Stories
Slash Boxes
Comments
NOTE: use Perl; is on undef hiatus. You can read content, but you can't post it. More info will be forthcoming forthcomingly.

All the Perl that's Practical to Extract and Report

use Perl Log In

Log In

[ Create a new account ]

AndyArmstrong (7200)

AndyArmstrong
  (email not shown publicly)
http://hexten.net/
Saturday May 05, 2007
08:57 AM

Perl QA wiki moved

[ #33204 ]

The current Perl QA wiki has been attracting a lot of spam recently - and we seem to have lost contact with Tyler MacDonald who as far as I know is the only person with admin access to it.

So I've moved all the content to perl-qa.hexten.net and set it up so that only registered users may edit. It's a shame to have to restrict access in that way; certainly we'll get fewer drive-by contributions as a result. On balance it's better than the message that a spam-riddled quality (quality!) wiki sends I think.

Please update bookmarks / links accordingly.

The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
 Full
 Abbreviated
 Hidden
More | Login | Reply
Loading... please wait.
  • If you'd implement a CAPTCHA to edit the wiki, the users didn't have to register and spam should be prohibited.

    You're probably no PHP guy, but I guess that some CAPTCHA plugins for MediaWiki exist.
    • I've seen forum spamming software which can register a new account, successfully answer the captcha, respond to a verification email, and /then/ post the spam - all fully automatic.
      If there's not yet similar software available for wikis, I'm sure it's not long coming.

      I even heard about a website recently (can't remember the name) which pays people to answer captchas.
      • It somewant explicitly wants to spam a certain site, it will be hard to fight that. The attacker just has to register itself on the site and can now spam it. But I assume that the QA wiki was a victim of random spam bots rather than trageted attacks. And most of those bots will be kept away by a CAPTCHA. If the wiki was targeted by a specific attacker, the need for registration won't bring any cure to the problems.
        • I think the way the software worked, was that it used a search engine to find sites using forum software that it knew about - I imagine it would search for particular markup that's common to that software.
          All it needs is a MediaWiki plugin, and any site using that software that google knows about is a potential target.
          • So an obligatory registering step wouldn't hinder _this_ bot either.

            If we conclude, that you cannot fight that intelligent bot, we don't have to think about that one any more.

            To fight stupid bots, a CAPTCHA should be enough and even harder for a bot than registering on the site.
            Additionally a CAPTCHA will be less work for the "drive-in" contributer, as no registration/check mail/log-in/repost is needed.
      • I've seen forum spamming software which can register a new account, successfully answer the captcha, respond to a verification email, and /then/ post the spam - all fully automatic.

        Yes, I've seen it too, there was a demonstration video posted on Reddit.com some time ago. The full video (no description) can be found here [botmaster.net].

        I think CAPTCHA is less effective than registering because if you catch a user spamming, you disable his account. If somebody bypasses a captcha, you're powerless. All you can do is clean up the broken pieces.