[Moin-user] Spam on Moin wikis and anti-spam best practices
paul at boddie.org.uk
Thu Aug 29 17:37:06 EDT 2013
I've noticed a lot of spam on various Moin-based wikis recently, and I think
that this is giving various users and admins reason to reconsider their use of
Moin, rightly or wrongly. Although there are guides to anti-spam measures,
Moin isn't really set up to resist the ills of the Internet by default, and
perhaps we need safer defaults and a coherent guide to the techniques
available to defeat spam.
My suggestions, which I will gladly write up in more detail, are as follows:
Control access: decide on whether anyone can use or contribute to your wiki
and thus who your users are; if you would prefer some form of identification
or if you feel that it would help you identify good or bad contributions at a
glance (an IP address or hostname in RecentChanges doesn't say a lot),
restrict access using the acl_rights_default setting.
Control registration: if your users are a predefined set controlled by other
means, register them separately and disable the newaccount action using the
actions_excluded setting. If you need users to be able to request
registration, consider enabling textchas to make sure that only suitable users
Really control registration: for extra control over registration, perhaps use
the http://www.moinmo.in/MoinMoinPatch/VerifyAccountCreationByEmail patch to
require e-mail verification of account registration.
Control editing: where the set of users is not limited and where people may be
able to register and become eligible for editing, enable textchas to make sure
that only suitable users can make edits. If you feel that users should be able
to edit without textcha questions upon being registered, add them to the group
specified in the textchas_disabled_group setting as soon as you can.
Challenge editors properly: it should be said that if spammers have guessed
the answer to a textcha question in order to register, they will be able to
guess the answer to that question should it be asked upon editing, so it is
vital to have high-quality textcha questions. The existing HelpOnSpam page
provides plenty of advice on such matters.
Really control editing: one action that puts edits in approval queues is
http://www.moinmo.in/ActionMarket/ApproveChanges which effectively hides spam
edits from most wiki users, although wiki reviewers will still be faced with
these edits, albeit tucked away in subpages that can be deleted in their
entirety if it all becomes too much work.
Does anyone have any opinions about the above? I suspect that some wikis are
let down by poor textcha questions or missing access control policy, so I'd
like to be able to have something to show to the admins before they give up on
Moin or on wikis in general.
More information about the Moin-user