major wiki-spam alert !

Sy sy1235-Re5JQEeQqe8AvxtiuMwx3w at public.gmane.org
Wed Jul 20 12:29:12 UTC 2005 

Ok, so we do have one voice voting for requiring usernames.  If a few
other people speak up, this is a setting that can be made mandatory
quite easily..  Assuming I can remember how to ssh in.  ;)

Regarding the IP blocking techniques, I took some notes on this topic:

http://jrandomhacker.info/mw/index.php/.htaccess#Banning_IPs
http://jrandomhacker.info/mw/index.php/Mod_rewrite#IP_Banning
See also:
http://jrandomhacker.info/mw/index.php/Computer_security

If there is interest, I do have the time to merge the various security
notes into one topic and I'd be fine with collaborating on the issue
as well as spreading the knowledge.

On this note, I feel that an application (perl or otherwise) would not
be suited for a solution.  If that route were taken, I'd be more
likely to find an open source package that handles this.  Having said
that, I'm not comfortable with slapping such things on someone else's
server.

Having said all that, again I state that there doesn't seem to be much
of a problem that needs solving.  If anyone finds that this is an itch
they would like to scratch then I'd be fine with some mod_rewrite
collaboration (see the above links), but an application would be too
much.



On 7/19/05, Peter <plp-ysDPMY98cNQDDBjDh4tngg at public.gmane.org> wrote:
> 
> 
> On Tue, 19 Jul 2005, Robert Brockway wrote:
> 
> > Mediawiki allows you to revert cleanly to an older version of a page -
> > allowing for rapid restoration of the page to a pre-spam state.
> 
> What does MediaWiki store for old pages ? The whole thing ? A diff ? cvs
> ?

I was quite horrified to learn this, but right now they're dumb enough
to store a complete copy of the original file.  They are working on
storing just a diff.

Furthermore, the diff is easily available through history, which means
that the spam can still benefit because it's read in the page's
history.  This is why I end up deleting a page and recreating it to
destroy its history (although it's still buried back there, just not
publically accessible).


It occurs to me that another method of "spam prevention" is that
MediaWiki can be made to have all external links go through Google's
redirects.  I have two issues with this:  One is that I'd rather not
freely inform Google of all click traffic, and I hate having "dirty
URLs" with redirectspam in them.
--
The Toronto Linux Users Group.      Meetings: http://tlug.ss.org
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://tlug.ss.org/subscribe.shtml

More information about the Legacy mailing list