chicken-users
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Chicken-users] wiki spam


From: Alejandro Forero Cuervo
Subject: Re: [Chicken-users] wiki spam
Date: Tue, 29 Aug 2006 18:13:41 -0500
User-agent: Mutt/1.5.9i

> I've contacted Alejandro to see what we can do regarding to this
> problem.

Since this problem obviously affects all installations of svnwiki, not
just Galinha, I posted a small wiki article about how to defend
against attacks and my thoughts on things svnwiki could do, in the
future, to make it more difficult to abuse its installations:

  http://wiki.freaks-unidos.net/svnwiki%20attacks

Since, ultimately, these attacks are fairly easy to detect and revert
(thanks to the use of Subversion as the backend), I don't think this
is that much of a problem.  But I do comment on the idea of requiring
authentication (we will make it possible to mark certain files or dirs
to require users to authenticate in order to modify them; we need this
functionality in a wiki at a government institution in my country) and
using captchas.

I don't think the attack we saw was automated; it was probably done
manually (though the names used do look autogenerated).  The reason I
think this is because the changes were pretty spaced in time and the
cialis spam appeared once in most pages but twice and even thrice in
some.  My guess is the spammer just sat down and started editing,
pasting his garbage in random portions of our pages.  I could be
wrong, though.

In the case of Galinha's wiki, my advice would be not to require
authentication.  I think the damange spammers can do is minor and very
easy to solve, not that large a problem to justify making it difficult
for the random Chicken user to fix typos and help improve the quality
of the documentation he uses himself, a practice we need to promote.

Your comments and suggestions on the ideas in the above article are
very welcome. :-)

Alejo.
http://azul.freaks-unidos.net/




reply via email to

[Prev in Thread] Current Thread [Next in Thread]