David Abrahams wrote:
Jeff Garland <jeff@crystalclearsoftware.com> writes:
David Abrahams wrote:
Jeff Garland <jeff@crystalclearsoftware.com> writes: Two reasons. That requires a software upgrade including data conversion to new wiki software. Second, based on my discussion with other wiki administrators it doesn't stop spammers -- they just register with a free email address and off they go.
Of course a few will do that. But isn't most spam done by automatic webcrawling software that seeks out open wikis and forums? As long as those abound, fewer spammers will bother with the protected one, right?
Nope, from what I understand the email registration test just doesn't work at all unless you want to put a human in the loop on all approvals, which prevents the casual update. Remember, we are dealing with folks that have hacked hundreds of machines, so a bunch of throwaway email addresses isn't a problem for them. A typical 200 page spam attack is done from 15-20 different IP addresses with each one spamming at about 1 page every 5 minutes. The reason they do this slowly is that many wiki's added a feature to prevent robo spamming by only allowing a slow number of changes per ip per unit time. So the spammers adapted...
That must also be why image verification is so widely used. If spammers were content to deface these sites by hand and use arbitrary amounts of subterfuge to do so, pretty much nothing could be effective against them.
Content banning is the most effective and that's what we currently do (see other mail). One thing I could do better is keeping up to date with some blacklists, but I just checked the main one I know of (http://chongqed.org/) and having the latest version of their database wouldn't have prevented the last 3 attacks.
Bottom line is that today's systeam takes me about 10 minutes per day. The only bad part is that it sometimes takes a bit more time to roll back if I don't happen to be online.
As long as you don't mind doing the work, I appreciate it, and of course it's okay with me.
In my ideal world we would upgrade the software and it would enable a group of moderators to trivially manage/revert/stop spam. We'll get there at some point, but the solution we have now is working well enough and I'm busy enough that I don't plan on pursuing this for awhile. Jeff