AutoSpam? is easily beaten by CAPTCHA. WikiVandals? are put off by redirect to Userpreferences. Vulnerable pages can be protected by Access Restrictions. All of these features will be part of the OpenWikiNG release sometime soon.
Gordon
Because the contents of a Open Wiki is a community effort, let the community decide which and/or what page is spam (as what we're doing now) but with more effective controls. Pragmatic Approach - an option is to add a link like: [Add To Spam List] and when more than xxx (3, 5 10?) different IP addresses indentified the page as spam the IP address of the originator/initiator will be added to an IP spam list.
When your IP is in the IP spam list you still can add/edit pages but after one or more verifications: like to enter a number or phrase before adding/editing which makes it harder and more time consuming to do the Wiki thing.
Raises some questions as well, is there a need for a white list? What if a spammer community (???) block valid IP's etc. etc.
The CAPTCHA initiative is an option as well, but will make it harder to add/edit pages. Just to add/edit a page is one of Wiki's strongest points. (IMHO)
Right, it would be a pitty to loose the openness rightaway, I agree that the openness it's one of wiki's strongest points. The idea to gradually make wikilife harder for those that do not behave, I think, is interesting and opens up kind of new horizons. The questions it raises are serious, I agree. I feel like bringing it up on CommunityWiki? and hope to see you there too j.. The spamwind here blows too heavy right now. People retired due to it, that's what it seems to me. Let's keep an eye on this stormy island though.
I denote a contributor for a "punishment". The "punishment" is that this person has to type in a distorted word before an edit of his is saved. The punishment can be removed, it can be hardened, like two times a distorted word to type in or an increased degree of distortion. For spam this is less relevant than for other kinds of difficult participants.
In real life you can turn down your sympathy for a person, you can make the person feel it. Rich paralanguage is to your hands. Wiki has no paralanguage. A vote to make someones edits harder is a paralanguage on the wikilevel. It fulfills a desire in human nature, the desire to make borders, and at the same time (as all are neighbors, there is no physical distance anymore) it will proof a slowing down thing to make more borders than necessary, it will be the minimun possible borders, the maximum of openness in which it still works that will be the optimum. I think twice what I post when I have 4 opts for punishment and the limit for a captcha is 5 in case I mind the conversation in the community. People will understand that the minimun possible is the optimum. A pretty good idea indeed, J. -- Mattis Manzel
All the antispam options will be optional in Open Wiki NG, so that an administrator can turn the heat up or down as needed - for instance, when an SEO contest is on.
I have a CAPTCHA with a 7-day cookie on my Wiki, and in practice, it hasn't deterred users.
Gordon
Using a page SpamHere? seems to work on CaFoscari. SpamHereOnly? ist the better name maybe. If all changes on this page would be automatically classified as minor this should also solve the problem of the disturbance spam causes in the recent changes. It would still nevertheless still remain possible to check the page by selecting show minor recent changes. Maybe an automatismn that regulary deletes everything exept the explanation on SpamHereOnly? could be implemented. Every week or so. This won't work all over, but as a part, as the lightest part, the most SoftSecurity? part of a way to get hold of the problem it shoud be tried out a bit more. -- Mattis ManzelOpen Wiki NG now has an (optional) 'Bad Link List' This is a CSV file which is easily importable to the OW database via an admin page.
This list has many rows consisting of a URL, (or part of a URL), and a text entry.
If a spammer posts an external link, when the page is viewed, the URL is changed (to one of your choice) and the text entry is displayed instead.
But here's the clever part.
In edit mode, the original spammers link is unchanged. So re-spamming is pointless, and any decent spambot will detect the spam already in place.
Check it out on the Open Wiki NG dev server : http://www.bamber.com/openwiking/?BadLinkList
-Gordon
The POPFile wiki did very similar by customizing UseMod?. It did seem somewhat successful. Fewer spammers seemed to hit the wiki during that period, possibly because they noticed in the preview that their URLs were not working. The ones that did try to commit their edits tried multiple times with minor variations of the URL each time until they gave up, usually after 3 to 10 edits. Both of which mean at least some automated spammers are looking at the resulting page so they won't fall for this trick. They likely look at the html source and just confirm that their link is there inside an a href tag. POPFile used this for a good while but recently decided to password the wiki after this method of spam blocking backfired: http://wiki.chongqed.org//SpamBlockLoop. It is a good method though, even if spammers don't fall for the trick they seem to keep a list of wikis that are useless to attempt to spam. Once they put you on their useless list they don't appear to return. We always reverted their spam, if they were relying on looking for their URLs they would have respammed us. I have only seen it once, but be sure you can handle a SpamBlockLoop?. -- Joe(at)chongqed.org
I have a couple of thoughts on a WikiImmuneSystem? here : http://www.nooranch.com/synaesmedia/wiki/wiki.cgi?WikiImmuneSystem
"let the community decide which and/or what page is spam" -- noble thought, but there is no community decision process required for pages which contain nothing but hundreds of irrelevant links. for users to decide whether these pages are spam or not, users will have to see them first. what happens to the original page in the meantime? how to keep the first user to (correctly) restore the previous page, thereby rendering the community decision effort ineffective?
Spam link pages should be removed as quickly as possible, and not undergoing a process of community deciding. We know already that nobody wants link spam pages.
I have, on my wikis, set up inotify to jabber an instant message (IM) whenever a wiki page is changed. this IM contains the link to the page, the ip address of the one who changed, RDNS info, and is sent almost instantly upon page change, to a small list of activist. when such an IM comes in, i click the link, and am catapulted to the page. one glimpse shows whether it is spam or not. restoring a page is easy, blocking the offending ip address is aided by scripts. most spammed pages nobody else will ever get to see, as their lifetime is about 10 seconds:
Blocked Addresses. My biggest issue at the moment (working on it) is to keep the packet stats over reloading the firewall rules, and removing ip addresses or nets which do not spam anymore (dynamic addresses, formerly misconfigured open proxies, cancelled provider subscription...) - scripted and automatic, of course.
Category Spam
