[Nix-dev] Wiki spam

phreedom at yandex.ru phreedom at yandex.ru
Tue Oct 1 14:59:09 CEST 2013 

On Tuesday, October 01, 2013 02:52:14 PM Marc Weber wrote:
> > All these cookies and javascripts tend to break secure and efficient
> > setups :(
> Please make me understand why ?

Because both are off by default and require whitelisting, after you discover 
that something is broken. This should at least print a useful error message. A 
slightly tweaked registration form sounds like a much better idea though.

> My change is about adding a simple require_once 'create-user-guard.php'
> file. That can be automated. And even if not, it *does solve the problem*
> unless I get proven wrong. And if we do, we can be pretty sure that humans
> are spamming the wiki. And that would be a step towards solving the issue,
> too.
> 
> > Long-term automated solutions to *prevent* spam don't exist for a
> > growing community like nixos.
> 
> Don't overengineer. Don't think today about problems which may happen
> in 2 years.

I agree that a simple solution should be tried first. We'll still have a 
problem with useless web interface though :/

> Maybe its even enough to hide the string "Media Wiki" on each page?
> You can do so by adding a simple regex post processing to apache AFAIK.
> 
> We have to
> 
>   1) document what has been tried
> 
>   2) try new cheap things to find out whether bots are spamming - then
>     there should be simple soultions - or whether humans are spamming.
> 
> But I'll shut up. I've offered help. I don't have access, so I cannot
> change anything. If you want me to setup a demo how the addiotional non
> standard password protection would look like let me know.
> 
> But let's consider trying the trivial things first before asking people
> to spend money or concluding that changes are not maintainable.
> 
> Count the packages in nixpkgs to see how powerful the nixos community
> actually is. We should be able to cope with such a simple problem,
> unless the attackers spend much more effort than we do.
> 
> Another way to solve this issue would be not allowing to create new
> users automatically. Setup a simple form:
> 
> You want to become a wiki member?
>   username [ .. ]
>   password [ .. ]
> 
> and process this once every 2 weeks.
> 
> This should be less effort than deleting spam, too.
> 
> Marc Weber
> _______________________________________________
> nix-dev mailing list
> nix-dev at lists.science.uu.nl
> http://lists.science.uu.nl/mailman/listinfo/nix-dev

More information about the nix-dev mailing list