[Moin-user] Spam on Moin wikis and anti-spam best practices

Paul Boddie paul at boddie.org.uk
Thu Aug 29 17:37:06 EDT 2013


Hello,

I've noticed a lot of spam on various Moin-based wikis recently, and I think 
that this is giving various users and admins reason to reconsider their use of 
Moin, rightly or wrongly. Although there are guides to anti-spam measures, 
Moin isn't really set up to resist the ills of the Internet by default, and 
perhaps we need safer defaults and a coherent guide to the techniques 
available to defeat spam.

My suggestions, which I will gladly write up in more detail, are as follows:

Control access: decide on whether anyone can use or contribute to your wiki 
and thus who your users are; if you would prefer some form of identification 
or if you feel that it would help you identify good or bad contributions at a 
glance (an IP address or hostname in RecentChanges doesn't say a lot), 
restrict access using the acl_rights_default setting.

Control registration: if your users are a predefined set controlled by other 
means, register them separately and disable the newaccount action using the 
actions_excluded setting. If you need users to be able to request 
registration, consider enabling textchas to make sure that only suitable users 
can register.

Really control registration: for extra control over registration, perhaps use 
the http://www.moinmo.in/MoinMoinPatch/VerifyAccountCreationByEmail patch to 
require e-mail verification of account registration.

Control editing: where the set of users is not limited and where people may be 
able to register and become eligible for editing, enable textchas to make sure 
that only suitable users can make edits. If you feel that users should be able 
to edit without textcha questions upon being registered, add them to the group 
specified in the textchas_disabled_group setting as soon as you can.

Challenge editors properly: it should be said that if spammers have guessed 
the answer to a textcha question in order to register, they will be able to 
guess the answer to that question should it be asked upon editing, so it is 
vital to have high-quality textcha questions. The existing HelpOnSpam page 
provides plenty of advice on such matters.

Really control editing: one action that puts edits in approval queues is 
http://www.moinmo.in/ActionMarket/ApproveChanges which effectively hides spam 
edits from most wiki users, although wiki reviewers will still be faced with 
these edits, albeit tucked away in subpages that can be deleted in their 
entirety if it all becomes too much work.

Does anyone have any opinions about the above? I suspect that some wikis are 
let down by poor textcha questions or missing access control policy, so I'd 
like to be able to have something to show to the admins before they give up on 
Moin or on wikis in general.

Paul




More information about the Moin-user mailing list