Imagine the apocalypse: spammers directly editing pages, not just using email...
What could be done against this? (at least it does not bother people using (T)Wikis on an intranet, but it may be a (long term) design issue.
I bring this usse because I used to edit a page on handling the wheel mice on X, that had in its golden days too much traffic to handle. So I installed a forum and let it run without ever looking at it anymore (it was before I was introduced to Wikis).
Today I went to this forum to check one thing ( http://koala.ilog.fr/anyboard/MouseWheel/
)
and horror of horrors, I see that spammers have begun posting spams to it since beginning of this June...
I know that there will be no miracle solution, it is just a message to warn you about this impending menace...
-- (a very distressed) ColasNahaboo - 04 Aug 2003
The forum software you installed has a "Post by email" feature. Maybe it's active and spammers are just posting via regular email?
-- TomKagan - 04 Aug 2003
In any case I wouldn't let a forum get out of sight. We just finished a website for the Anne Frank Foundation, and it was for everyone really obvious that its forum should be moderated. Well, it's a kind of different subject of course 
. On a wiki site you have the moderation of all the users (if there are any of course).
-- ArthurClemens - 04 Aug 2003
To Tom: The version I use (from early 2000) didnt have the post-by-email feature (and since the server is on linux, there is no way it could implement this feature behind my back).
To Arthur: I agree, but it worked suprisingly well on it own for this very technical niche subject. I was afraid of flame wars, but it did not happen.
On the user moderation, imagine spammers automatically creating topics... they could churn out
10 new topics per second (or prepend their text to existing topics), something users would have a hard time countering.
I will use my board as an experiment to see what can be done (are they using the same IP, can I introduce variations disturbing them...) and let you know here. for details of a good approach to filtering spam - designed for email, but much of the concepts should be re-usable and some of the code. The key point is to score messages based on a number of criteria, each one adding to the total score. By contrast, at work we have a very simplistic keyword-blocking spam trap system that is continually blocking a lot of real messages and misses much spam - SpamAssassin is able to block virtuall all spam and let through almost all real messages. So I'd recommend against just forbidden word approaches, though this is fine as a first step.
This would be best done as a plugin, though that might need some improvements to the Plugin API.
-- RichardDonkin - 05 Aug 2003
Mmm, the idea of "pluggin" TWiki to a standard spam-killer like spamprobe is really nice. Just put in TWiki
a hook to submit the text as a mail body to the spam killer system is what makes the more sense,
nice idea Richard!
PS: I use a collection of procmail homemade rules myself, as I receive lots of mails and so many spams (200+ per day) that I am very afraid of false positives, so I didn't yet convinced myself to use a standard spam killer because of "let through almost all real messages" , as I want to see all real messages, even if I get some spams (~10 per day).
-- ColasNahaboo - 05 Aug 2003
SpamAssassin is highly configurable so you should be able to make it err on the side of never producing false positives - you can set the spam threshold, tweak all the scoring for rules, disable rules, define white lists, and even create your own rules, all from the config file. You can and also use .
-- RichardDonkin - 07 Aug 2003
Hmmm. Using CommentPlugin it will be really easy to spam pages. But what to do about it? Any ideas? Please put them to CommentPluginDev, too.
-- PeterMasiar - 12 Aug 2003
An example of a defaced page: the "motivation" page http://www.intertwingly.net/wiki/pie/Motivation
on the wiki of The Atom Project that was pointed by the Codev page AtomSyndication. The whole page have been deleted
and replaced on 29 Oct 2004 by 2025 html links in their wiki (moin moin) syntax... shudder...
(I was going to attch the version but the page is 500k!)
-- ColasNahaboo - 30 Oct 2004
One solution promoted by Google: SpamDefeatingViaNofollowAttribute
-- ColasNahaboo - 19 Jan 2005
)
and horror of horrors, I see that spammers have begun posting spams to it since beginning of this June...
I know that there will be no miracle solution, it is just a message to warn you about this impending menace...
-- (a very distressed) ColasNahaboo - 04 Aug 2003
The forum software you installed has a "Post by email" feature. Maybe it's active and spammers are just posting via regular email?
-- TomKagan - 04 Aug 2003
In any case I wouldn't let a forum get out of sight. We just finished a website for the Anne Frank Foundation, and it was for everyone really obvious that its forum should be moderated. Well, it's a kind of different subject of course . On a wiki site you have the moderation of all the users (if there are any of course).
-- ArthurClemens - 04 Aug 2003
To Tom: The version I use (from early 2000) didnt have the post-by-email feature (and since the server is on linux, there is no way it could implement this feature behind my back).
To Arthur: I agree, but it worked suprisingly well on it own for this very technical niche subject. I was afraid of flame wars, but it did not happen.
On the user moderation, imagine spammers automatically creating topics... they could churn out
10 new topics per second (or prepend their text to existing topics), something users would have a hard time countering.
I will use my board as an experiment to see what can be done (are they using the same IP, can I introduce variations disturbing them...) and let you know here. - First step: 05 Aug 2003: removed messages, then setting forbidden words that if found in post rejects the posting. Since the spam is done to make you click on an URL, use the concerned domains for forbidden word.
for details of a good approach to filtering spam - designed for email, but much of the concepts should be re-usable and some of the code. The key point is to score messages based on a number of criteria, each one adding to the total score. By contrast, at work we have a very simplistic keyword-blocking spam trap system that is continually blocking a lot of real messages and misses much spam - SpamAssassin is able to block virtuall all spam and let through almost all real messages. So I'd recommend against just forbidden word approaches, though this is fine as a first step.
This would be best done as a plugin, though that might need some improvements to the Plugin API.
-- RichardDonkin - 05 Aug 2003
Mmm, the idea of "pluggin" TWiki to a standard spam-killer like spamprobe is really nice. Just put in TWiki
a hook to submit the text as a mail body to the spam killer system is what makes the more sense,
nice idea Richard!
PS: I use a collection of procmail homemade rules myself, as I receive lots of mails and so many spams (200+ per day) that I am very afraid of false positives, so I didn't yet convinced myself to use a standard spam killer because of "let through almost all real messages" , as I want to see all real messages, even if I get some spams (~10 per day).
-- ColasNahaboo - 05 Aug 2003
SpamAssassin is highly configurable so you should be able to make it err on the side of never producing false positives - you can set the spam threshold, tweak all the scoring for rules, disable rules, define white lists, and even create your own rules, all from the config file. You can and also use procmail to post-process based on score (e.g. scores 5 to 10 probably spam, scores 11 and higher definitely spam). Most people just push spam-scored email to a folder rather than deleting it, so it's not usually lost even if there is a false positive. I have only very occasionally had a personal or work email mis-classified by SpamAssassin - it only occasionally mis-classifies legitimate commercial emails such as Amazon.com newsletters.
BTW, I've put in a minor tweak to mailnotify.tmpl to try to avoid default SA setups scoring mailnotify messages as spam - see CVS:templates/mailnotify.tmpl.
-- RichardDonkin - 07 Aug 2003
Hmmm. Using CommentPlugin it will be really easy to spam pages. But what to do about it? Any ideas? Please put them to CommentPluginDev, too.
-- PeterMasiar - 12 Aug 2003
An example of a defaced page: the "motivation" page http://www.intertwingly.net/wiki/pie/Motivation
on the wiki of The Atom Project that was pointed by the Codev page AtomSyndication. The whole page have been deleted
and replaced on 29 Oct 2004 by 2025 html links in their wiki (moin moin) syntax... shudder...
(I was going to attch the version but the page is 500k!)
-- ColasNahaboo - 30 Oct 2004
One solution promoted by Google: SpamDefeatingViaNofollowAttribute
-- ColasNahaboo - 19 Jan 2005 
Topic revision: r13 - 2005-01-19 - ColasNahaboo
Site map
Blog web
Create New Topic
Index
Search
Advanced search
My topics of interest
Changes
Major changes only
All tags
Notifications
RSS Feed
Statistics
Preferences
Community 
Readme first
Developers News
How you can help
Community roles
#twiki IRC
Lima Release
Feature Proposals
Bugs Changes
Categories 
Account 
Ideas, requests, problems regarding TWiki? Send feedback. Ask community in the support forum.Copyright © 1999-2026 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.