[pydotorg-www] Vandalism/spam on wiki.python.org: changes to default permissions

M.-A. Lemburg mal at egenix.com
Sat May 31 23:21:03 CEST 2014

On 31.05.2014 23:04, Paul Boddie wrote:
> On Saturday 31. May 2014 22.49.58 M.-A. Lemburg wrote:
>> Hello,
>> in recent weeks, the Python Wiki has seen an increasing amount of
>> spam and vandalism:
>> https://wiki.python.org/moin/RecentChanges?max_days=60
>> Since the textchas we've been using apparently no longer serve their
>> intended purposes, I've now pulled the plug and disabled editing
>> permissions for new users:
>> https://wiki.python.org/moin/FrontPage (see "Editing pages")
>> I've added a new user group called NewUsersGroup, which does
>> get editing rights, but we'll have to manage this manually and
>> new users who want to receive editing rights will have to write
>> to this mailing list to be added to the group.
> Thanks for doing this! I imagine that this will have very little impact on 
> serious contributors. Certainly, anyone wanting to edit the pages will need an 
> account, but they should be able to manage their credentials using OpenID and 
> not have to remember another password for the site.

If you have suggestions for improving the wording/styling
of the notice on the front page, please let me know.

After thinking about this some more, the user group name may
not be all that appropriate... not all users we'll want to
give editing permissions are new users.

My thinking was to move the users from the NewUsersGroup to
the TrustedEditorsGroup after a while and if they apply for

>> I'm sorry for having to take this step, but the level of spam
>> and (more importantly) vandalism we've been getting is too high
>> to keep the wiki as open as it used to be.
>> Please regard the above step as emergency action. I'm more than
>> open to discussing alternative approaches to the situation, since
>> I don't like this step myself.
>> PS: I've only applied the new configuration to the Python wiki.
>> We may also have to take this step for the Jython wiki.
> I think I've made my position on this quite clear before. We can certainly 
> implement measures similar to those used by other Web applications, but this 
> requires an investment in the development of functionality that has been 
> rather difficult to justify doing until now (speaking personally). For anyone 
> motivated enough, just looking at Wordpress and MediaWiki extensions for anti-
> spam should provide enough to go on, however.

I don't have any cycles to spare on this, sorry. I can add/enable
extensions on the wikis, but not go into full development mode.

> Meanwhile, in contrast to many sites where highly restrictive policies prevail 
> - indeed, how many sites have disabled editing entirely due to spam? - the 
> available forms of registration and editing approval for MoinMoin are rather 
> benign, in my opinion.
> In any case, thanks for taking this step and also for cleaning up some of the 
> recent spam. I for one appreciate this!

Marc-Andre Lemburg

Professional Python Services directly from the Source  (#1, May 31 2014)
>>> Python Projects, Consulting and Support ...   http://www.egenix.com/
>>> mxODBC.Zope/Plone.Database.Adapter ...       http://zope.egenix.com/
>>> mxODBC, mxDateTime, mxTextTools ...        http://python.egenix.com/
2014-05-28: Released mxODBC.Connect 2.1.0 ...     http://egenix.com/go56
2014-07-02: Python Meeting Duesseldorf ...                 32 days to go

::::: Try our mxODBC.Connect Python Database Interface for free ! ::::::

   eGenix.com Software, Skills and Services GmbH  Pastor-Loeh-Str.48
    D-40764 Langenfeld, Germany. CEO Dipl.-Math. Marc-Andre Lemburg
           Registered at Amtsgericht Duesseldorf: HRB 46611

More information about the pydotorg-www mailing list