phpwiki-talk

[Phpwiki-talk] Preventing Wiki spam

[Charles C. <ch...@ru...>]

Hi,

I use a wiki (phpwhiki v1.2) that is frequently hit by vandals/wiki spam.
I am implementing phpwiki CVS 1.3.11pre to allow the wiki to be read
without authentication but to require logins for editing etc.

However, anyone can create a new id in a few seconds and then vandalise
away...  Is there any suggestions as to how I can make user id
creation/authorisation 2-phase. What I would like is for users to self
register but be treated as anonymous until an adminstrator authorises them
to edit/create pages.

Is there an alternative configuration of the wiki to achieve this?

I am using MySQL 4.0.20 to hold the user tables. PHP 4.3.8, Apache 1.3.31,
Linux 2.4.21.

regards,
Charles

Re: [Phpwiki-talk] Preventing Wiki spam

[Daniel C. <dcr...@gm...>]

For some reason, I thought this was going to be about spam on the
phpwiki mailing list...


On Tue, 16 Nov 2004 11:59:34 +0800 (SGT), Charles Corrigan
<ch...@ru...> wrote:
> Hi,
> 
> I use a wiki (phpwhiki v1.2) that is frequently hit by vandals/wiki spam.
> I am implementing phpwiki CVS 1.3.11pre to allow the wiki to be read
> without authentication but to require logins for editing etc.
> 
> However, anyone can create a new id in a few seconds and then vandalise
> away...  Is there any suggestions as to how I can make user id
> creation/authorisation 2-phase. What I would like is for users to self
> register but be treated as anonymous until an adminstrator authorises them
> to edit/create pages.
> 
> Is there an alternative configuration of the wiki to achieve this?
> 
> I am using MySQL 4.0.20 to hold the user tables. PHP 4.3.8, Apache 1.3.31,
> Linux 2.4.21.
> 
> regards,
> Charles
> 
> -------------------------------------------------------
> This SF.Net email is sponsored by: InterSystems CACHE
> FREE OODBMS DOWNLOAD - A multidimensional database that combines
> robust object and relational technologies, making it a perfect match
> for Java, C++,COM, XML, ODBC and JDBC. www.intersystems.com/match8
> _______________________________________________
> Phpwiki-talk mailing list
> Php...@li...
> https://lists.sourceforge.net/lists/listinfo/phpwiki-talk
>

Re: [Phpwiki-talk] Preventing Wiki spam

[Charles C. <ch...@ru...>]

On Tue, November 16, 2004 15:45, Daniel C. said:
> For some reason, I thought this was going to be about spam on the
> phpwiki mailing list...

Hmmm! yes, the subject should have been a bit different...

regards,
Charles

Re: [Phpwiki-talk] Preventing Wiki spam

[Reini U. <ru...@x-...>]

Charles Corrigan schrieb:
> I use a wiki (phpwhiki v1.2) that is frequently hit by vandals/wiki spam.
> I am implementing phpwiki CVS 1.3.11pre to allow the wiki to be read
> without authentication but to require logins for editing etc.
> 
> However, anyone can create a new id in a few seconds and then vandalise
> away...  Is there any suggestions as to how I can make user id
> creation/authorisation 2-phase. What I would like is for users to self
> register but be treated as anonymous until an adminstrator authorises them
> to edit/create pages.
> 
> Is there an alternative configuration of the wiki to achieve this?

So far the best is to use PageChangeNotification, which catches every 
spam attempt. Last on saturday.

We have three more options:
* phpwiki.org/PageModeration
   (delay any action on a page, after a moderator accepts it),
* the WikiAccessRestriction plugin I was working on,
* and the proposed external hook to spamassasin (babycart) after every edit.

All of these will not be ready for 1.3.11.

Your two-phase user creation would also be cool, but I haven't thought 
about that yet. Though that's the tradional method.

I'm much more concerned about 8MB memory limit, the still pending sf.net 
upgrade (they promised it two weeks ago), and my latest WikiDB changes.

> I am using MySQL 4.0.20 to hold the user tables. PHP 4.3.8, Apache 1.3.31,
> Linux 2.4.21.
-- 
Reini Urban
http://xarch.tu-graz.ac.at/home/rurban/

[Phpwiki-talk] Two-phase user registration/authorisation - was RE: Preventing Wiki spam

[Charles C. <ch...@ru...>]

Reini Urban wrote:
> Charles Corrigan schrieb:
> > However, anyone can create a new id in a few seconds and then
> > vandalise away...  Is there any suggestions as to how I can make
> > user id creation/authorisation 2-phase. What I would like is for
> > users to self register but be treated as anonymous until an
> > adminstrator authorises them to edit/create pages.
> >
> > Is there an alternative configuration of the wiki to achieve
> > this?
>
> So far the best is to use PageChangeNotification, which catches
> every spam attempt. Last on saturday.
>
> We have three more options:
> * phpwiki.org/PageModeration
>    (delay any action on a page, after a moderator accepts it),
> * the WikiAccessRestriction plugin I was working on,
> * and the proposed external hook to spamassasin (babycart) after
>   every edit.

Trying to think laterally...

Is there the possibility of using the groups facility and page acls to set
all pages as editable only by members of the group, say, "writers".  The two
phase part is then for the administrators to add users to the "writers"
group. There is also the small matter of ensuring that all new pages get the
correct acl..

> All of these will not be ready for 1.3.11.

> Your two-phase user creation would also be cool, but I haven't
> thought about that yet. Though that's the tradional method.

> I'm much more concerned about 8MB memory limit, the still pending
> sf.net upgrade (they promised it two weeks ago), and my latest
> WikiDB changes.

Sounds about right...

Regards,
Charles