On Tue, 29 Mar 2005 07:21:17 +0000, ImmoHuneke
wrote in an email to MartinCleaver
> Hi Martin,
> Of late there have been large numbers of new registrations on the BCS SPA
> wiki (see http://bcs-spa.org/cgi-bin/view/Main ). A major proportion of
> these have been from people in China with no interest at all in
> participating in the Wiki for its declared purposes. This is evident if you
> examine the home pages that they have set up - the "comment" field consists
> of a large number of links to commercial Web sites, probably simply with the
> aim of boosting their ranking in web search engines.
> Have you heard reports about this from other Wiki operators and, if so, can
> anything be done about it? I don't want to manually delete all these users
> nor impose a blanket ban on anyone registering from China.
> Best regards,
This is something I am aware of - I've noticed several registrations on sites I run where the registrant has seemed to create an account just to get referral traffic.
There are three parts to my answer: what you can do for Cairo, what's implemented in Dakar and what's left for room for improvement. Most of what you want, sadly, falls in the last category...
Starting with Cairo I took on the seemingly simple task of adding registration validation - they have to click on a link in an email they receive, and merged in BulkRegistration
, and ResetPasswordByEmail
. This is all documented in RegisterCgiScriptRewrite
. And it took quite an effort...
I originally released this as a patch to Cairo - its still hidden as an attachment on that page; however, updates since have been exclusively to DevelopBranch
) and I do not fully know whether there are holes in the Cairo patch - I hid the attachment once I started the merge to Develop.
If you wanted the functionality offered now you'd need to take the SVN
version of Dakar - and sadly 1) we are experiencing PasswordsAreMangled
2) I've started a contract that affords me little time to chase what seems to me like a contained, repeatable and simple error in TWiki's passwording system.
That all said, you perhaps want either ApprovingRegistrations
, or easy delete user functionality: neither of those are implemented. ApprovingRegistrations
fell outside the scope of my implemented changes but would be fairly simple to do: 1) is a marker in the code where it should be and 2) the mechanism could reuse the email-address validation hoop the user needs to go throug. Easy DeleteUser
functionality is lacking from the user interface but exists at least in the password system - deleting them from the list of users would be fairly trivial (Users.pm) and deleting the offending home topic is just deleting a page.
also contains a BulkResetPassword
mechanism: the list users and iterate an action over that list could easily be leveraged to implement a BulkDeleteUser
I hope the work I did helps - if not perhaps you can task a Logica person with implementing ApprovingRegistrations
or (Bulk)DeleteUser, each would be a gratefully accepted contribution back to the project.
I've copied both your email and this email to BogusRegistrations
- 29 Mar 2005
Thanks for your prompt and comprehensive reply to my query. I'll see what can be implemented easily on our box. This has nothing to do with Logica, by the way - I left there nearly four years ago.
I suspect that the real answer will have to be approving user registrations, since even a bulk delete facility won't stop people registering and immediately adding loads of junk pages before the administrator can stop them.
- 29 Mar 2005
In an email to Martin Cleaver today:
> Hi Martin,
> I've been getting a rash of fake registrations the last week. Thanks to
> your 'reply or visit website to verify' the accounts aren't being
> completely created though. Thanks.
> <x-fingers> I hope it takes them awhile to figure out a way around that too.
> -- MattWilkie
We need someone to incorporate Captcha as well - see RegisterCgiScriptRewrite
for how you can help.
- 30 Mar 2005
>sigh< that was a short lived reprieve. ShujuhuifuLee passed all the registration hurdles today.
- 31 Mar 2005
At the end of View.pm (cairo), just before
, do this:
$tmpl =~ s/<a(\s+[^>]*\bhref\b)/<a rel='nofollow'$1/gi;
It won't stop bogus registrations, but it will stop them deriving any benefit from their spam. I'm thinking about a cleaner solution for Dakar, but this is a good stopgap.
You could add this to your registration page as well:
Note to vandals
external links entered in this wiki are ignored
by Google and the other major search engines. If you were planning to add some wiki spam, don't bother. If you would like this feature disabled for your login, please send mail to %WIKIWEBMASTER% including your full name and address and bank account details.
- 02 Apr 2005
Known bogus registrations (please add sightings):