[dokuwiki] Re: Anti spam brainstorming
- From: Rainer Weinhold <inforw@xxxxxx>
- To: dokuwiki@xxxxxxxxxxxxx
- Date: Fri, 10 Nov 2006 20:20:27 +0900
Hi,
I'm not sure, where I saw this, prob wikipedia, but they use a
mathematical Question:
Please enter <here> the result of 5+4
I think this is really cool because I also train's my mind ;-) and
screenreaders should still be able to work.
Rainer
Andreas Gohr schrieb:
> Hi *!
>
> As you may have noticed, DokuWiki was hit by large automated spam
> attacks several times recently and we need to think how we can prevent
> this in the future without loosing the openess of the Wiki.
>
> What follows here is a braindump of my ideas and actions. I like to get
> as many input and ideas from you on what we can do better in DokuWiki
> to fight spam.
>
> I like to find solutions against automated spam without using CAPTCHAS
> first but we possibly should create a CAPTCHA plugin anyway. I will
> have a look in how to convert the CAPTCHA from MTC to a DokuWiki plugin.
>
> As a first start I just added my revert plugin to darcs. It's in a very
> rough state and needs to be improved, but I think we need to include
> this functionality in the next release to give people a way to quickly
> revert spam.
>
> I asked at the WikiMatrix forum [1] for other Wiki authors solutions.
> Peter Thoeny pointed me to a blacklist [2] used by MoinMoin, TWiki and
> MediaWiki. This list is much bigger than the one from chonqued which
> DokuWiki uses currently. But both lists differ - using both results in
> blacklist of about 400kb - quite heavy. And a blacklist is no 100%
> safety.
>
> I also experimented with the Akismet service but the results are
> disappointing. It would have blocked the most recent attack right away.
> But unfortunately it blocks many many valid edits as well, so this is
> not usable currently. Maybe it could be combined with a CAPTCHA
> mechanism.
>
> Checking the splogspot [6] could be an idea as well.
>
> Another idea is to implement some surge protect against many edits in a
> short time. The recent spammings used many different IP addresses so we
> can not bind this to a post-per-ip limit. Any ideas?
>
> Some Wikis implement another check which do not allow posting too much
> links in one edit. But I doubt this would work too well and would only
> encourage spammers to post their links one by one, making reverting
> even harder.
>
> The ip's used seem to be either trojaned PCs or open proxies. The bad
> behavior plugin already checks some blackhole lists but those blacklists
> are for open mail relays. Maybe a different blackhole list like [5]
> could work better. Problem with those lists are legit users getting a
> blocked dynamic IP address.
>
> Maybe we can learn from the methods used in fighting email spam.
> Bayesian filters might work but training them might prove complicated.
> We could also try to check against Vipul's razor [7].
>
> okay, brain dumped. Please comment on those ideas and please add your
> own.
>
> [1] http://www.wikimatrix.org/forum/viewtopic.php?pid=645
> [2] http://arch.thinkmo.de/cgi-bin/spam-merge
> [3] http://wiki.splitbrain.org/plugin:akismet
> [4] http://wiki.splitbrain.org/plugin:badbehaviour
> [5] http://www.gearhack.com/Articles/FightSpam/
> [6] http://splogspot.com/pages/dump
> [7] http://razor.sourceforge.net/
>
Other related posts:
