
On Wed, Jun 09, 2004 at 04:35:49PM +0200, Reini Urban wrote: > FYI: gForge is the software which runs behind sourceforge.net. Eh? Since when? Last I looked, gForge was the Free Software implementation of the Sourceforge.net functionality, since VA Linux (or whoever's running that show this week) took SourceForge closed. Yep, at the bottom of the sf.net main page, we've got "Powered by SourceForge(tm) collaborative software development tools from VA Software". - Matt |
|
From: Reini U. <ru...@x-...> - 2004-06-10 09:41:53
|
Matthew Palmer schrieb: > On Wed, Jun 09, 2004 at 04:35:49PM +0200, Reini Urban wrote: >>FYI: gForge is the software which runs behind sourceforge.net. > > Eh? Since when? Last I looked, gForge was the Free Software implementation > of the Sourceforge.net functionality, since VA Linux (or whoever's running > that show this week) took SourceForge closed. > > Yep, at the bottom of the sf.net main page, we've got "Powered by > SourceForge(tm) collaborative software development tools from VA Software". Of course you are right. Better said, gForge is the opensource version and enhancement of the sf.net software. "The GForge project is a GPL (Free) Software project based on the original SourceForge.net system, which was closed by VA Linux in 2001." -- Reini Urban http://xarch.tu-graz.ac.at/home/rurban/ |
|
From: Bob A. <apt...@cy...> - 2004-06-08 13:09:16
|
Hi, On Mon, 7 Jun 2004 22:23:42 +0200 Jon =C5slund <d9...@na...> wrote: > On Mon, Jun 07, 2004 at 01:34:45PM -0400, Steve Wainstead wrote: > > Nothing new here except a higher profile for the idea... > > > > http://news.netcraft.com/archives/2004/06/04/wikis_the_next_frontier_fo= r_spammers.html >=20 > If the goal of the spammer is higher google pagerank you could just > force every link outside the wiki to a redirect script something like > this: >=20 > http://phpwiki.sourceforge.net/phpwiki/redirect?http://www.veryniceprodu= ct.com >=20 > or using google itself like described here: >=20 > http://simon.incutio.com/archive/2003/10/13/linkRedirects > http://simon.incutio.com/archive/2004/05/11/approved >=20 > It looks a bit ugly and sometimes you do want to make normal links, > but I guess it wouldn't hurt if this was enabled by default. It would > probably mean a lot less spammers if they knew not to even bother with > phpwikis. Redirects are fine as long as they don't naively redirect to any URL (such as http://phpwiki.sourceforge.net/phpwiki/redirect?http://www.veryniceproduct.= com) This will be abused worse than the sandbox as spammers will search for wikis that allow open redirection and abuse those sites in an effort to get around spam filters. For years the anti-spam community has been working to get sites such as Yahoo to close their open redirectors due to abuse (a recent example: http://rd.yahoo.com/UtcUssn/*http://www.deliveryisguranteed.com) A redirection system such as Shorl or TinyUrl is less prone to abuse, so if you decide to go with redirection, please consider encoding the destination url in the redirector to prevent trivial abuse. Another suggestion is to parse out the URLs in a page (at least those that allow anonymous editing) and check their domains against the SURBL (http://www.surbl.org/), taking care to scrape out hostnames and known rediriectors. The implementation guide at http://www.surbl.org/implementation.html has more specifics. Basically, if you find an URL like http://rd.yahoo.com/*http://www.something.hotbarnyardtonermortgage.ac.uk/en= largeyourxerox, you'll want to reduce that to hotbarnyardtonermortgage.ac.uk and do a DNS lookup for the A record of hotbarnyardtonermortgage.ac.uk.sc.surbl.org. If that comes back with 127.0.0.2, the URL is suspect. The SpamAssassin team has been working on supporting this for the upcoming 3.x release. SA is written in perl but it shouldn't take much to port the core of their work to PHP. Probably. Note also that anyone who implements such a thing in a portable fashion will become a hero of the blog community because they are suffering worse from link spamming than the wiki community. At least that's what the Geeklog people told me when I originally suggested this to them. And no, I don't have a lot of free time to implement this and my PHP skills are rudimentary at best, especially if you want something portable and reusable. Another quick and dirty hack to temporarily foil the bots that detect and mangle the sandbox is to dynamically change the name/url of the sandbox to something not so easily guessable (e.g. something different from SandBox.) It kinda goes against the spirit of a Wiki but there's little reason to allow the sandbox to be easily linked to or guessed. Add a serial number to the sandbox URL (alternating between SandBox12, 12SandBox, Sand12Box where 12 is the serial number. Better to md5() it...) and increment that number every time the sandbox is raked. In short, make the link difficult to guess programmatically. hth, -- Bob |
|
From: Steve W. <sw...@pa...> - 2004-06-08 18:46:41
|
On Tue, 8 Jun 2004, Bob Apthorpe wrote:
> Note also that anyone who implements such a thing in a portable fashion
> will become a hero of the blog community because they are suffering
> worse from link spamming than the wiki community. At least that's what
I'm also thinking that a randomly generated, one time password rendered in
an image would be sufficient to foil spambots and still allow anonymous
posting. The downside is: it requires graphics library with PHP. I think
it would be possible, though, to create a small library that takes a word
and renders it as ascii art, which would make it readable to humans only
(like the 'figlet' tool):
_ _
___ _ __ ___| |_(_)_ __ ___ ___
/ _ \| '_ \ / _ \ __| | '_ ` _ \ / _ \
| (_) | | | | __/ |_| | | | | | | __/
\___/|_| |_|\___|\__|_|_| |_| |_|\___|
~swain
----
http://www.panix.com/~swain/
"It has all the faults of a photograph." -- David Hockney
----
|
|
From: Bob A. <apt...@cy...> - 2004-06-08 20:06:38
|
Hi, On Tue, 8 Jun 2004, Steve Wainstead wrote: > I'm also thinking that a randomly generated, one time password rendered in > an image would be sufficient to foil spambots and still allow anonymous > posting. The downside is: it requires graphics library with PHP. I think > it would be possible, though, to create a small library that takes a word > and renders it as ascii art, which would make it readable to humans only s/humans/sighted humans/ I'm not a big fan of "captchas" due to accessibility issues but I am intrigued by those rendered as ASCII art... -- Bob |
|
From: Reini U. <ru...@x-...> - 2004-06-10 12:49:35
|
Steve Wainstead schrieb: > Nothing new here except a higher profile for the idea... > http://news.netcraft.com/archives/2004/06/04/wikis_the_next_frontier_for_spammers.html I wrote now code to forbid inlined images to appear smaller than some size. I want to allow horizontal "one-liners", but disallow "dots". Should a "dot size" of 6x6 be allowed or too small? Is this reasonable? //pseudocode in stdlib.php:LinkImage() // check width and height as spam countermeasure $width = $link->getAttr('width') $height = $link->getAttr('height'); or $size = @getimagesize($url); // checks images at external urls also. $width = (integer) $width; // px or % or other suffix $height = (integer) $height; if (($width < 3 and $height < 10) or ($height < 3 and $width < 20) or ($height < 7 and $width < 7)) { trigger_error(_("Invalid image size"), E_USER_NOTICE); return ''; } -- Reini Urban http://xarch.tu-graz.ac.at/home/rurban/ |
|
From: Dan F. <dfr...@cs...> - 2004-06-10 22:26:29
|
Reini Urban wrote: > Steve Wainstead schrieb: > >> Nothing new here except a higher profile for the idea... >> http://news.netcraft.com/archives/2004/06/04/wikis_the_next_frontier_for_spammers.html >> > > > I wrote now code to forbid inlined images to appear smaller than some > size. I want to allow horizontal "one-liners", but disallow "dots". > > Should a "dot size" of 6x6 be allowed or too small? > > Is this reasonable? Seems fine to me. Is it in response to some particular event or story? That might help you judge the appropriateness. Dan |
×
Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.
Thanks for helping keep SourceForge clean.
X