Stories
Slash Boxes
Comments
NOTE: use Perl; is on undef hiatus. You can read content, but you can't post it. More info will be forthcoming forthcomingly.

All the Perl that's Practical to Extract and Report

The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
 Full
 Abbreviated
 Hidden
More | Login | Reply
Loading... please wait.
  • If you'd implement a CAPTCHA to edit the wiki, the users didn't have to register and spam should be prohibited.

    You're probably no PHP guy, but I guess that some CAPTCHA plugins for MediaWiki exist.
    • I've seen forum spamming software which can register a new account, successfully answer the captcha, respond to a verification email, and /then/ post the spam - all fully automatic.
      If there's not yet similar software available for wikis, I'm sure it's not long coming.

      I even heard about a website recently (can't remember the name) which pays people to answer captchas.
      • It somewant explicitly wants to spam a certain site, it will be hard to fight that. The attacker just has to register itself on the site and can now spam it. But I assume that the QA wiki was a victim of random spam bots rather than trageted attacks. And most of those bots will be kept away by a CAPTCHA. If the wiki was targeted by a specific attacker, the need for registration won't bring any cure to the problems.
        • I think the way the software worked, was that it used a search engine to find sites using forum software that it knew about - I imagine it would search for particular markup that's common to that software.
          All it needs is a MediaWiki plugin, and any site using that software that google knows about is a potential target.
          • So an obligatory registering step wouldn't hinder _this_ bot either.

            If we conclude, that you cannot fight that intelligent bot, we don't have to think about that one any more.

            To fight stupid bots, a CAPTCHA should be enough and even harder for a bot than registering on the site.
            Additionally a CAPTCHA will be less work for the "drive-in" contributer, as no registration/check mail/log-in/repost is needed.
      • I've seen forum spamming software which can register a new account, successfully answer the captcha, respond to a verification email, and /then/ post the spam - all fully automatic.

        Yes, I've seen it too, there was a demonstration video posted on Reddit.com some time ago. The full video (no description) can be found here [botmaster.net].

        I think CAPTCHA is less effective than registering because if you catch a user spamming, you disable his account. If somebody bypasses a captcha, you're powerless. All you can do is clean up the broken pieces.