Hi all, Pretty much all recent submissions on instiki.org were either by wiki vandal(s) or some good people trying to fix the damage. Quite obviously, some more drastic measures were needed to keep the bad guy(s) in check. So, I''ve coded up a simple spam filter that checks the submitted edit against a list of regular expressions in config/spam_patterns.rb and rejects the edit if there is a match. Also, I have reverted the wiki to several days back. If you see a vandalised Wiki page in the future, please email me so that I update the list of blocked patterns. I don''t know how effective is this going to be, but I am determined to put an end to this. If you can suggest some other ways to keep the barbarians away, let''s hear them. Best regards, Alexey Verkhovsky
--- Alex Verhovsky <alex@verk.info> wrote:> I don''t know how effective is this going to be, but I am determined to > put an end to this. If you can suggest some other ways to keep the > barbarians away, let''s hear them.we got quite a lot spams from spambot that is apparently submiting thr proxy servers and changing ip constantly. the ip filter is nice if it''s one spammer manually submit spam but not so effective in the proxy case. IMO, captcha checking is a nice solution. i have one testing site running with captcha here. http://xrl.us/gvvv Qiang __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
James.Q.L wrote:> > >we got quite a lot spams from spambot that is apparently submiting thr proxy servers and changing >ip constantly. >the ip filter is nice if it''s one spammer manually submit spam but not so effective in the proxy >case. > >IMO, captcha checking is a nice solution. i have one testing site running with captcha here. >http://xrl.us/gvvv > >Well, blocking specific text patterns seems to have worked for the instiki.org so far. I''ve no doubt that it is not too difficult to circumvent, but undoing the damage and creating a counter-measure.to the new attack is actually easy, too. And the net is full of softer targets. I might look into a captcha solution, once something like this is available in pure Ruby. The way Rails is conquering the web programming world, it probably already exists somewhere :) Alex
On Aug 13, 2005, at 12:53 AM, Alex Verhovsky wrote:> I might look into a captcha solution, once something like this is > available in pure Ruby. The way Rails is conquering the web > programming world, it probably already exists somewhere :)I''m personally happy not to have a captcha for as long as it isn''t necessary. (it is assigning a mindless task to humans in lieu of creating a sophisticated task for the computer). I''m rooting for the reg-ex counter-measure, but I guess I''d rather have a captcha than spend a half-hour restoring spammed pages. What about the ability to roll-back all edits from a specific IP in one swoop? If you wanna play it safe, perhaps with a confirmation & a beginning snippet (think Gmail/trac) of each page showing what''s about to be restored? One thing ''human'' spammers have going for them now on the RoR wiki for instance, it takes about as long to restore a page as it does to spam it, so it turns out to be a match of who has more bodies. (Only they get paid, and not to mention the poor server). Seems if anyone could easily delete all their spam in one action, they''d move on pretty quick. -derek