create new tag
, view all tags
Imagine the apocalypse: spammers directly editing pages, not just using email...

What could be done against this? (at least it does not bother people using (T)Wikis on an intranet, but it may be a (long term) design issue.

I bring this usse because I used to edit a page on handling the wheel mice on X, that had in its golden days too much traffic to handle. So I installed a forum and let it run without ever looking at it anymore (it was before I was introduced to Wikis).

Today I went to this forum to check one thing ( http://koala.ilog.fr/anyboard/MouseWheel/ ) and horror of horrors, I see that spammers have begun posting spams to it since beginning of this June...

I know that there will be no miracle solution, it is just a message to warn you about this impending menace...

-- (a very distressed) ColasNahaboo - 04 Aug 2003

The forum software you installed has a "Post by email" feature. Maybe it's active and spammers are just posting via regular email?

-- TomKagan - 04 Aug 2003

In any case I wouldn't let a forum get out of sight. We just finished a website for the Anne Frank Foundation, and it was for everyone really obvious that its forum should be moderated. Well, it's a kind of different subject of course smile . On a wiki site you have the moderation of all the users (if there are any of course).

-- ArthurClemens - 04 Aug 2003

To Tom: The version I use (from early 2000) didnt have the post-by-email feature (and since the server is on linux, there is no way it could implement this feature behind my back).

To Arthur: I agree, but it worked suprisingly well on it own for this very technical niche subject. I was afraid of flame wars, but it did not happen. On the user moderation, imagine spammers automatically creating topics... they could churn out 10 new topics per second (or prepend their text to existing topics), something users would have a hard time countering.

I will use my board as an experiment to see what can be done (are they using the same IP, can I introduce variations disturbing them...) and let you know here.

  • First step: 05 Aug 2003: removed messages, then setting forbidden words that if found in post rejects the posting. Since the spam is done to make you click on an URL, use the concerned domains for forbidden word.

-- ColasNahaboo - 05 Aug 2003

Have a look at http://www.spamassassin.org/ for details of a good approach to filtering spam - designed for email, but much of the concepts should be re-usable and some of the code. The key point is to score messages based on a number of criteria, each one adding to the total score. By contrast, at work we have a very simplistic keyword-blocking spam trap system that is continually blocking a lot of real messages and misses much spam - SpamAssassin is able to block virtuall all spam and let through almost all real messages. So I'd recommend against just forbidden word approaches, though this is fine as a first step.

This would be best done as a plugin, though that might need some improvements to the Plugin API.

-- RichardDonkin - 05 Aug 2003

Mmm, the idea of "pluggin" TWiki to a standard spam-killer like spamprobe is really nice. Just put in TWiki a hook to submit the text as a mail body to the spam killer system is what makes the more sense, nice idea Richard!

PS: I use a collection of procmail homemade rules myself, as I receive lots of mails and so many spams (200+ per day) that I am very afraid of false positives, so I didn't yet convinced myself to use a standard spam killer because of "let through almost all real messages" , as I want to see all real messages, even if I get some spams (~10 per day).

-- ColasNahaboo - 05 Aug 2003

SpamAssassin is highly configurable so you should be able to make it err on the side of never producing false positives - you can set the spam threshold, tweak all the scoring for rules, disable rules, define white lists, and even create your own rules, all from the config file. You can and also use procmail to post-process based on score (e.g. scores 5 to 10 probably spam, scores 11 and higher definitely spam). Most people just push spam-scored email to a folder rather than deleting it, so it's not usually lost even if there is a false positive. I have only very occasionally had a personal or work email mis-classified by SpamAssassin - it only occasionally mis-classifies legitimate commercial emails such as Amazon.com newsletters.

BTW, I've put in a minor tweak to mailnotify.tmpl to try to avoid default SA setups scoring mailnotify messages as spam - see CVS:templates/mailnotify.tmpl.

-- RichardDonkin - 07 Aug 2003

Hmmm. Using CommentPlugin it will be really easy to spam pages. But what to do about it? Any ideas? Please put them to CommentPluginDev, too.

-- PeterMasiar - 12 Aug 2003

An example of a defaced page: the "motivation" page http://www.intertwingly.net/wiki/pie/Motivation on the wiki of The Atom Project that was pointed by the Codev page AtomSyndication. The whole page have been deleted and replaced on 29 Oct 2004 by 2025 html links in their wiki (moin moin) syntax... shudder... (I was going to attch the version but the page is 500k!)

-- ColasNahaboo - 30 Oct 2004

One solution promoted by Google: SpamDefeatingViaNofollowAttribute

-- ColasNahaboo - 19 Jan 2005

Edit | Attach | Watch | Print version | History: r13 < r12 < r11 < r10 < r9 | Backlinks | Raw View | Raw edit | More topic actions
Topic revision: r13 - 2005-01-19 - ColasNahaboo
  • Learn about TWiki  
  • Download TWiki
This site is powered by the TWiki collaboration platform Powered by Perl Hosted by OICcam.com Ideas, requests, problems regarding TWiki? Send feedback. Ask community in the support forum.
Copyright © 1999-2015 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.