[Nix-dev] Wiki spam

Marc Weber marco-oweber at gmx.de
Tue Oct 1 14:52:14 CEST 2013


> All these cookies and javascripts tend to break secure and efficient setups :(
Please make me understand why ?

My change is about adding a simple require_once 'create-user-guard.php' file.
That can be automated. And even if not, it *does solve the problem*
unless I get proven wrong. And if we do, we can be pretty sure that
humans are spamming the wiki. And that would be a step towards solving
the issue, too.

> Long-term automated solutions to *prevent* spam don't exist for a
> growing community like nixos.
Don't overengineer. Don't think today about problems which may happen
in 2 years.

Maybe its even enough to hide the string "Media Wiki" on each page?
You can do so by adding a simple regex post processing to apache AFAIK.

We have to

  1) document what has been tried

  2) try new cheap things to find out whether bots are spamming - then
    there should be simple soultions - or whether humans are spamming.

But I'll shut up. I've offered help. I don't have access, so I cannot
change anything. If you want me to setup a demo how the addiotional non
standard password protection would look like let me know.

But let's consider trying the trivial things first before asking people
to spend money or concluding that changes are not maintainable.

Count the packages in nixpkgs to see how powerful the nixos community
actually is. We should be able to cope with such a simple problem,
unless the attackers spend much more effort than we do.

Another way to solve this issue would be not allowing to create new
users automatically. Setup a simple form:

You want to become a wiki member?
  username [ .. ]
  password [ .. ]

and process this once every 2 weeks.

This should be less effort than deleting spam, too.

Marc Weber


More information about the nix-dev mailing list