It is by now clear that a handful of persistent spammers have started using semiautomated attacks targeted specifically at our wiki ... one careless spammer even uploaded some of his scripts! As a result, I have switched the wiki to a mode where editors need to be explicitly authorized, manually, before they can edit. As a result, people will need to first create an account, and then get a Sysop to add them to the Editors group manually. I have tried to already add everyone I could find who had made useful edits in the past (just over 40 accounts worth), but it is pretty much guaranteed I missed some, so if you find your account is blocked please let us know and we'll fix it. Hopefully this should eliminate the spam problem for good. Sorry to have to go to this level. -hpa -- H. Peter Anvin, Intel Open Source Technology Center I work for Intel. I don't speak on their behalf.
Hallo, H., Du meintest am 21.07.12:> It is by now clear that a handful of persistent spammers have started > using semiautomated attacks targeted specifically at our wikiI know this nasty behaviour ...> As a result, I have switched the wiki to a mode where editors need to > be explicitly authorized, manually, before they can edit.Seems to be the only remedy which doesn't eat all your time. Viele Gruesse! Helmut
On Sat, Jul 21, 2012 at 1:23 PM, H. Peter Anvin <hpa at zytor.com> wrote:> It is by now clear that a handful of persistent spammers have started using > semiautomated attacks targeted specifically at our wiki ... one careless > spammer even uploaded some of his scripts!With increasing persistence and success, unfortunately.> As a result, I have switched the wiki to a mode where editors need to be > explicitly authorized, manually, before they can edit. As a result, people > will need to first create an account, and then get a Sysop to add them to > the Editors group manually.Is it worthwhile to consider having an email list/group (not logged, of course) which individuals may contact to elevate their privileges or notice on UserLogin that users will not have edit access by default. Except for the potential volume of spam, perhaps a "request-access" button/page when a user attempts to edit a page while not having edit access which would email this list/group with a limit of 1 request per user (either indefinitely or per month/week). This would probably get the least spam since the address would be hidden by the system and only known to those on the list.> I have tried to already add everyone I could find who had made useful edits > in the past (just over 40 accounts worth), but it is pretty much guaranteed > I missed some, so if you find your account is blocked please let us know and > we'll fix it. > > Hopefully this should eliminate the spam problem for good. Sorry to have to > go to this level.When the automated measures prove insufficient, human measures are well justified. -- -Gene
> Date: Sat, 21 Jul 2012 10:23:20 -0700 > From: hpa at zytor.com > To: syslinux at zytor.com > Subject: [syslinux] New antispam measures on the wiki > > It is by now clear that a handful of persistent spammers have started > using semiautomated attacks targeted specifically at our wiki ... > As a result, I have switched the wiki to a mode where editors need to be > explicitly authorized, manually, before they can edit. As a result, > people will need to first create an account, and then get a Sysop to add > them to the Editors group manually. > -hpaSuggestion: http://www.mediawiki.org/wiki/Anti-spam_features One additional suggestion would be: next time you (hpa) are not going to be able to take a look at the wiki for several days (holidays for example), it could probably be worth just temporarily closing the option for new wiki accounts, until you get back :).