wiki (see http://bcs-spa.org/cgi-bin/view/Main ). A major proportion of

Hi Immo, This is something I am aware of - I've noticed several registrations on sites I run where the registrant has seemed to create an account just to get referral traffic.

There are three parts to my answer: what you can do for Cairo, what's implemented in Dakar and what's left for room for improvement. Most of what you want, sadly, falls in the last category...

Starting with Cairo I took on the seemingly simple task of adding registration validation - they have to click on a link in an email they receive, and merged in BulkRegistration, and ResetPasswordByEmail. This is all documented in RegisterCgiScriptRewrite. And it took quite an effort...

I originally released this as a patch to Cairo - its still hidden as an attachment on that page; however, updates since have been exclusively to DevelopBranch (DakarRelease) and I do not fully know whether there are holes in the Cairo patch - I hid the attachment once I started the merge to Develop.

If you wanted the functionality offered now you'd need to take the SVN version of Dakar - and sadly 1) we are experiencing PasswordsAreMangled 2) I've started a contract that affords me little time to chase what seems to me like a contained, repeatable and simple error in TWiki's passwording system.

That all said, you perhaps want either ApprovingRegistrations, or easy delete user functionality: neither of those are implemented. ApprovingRegistrations fell outside the scope of my implemented changes but would be fairly simple to do: 1) is a marker in the code where it should be and 2) the mechanism could reuse the email-address validation hoop the user needs to go throug. Easy DeleteUser functionality is lacking from the user interface but exists at least in the password system - deleting them from the list of users would be fairly trivial (Users.pm) and deleting the offending home topic is just deleting a page.

DevelopBranch also contains a BulkResetPassword mechanism: the list users and iterate an action over that list could easily be leveraged to implement a BulkDeleteUser feature.

I hope the work I did helps - if not perhaps you can task a Logica person with implementing ApprovingRegistrations or (Bulk)DeleteUser, each would be a gratefully accepted contribution back to the project.

I've copied both your email and this email to BogusRegistrations

Best regards, Martin.

-- MartinCleaver - 29 Mar 2005

Hi Martin,

Thanks for your prompt and comprehensive reply to my query. I'll see what can be implemented easily on our box. This has nothing to do with Logica, by the way - I left there nearly four years ago.

I suspect that the real answer will have to be approving user registrations, since even a bulk delete facility won't stop people registering and immediately adding loads of junk pages before the administrator can stop them.

Best regards, Immo.

-- ImmoHuneke - 29 Mar 2005

In an email to Martin Cleaver today:

> Hi Martin,

> I've been getting a rash of fake registrations the last week. Thanks to
> your 'reply or visit website to verify' the accounts aren't being
> completely created though. Thanks.

> <x-fingers> I hope it takes them awhile to figure out a way around that too.

> -- MattWilkie

We need someone to incorporate Captcha as well - see RegisterCgiScriptRewrite for how you can help.

-- MartinCleaver - 30 Mar 2005

>sigh< that was a short lived reprieve. ShujuhuifuLee passed all the registration hurdles today.

-- MattWilkie - 31 Mar 2005

At the end of View.pm (cairo), just before print $tmpl, do this:

   $tmpl =~ s/<a(\s+[^>]*\bhref\b)/<a rel='nofollow'$1/gi;

It won't stop bogus registrations, but it will stop them deriving any benefit from their spam. I'm thinking about a cleaner solution for Dakar, but this is a good stopgap.

You could add this to your registration page as well:

Note to vandals external links entered in this wiki are ignored by Google and the other major search engines. If you were planning to add some wiki spam, don't bother. If you would like this feature disabled for your login, please send mail to %WIKIWEBMASTER% including your full name and address and bank account details.

-- CrawfordCurrie - 02 Apr 2005

Known bogus registrations (please add sightings):

• ChinaTour
• CqMniu
• ZhOngNcq
• ShujuhuifuLee
• ChinaTourchinaTour
• AuWeuiDAuWeuiD
• FuWuqi
• ChineseGoodsChineseGoods
• ChineseGoods
• ChineseAuctionChineseAuction
• BiWiKi
• !
• !