Menu
▾
▴
phpwiki-talk
|
From: Dan F. <dfr...@cs...> - 2005-10-12 00:16:10
|
Folks, This is just to let you know .. The "no more than 20 links" strategy worked fine for a long time. Just in past couple of days, spammers have rediscovered WikiLens with a vengeance, and they are submitting <<20 links (like 5). See, for example, http://www.wikilens.org/wiki.php/RequestedFeatures?action=PageHistory&version=19 I tried adding a verifying param to the URL ("site_token=wikilens1234") in case they were using a script to submit the edits directly, but it was circumvented immediately. It looks like they are finding the "Save" button somehow. I reverted for awhile, but finally got desparate and closed my wiki to anonymous edits! (ALLOW_ANON_EDIT=false. Note it was broken in 1.3.9, which is where we .. well, forked I guess, and it was broken there, so I had to make a quick fix). Any other spam filtering advice is welcome. I'd like to open up the wiki to anonymous edits again. :( Dan |
|
From: Reini U. <rei...@gm...> - 2005-10-12 05:41:13
|
This kind of five-casino-url spam (even with a nice announce) is imho not that annoying than hundreds of links making the text effectively unreadable. Only a global filterlist would help here. mediawiki is also looking into this. We will see. On 10/12/05, Dan Frankowski <dfr...@cs...> wrote: > This is just to let you know .. > > The "no more than 20 links" strategy worked fine for a long time. Just > in past couple of days, spammers have rediscovered WikiLens with a > vengeance, and they are submitting <<20 links (like 5). See, for example, > > http://www.wikilens.org/wiki.php/RequestedFeatures?action=3DPageHistory&v= ersion=3D19 > > I tried adding a verifying param to the URL ("site_token=3Dwikilens1234") > in case they were using a script to submit the edits directly, but it > was circumvented immediately. It looks like they are finding the "Save" > button somehow. > > I reverted for awhile, but finally got desparate and closed my wiki to > anonymous edits! (ALLOW_ANON_EDIT=3Dfalse. Note it was broken in 1.3.9, > which is where we .. well, forked I guess, and it was broken there, so I > had to make a quick fix). > > Any other spam filtering advice is welcome. I'd like to open up the wiki > to anonymous edits again. :( -- Reini Urban http://xarch.tu-graz.ac.at/home/rurban/ |
|
From: Reini U. <rei...@gm...> - 2005-10-12 05:43:55
|
BTW: I just forgot With the new revert button it's also very easy to get rid of thinks like th= at. You have to be admin or the ACL remove rights. On 10/12/05, Reini Urban <rei...@gm...> wrote: > This kind of five-casino-url spam (even with a nice announce) is > imho not that annoying than hundreds of links making the text > effectively unreadable. > > Only a global filterlist would help here. mediawiki is also > looking into this. We will see. > > On 10/12/05, Dan Frankowski <dfr...@cs...> wrote: > > This is just to let you know .. > > > > The "no more than 20 links" strategy worked fine for a long time. Just > > in past couple of days, spammers have rediscovered WikiLens with a > > vengeance, and they are submitting <<20 links (like 5). See, for exampl= e, > > > > http://www.wikilens.org/wiki.php/RequestedFeatures?action=3DPageHistory= &version=3D19 > > > > I tried adding a verifying param to the URL ("site_token=3Dwikilens1234= ") > > in case they were using a script to submit the edits directly, but it > > was circumvented immediately. It looks like they are finding the "Save" > > button somehow. > > > > I reverted for awhile, but finally got desparate and closed my wiki to > > anonymous edits! (ALLOW_ANON_EDIT=3Dfalse. Note it was broken in 1.3.9, > > which is where we .. well, forked I guess, and it was broken there, so = I > > had to make a quick fix). > > > > Any other spam filtering advice is welcome. I'd like to open up the wik= i > > to anonymous edits again. :( > -- > Reini Urban > http://xarch.tu-graz.ac.at/home/rurban/ > -- Reini Urban http://xarch.tu-graz.ac.at/home/rurban/ |
|
From: Dan F. <dfr...@cs...> - 2005-10-14 20:58:12
|
Reini Urban wrote: >This kind of five-casino-url spam (even with a nice announce) is >imho not that annoying than hundreds of links making the text >effectively unreadable. > > If you had my wiki, you would not say that. I'm getting killed. I even had to close the wiki, and now they are creating accounts to do it from the inside. VERY soon (like next day or so) I will have to implement filterlists. >Only a global filterlist would help here. mediawiki is also >looking into this. We will see. > > The "revert" button would be good too, but I am still at 1.3.9, and am afraid of the amount of effort it would take to get the revert button integrated. Dan |
|
From: Joel U. <uck...@el...> - 2005-10-15 16:05:11
|
> > If you had my wiki, you would not say that. I'm getting killed. I even > had to close the wiki, and now they are creating accounts to do it from > the inside. VERY soon (like next day or so) I will have to implement > filterlists. Can you tell how the spammers are doing it? If it's being done by a bot, then at least we can keep doing things to confuse it. But if it's become cost-effective for spammers to spam wikis by hand, then the game is over and we've lost. > > >Only a global filterlist would help here. mediawiki is also > >looking into this. We will see. > > > > > > The "revert" button would be good too, but I am still at 1.3.9, and am > afraid of the amount of effort it would take to get the revert button > integrated. I can say that using the Revert button is far better than manually reverting spammed pages; however, it wouldn't take much additional spamming to make using the Revert button unbearably time-consuming as well. Most of the spam I see on my wikis now involves putting the same single link on multiple pages, not multiple links on single pages. Reverting is much more efficient in the latter case than in the former. -- J. |
|
From: John K. <jo...@ke...> - 2005-10-16 07:34:50
|
At 18:04 +0200 15/10/05, Joel Uckelman wrote: >Can you tell how the spammers are doing it? If it's being done by a bot, >then at least we can keep doing things to confuse it. But if it's become >cost-effective for spammers to spam wikis by hand, then the game is over >and we've lost. My wikis send me an email whenever anyone makes a change, showing the new page text. Would it be possible to mail out a diff each time a page is edited, with a link at the bottom to revert to previous? John. -- ------------------------------------------------------------------- T:01274 581519 / M:07944 755613 www.kershaw.org jo...@ke... skype:johnmkershaw AIM:johnkershaw MSN:joh...@ho... |
|
From: Reini U. <rei...@gm...> - 2005-10-16 13:09:36
|
Sending the Diff plus the url for the diff is a standard feature. The revert url not directly. On 10/16/05, John Kershaw <jo...@ke...> wrote: > At 18:04 +0200 15/10/05, Joel Uckelman wrote: > >Can you tell how the spammers are doing it? If it's being done by a bot, > >then at least we can keep doing things to confuse it. But if it's become > >cost-effective for spammers to spam wikis by hand, then the game is over > >and we've lost. > > My wikis send me an email whenever anyone makes a change, showing the > new page text. Would it be possible to mail out a diff each time a > page is edited, with a link at the bottom to revert to previous? -- Reini |
|
From: Joel U. <uck...@el...> - 2005-10-16 15:24:20
|
> At 18:04 +0200 15/10/05, Joel Uckelman wrote:
> >Can you tell how the spammers are doing it? If it's being done by a bot,
> >then at least we can keep doing things to confuse it. But if it's become
> >cost-effective for spammers to spam wikis by hand, then the game is over
> >and we've lost.
>
> My wikis send me an email whenever anyone makes a change, showing the
> new page text. Would it be possible to mail out a diff each time a
> page is edited, with a link at the bottom to revert to previous?
The current version sends a diff instead of the full page text.
This happens in sendPageChangeNotification() in lib/WikiDB.php. All you'd
need to do is add a line to create the link:
$revertlink = WikiURL($this->_pagename, array('action'=>'revert','version'=>$previous), true);
and then make sure that $revertlink ends up in the mail which goes out at
toward the end of the function.
--
J.
|
|
From: Walter R. <wa...@ra...> - 2005-10-17 08:43:04
|
Hello, I was wondering if it's possible to adjust the phpwiki-rss-solution for other purposes. The RSS-Feed via RecentChanges is great, but I'm looking for a solution to create a Feed which has more "Blog-Style". For example an RSS-Feed generated from WikiBlogPlugin or from UnfoldSubPages which contains not just a summary but the actual page content also. I had no time yet to have a look into the code and will have none until november. I would be thankful for any starting hints. kind regards, Walter Rafelsberger -- | Contact. | | email | wa...@ra... | | web | www.rafelsberger.at | |
|
From: Reini U. <rei...@gm...> - 2005-10-17 08:53:37
|
Hi Walter, [I'm just in Vienna at the Viennale, BTW] Sure it is possible. It's even on my plan for 1.3.12, together with the other blog-like services: TalkBack and PingBack. RSS and ATOM for the latest blog entries (plugin BlogJournal) is the easies= t. The starting points would be RecentChanges and XmlRpcServer. On 10/17/05, Walter Rafelsberger <wa...@ra...> wrote: > I was wondering if it's possible to adjust the phpwiki-rss-solution > for other purposes. > The RSS-Feed via RecentChanges is great, but I'm looking for a > solution to create a Feed which has more "Blog-Style". > For example an RSS-Feed generated from WikiBlogPlugin or from > UnfoldSubPages which contains not just a summary but the actual page > content also. > I had no time yet to have a look into the code and will have none > until november. I would be thankful for any starting hints. -- Reini Urban |
|
From: Arnaud F. <ar...@cr...> - 2005-10-26 15:49:14
|
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Reini Urban wrote: > Hi Walter, > [I'm just in Vienna at the Viennale, BTW] > > Sure it is possible. It's even on my plan for 1.3.12, > together with the other blog-like services: TalkBack and PingBack. > RSS and ATOM for the latest blog entries (plugin BlogJournal) is the easiest. > > The starting points would be RecentChanges and XmlRpcServer. > > > On 10/17/05, Walter Rafelsberger <wa...@ra...> wrote: > >>I was wondering if it's possible to adjust the phpwiki-rss-solution >>for other purposes. >>The RSS-Feed via RecentChanges is great, but I'm looking for a >>solution to create a Feed which has more "Blog-Style". >>For example an RSS-Feed generated from WikiBlogPlugin or from >>UnfoldSubPages which contains not just a summary but the actual page >>content also. You also have the RSS feed from the RelatedChanges plugin. Arnaud -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFDX6V5yAf3wgFyy1ARAp5JAKCrUC4c40W4ZjdYYPGRrr41jTEHBACfWn6N RCsIrpHuXXolvgxS39knChc= =h+gQ -----END PGP SIGNATURE----- |
|
From: Dan F. <dfr...@cs...> - 2005-10-25 13:56:16
|
I don't know what "Revert" does, but if it's just to the previous
version, that's no good. Sometimes the spammers have changed the page
multiple revisions before I see it.
Anyway, I don't have time to constantly guard myself, and our community
is not large. I need something to significantly reduce the amount of
incoming spam. I closed my site to anonymous edits, but I'm getting
killed again the last couple of days.
I don't know if it's bots or not. I have to suspect bots. It looks kind
of like bots.
I am trying to enable a captcha upon login, but my PHP has libgd issues
at the moment. If that's not enough, I'll try to take the
captcha-on-edit feature, too.
Right now, I'm in trouble.
Dan
Joel Uckelman wrote:
>>At 18:04 +0200 15/10/05, Joel Uckelman wrote:
>>
>>
>>>Can you tell how the spammers are doing it? If it's being done by a bot,
>>>then at least we can keep doing things to confuse it. But if it's become
>>>cost-effective for spammers to spam wikis by hand, then the game is over
>>>and we've lost.
>>>
>>>
>>My wikis send me an email whenever anyone makes a change, showing the
>>new page text. Would it be possible to mail out a diff each time a
>>page is edited, with a link at the bottom to revert to previous?
>>
>>
>
>The current version sends a diff instead of the full page text.
>
>This happens in sendPageChangeNotification() in lib/WikiDB.php. All you'd
>need to do is add a line to create the link:
>
>$revertlink = WikiURL($this->_pagename, array('action'=>'revert','version'=>$previous), true);
>
>and then make sure that $revertlink ends up in the mail which goes out at
>toward the end of the function.
>
>
>
>
|
|
From: Robert C. J. <ro...@ar...> - 2005-10-25 14:06:45
|
On 25 Oct 2005 at 8:55, Dan Frankowski wrote: > > I don't know what "Revert" does, but if it's just to the previous > version, that's no good. Sometimes the spammers have changed the page > multiple revisions before I see it. > > Anyway, I don't have time to constantly guard myself, and > our community is not large. I need something to significantly > reduce the amount of incoming spam. I closed my site to > anonymous edits, but I'm getting killed again the last couple > of days. > > I don't know if it's bots or not. I have to suspect bots. It looks > kind of like bots. My Wiki got annihilated by a (or several) bots at the end of last week. From the logs, I see up to three different IP addresses working at the same time. It appears that one or two IP addresses do the scanning, and the third IP address immediately submits the change. I'll ban the IP addreses at the server level, but that's not going to fool them for long. They're probably zombie bots. They replaced every page in my wiki, including all the help and style pages, and added spam to the first day of every month of the current year on all pages that used the calendar plugin. Reverting this totally sucked. > I am trying to enable a captcha upon login, but my PHP has > libgd issues at the moment. If that's not enough, I'll try to take the > captcha-on-edit feature, too. > > Right now, I'm in trouble. I'm tryig to upgrade to 1.3.11p1, but I simply cannot get the upgrade to work. The ?action=upgrade does nothing, and all the pages come up blank. I've had to revert to 1.3.10. -- Rob Croson (ro...@ar...) Member of the Pegasus Mail and Mercury/32 Beta Test Teams Pegasus Mail and Mercury/32 Portal: http://email.arcm.com Visit the MailWiki: http://email.arcm.com/wiki Support Pegasus Mail: http://www.cafeshops.com/pegasusmail |
×
Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.
Thanks for helping keep SourceForge clean.
X