From: Jeff Garland (jeff_at_[hidden])
Date: 2005-09-07 20:42:37
On Wed, 07 Sep 2005 13:53:22 -0400, Jeremy Maitin-Shepard wrote
> "Jeff Garland" <jeff_at_[hidden]> writes:
> > I'll take care of it. I have backups of the entire site. I've banned the IP
> > and will also be banning the particular link content so they can't spam
> > anymore. I didn't check, but I suspect the machine is a zombie since there
> > are actually multiple ips involved in the attack. Some of the Wiki spammers
> > have many machines to use b/c Wiki's have had IP banning for ages.
> How about requiring posters pass a CAPTCHA for each post to the wiki?
Well it may come to that if we have more of these kind of large-scale
incidents. This is only the third time we have had a major spam attack. The
previous ones were caught after about 100 pages were spammed. This one added
something like 3000 pages before it got shut down.
In general my goal has been to put as few human usability barriers in the way
of using the wiki while being able to shut out spammers after the first
incident and quickly recover all spammed pages. So far it's been working
well. In a more typical week we get about 3 spammers changing 1-2 pages per
incident. These look like they are done by hand and hence CAPTCHA would do
nothing to stop these. I've also resisted calls for registration as I'm fully
convinced that people smart enough to run bots to spam from 50 different IP
addresses will simply register to work around that barrier. And, one of the
bots was also smart enough to meter it's pace to work around 'throttling'
traps. So I don't put it past some of these guys to find a way around CAPTCHA
too. In the end, the critical thing is the backup -- no matter how bad the
spam, things can be restored easily...
Boost list run by bdawes at acm.org, gregod at cs.rpi.edu, cpdaniel at pacbell.net, john at johnmaddock.co.uk