[moin-user] Moin in Debian Stable and anti-spam features

Lukasz Szybalski szybalski at gmail.com
Sun Apr 29 12:04:40 EDT 2018 

On Wed, Apr 25, 2018, 5:29 AM Paul Boddie <paul at boddie.org.uk> wrote:

> On Wednesday 25. April 2018 06.13.24 Lukasz Szybalski wrote:
> > Hello,
> > I have been running a moin moin setup for couple years now(
> > http://lucasmanual.com/mywiki/ ) . About 5 years ago I had to block the
> new
> > user signup due to uncontrolled amount of spam, and spam users.
> >
> > I was hoping to re-enable the registration process but I wanted to know
> > more about current moin capabilities for stopping spammers?
> > captcha? are you a robot?
>
> I haven't seen any recent developments around this. The Debian people can
> presumably say more, but they were using some kind of mail-based
> verification,
> which Moin does also support to some degree. This isn't sufficient to
> prevent
> spammer sign-ups, however.
>
> > I know there is a page below but it doesn't really say or provide any
> > meaningful copy/paste instructions on how to secure you site on day 1.
> > https://moinmo.in/AntiSpamFeatures
>
> I think the basic features are inadequate these days. The spam pattern
> blacklisting is almost useless for public sites; textcha doesn't really
> cope
> with spamming particularly well any more.
>
> It is even necessary to prevent people *trying* to register new accounts,
> as
> this can easily cause user account data to accumulate in large volumes,
> even
> when those users won't have editing rights. Out of the box, for public
> sites,
> the newaccount action shouldn't be enabled.
>
> > I wanted to hear some feedback from people who run public facing moin
> moin
> > example: "debian wiki"  (https://wiki.debian.org/RecentChanges) that
> does
> > not seem to be having any spam at all?
>
> It wouldn't surprise me if many sites had a tightly-controlled group of
> editing users and an external workflow for user registration. That ends up
> being acceptable because it actually promotes higher quality content, but
> it
> creates a burden around administering the site.
>
> And sometimes these external workflows fail to filter out spammers, as I
> saw
> on one occasion with the Python Wiki where, amongst the requests to edit
> the
> wiki, a spammer managed to persuade the administrators that their request
> was
> genuine.
>
> I did work on some Moin extensions to mitigate spamming. One put edits in
> a
> request queue, but even if that prevents spammers getting the satisfaction
> of
> seeing their spams published, the feedback loop is not strong enough to
> prevent them from trying anyway, burdening the administrators of the wiki.
>
> Another extension I did but actually forgot about was one that does timing
> measurements on edits to prevent automated spamming, which is something
> that
> things like WordPress use to prevent comment spamming. Although this might
> be
> useful, I think you'd still need a collection of other measures for it to
> be
> effective.
>
> My conclusion these days is that trust-based mechanisms are probably the
> way
> forward. Like the external workflows that try and establish whether a new
> user
> is someone people "know" in some way, there could be an approach where
> existing users could approve others, and much of this could be automated.
> Maybe some way of retracting editing privileges and reverting compromised
> content would also be a part of such a solution.
>
> Even though this message doesn't give any easy remedies, I hope it is
> still
> useful.
>
>
>
Thank you.
So when we look at some growing community that need to allow public to
expend like GitHub, would it maybe make sense to allow registration with
active GitHub account aka "login/register with GitHub account"?
(I think similar Gmail login would have similar spam issue as you discribed
above)
I wonder what other communities do?
What about "I'm not a robot" Google new captcha?
Or what does medium.com do?

I really would like to grow the userbase, and get more content.

Thank you
Lucas





>
>
>
> Paul
> _______________________________________________
> moin-user mailing list
> moin-user at python.org
> https://mail.python.org/mailman/listinfo/moin-user
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/moin-user/attachments/20180429/bd47c13f/attachment.html>

More information about the moin-user mailing list