Hi,
Yet another spammer wants to be banned from the Wiki. See the recent changes for details (if you're strong enough for this kind of stuff).
Arpad Biro
__________________________________ Do you Yahoo!? The all-new My Yahoo! - Get yours free! http://my.yahoo.com
The wiki is facing two different types of spammers : - the ones that create some new pages flooded with spam (current case) - some others that simply add parasite links/coontent to existing web pages - and some other replacing the content of some pages with spam
Something interesting, most of the time the parasite content/spam is exactly the same within a same or different spam campaign. Does anyone know about a robot/script allowing to do some reverse spam (simply removing some identified content) ?
Regards,
Matiphas
Selon Arpad Biro <biro_arpad@...36...>:
Hi,
Yet another spammer wants to be banned from the Wiki. See the recent changes for details (if you're strong enough for this kind of stuff).
Arpad Biro
Do you Yahoo!? The all-new My Yahoo! - Get yours free! http://my.yahoo.com
SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://productguide.itmanagersjournal.com/ _______________________________________________ Inkscape-devel mailing list Inkscape-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/inkscape-devel
I have an approach for how to solve this spam problem once and for all, with a small amount of programming, however I haven't had time to look into it.
Would someone be able to work on this over the holiday? I doubt it'd be more than half a dozen lines of Perl coding, so probably could be done in an afternoon.
The idea is basically to include a second edit box next to the comment box, with the phrase, "Type NOSPAM here:" [________]
Any edits to a page must be accompanied with that value in the edit box, else an error message will be returned. If we find spammers start using this, we change the phrase (or replace it with an image).
The wiki.pl CGI can be checked out of the inkscape_project CVS module.
Can someone with Perl skills volunteer for this task?
Bryce
On Tue, 23 Nov 2004 matiphas@...8... wrote:
The wiki is facing two different types of spammers :
- the ones that create some new pages flooded with spam (current case)
- some others that simply add parasite links/coontent to existing web pages
- and some other replacing the content of some pages with spam
Something interesting, most of the time the parasite content/spam is exactly the same within a same or different spam campaign. Does anyone know about a robot/script allowing to do some reverse spam (simply removing some identified content) ?
Regards,
MatiphasSelon Arpad Biro <biro_arpad@...36...>:
Hi,
Yet another spammer wants to be banned from the Wiki. See the recent changes for details (if you're strong enough for this kind of stuff).
Arpad Biro
Do you Yahoo!? The all-new My Yahoo! - Get yours free! http://my.yahoo.com
SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://productguide.itmanagersjournal.com/ _______________________________________________ Inkscape-devel mailing list Inkscape-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/inkscape-devel
SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://productguide.itmanagersjournal.com/ _______________________________________________ Inkscape-devel mailing list Inkscape-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/inkscape-devel
Everyone,
Due to rampant spammer abuse of the Inkscape wiki, we've been forced to make a change to its usage.
From now on, whenever you edit a page, you must also type in the word
'NOSPAM' into a new entry box at the bottom of the page. If you do not, an error message will display; you can click back and add the NOSPAM and resubmit.
This change will fake out the spammers, because their spambots won't know to do this step, so will be blocked. Possibly the spammers will catch on to this defense; if so, we'll invent new countermeasures. Thanks go to Kees Cook for implementing this for us. :-)
I apologize for the inconvenience of doing this; I know it's a hassle, but if it eliminates the hassle of having to revert pages and delete spam in order to use the wiki, I think it will be worth the trade. If not, and you have an idea for a better solution, please let me know.
Bryce
On Tue, 23 Nov 2004, Kees Cook wrote:
On Tue, Nov 23, 2004 at 04:13:39PM -0800, Bryce Harrington wrote:
The idea is basically to include a second edit box next to the comment box, with the phrase, "Type NOSPAM here:" [________]
Can someone with Perl skills volunteer for this task?
Done!
Maybe instead of text, do what some e-shopping sites do. Have a pass phrase displayed on an image, and let the person type that in. Then the pass cannot be harvested.
Bob
Kees Cook wrote:
On Tue, Nov 23, 2004 at 04:13:39PM -0800, Bryce Harrington wrote:
The idea is basically to include a second edit box next to the comment box, with the phrase, "Type NOSPAM here:" [________]
Can someone with Perl skills volunteer for this task?
Done!
On Wed, Nov 24, 2004 at 06:34:25AM -0600, Bob Jamison wrote:
Maybe instead of text, do what some e-shopping sites do. Have a pass phrase displayed on an image, and let the person type that in. Then the pass cannot be harvested.
If it comes to that, yeah. The problem is that is hinders any visually impaired contributors. craigslist.org added "hear this word" links too. That's more coding, etc, since it requires some added libraries, etc.
We can see how well this works.
On Wed, 24 Nov 2004, Kees Cook wrote:
On Wed, Nov 24, 2004 at 06:34:25AM -0600, Bob Jamison wrote:
Maybe instead of text, do what some e-shopping sites do. Have a pass phrase displayed on an image, and let the person type that in. Then the pass cannot be harvested.
If it comes to that, yeah. The problem is that is hinders any visually impaired contributors. craigslist.org added "hear this word" links too. That's more coding, etc, since it requires some added libraries, etc.
I should also note that the state-of-the-art as far as speech recognition and OCR is pretty far along, for these purposes anyway, too.
To give you a sense of where CAPTCHA OCR stood a year ago:
http://www.cs.berkeley.edu/~mori/gimpy/gimpy.html
Also, let's not forget the age-old tactic of hooking the back-end of the spamming tool to a porn site that requests CAPTCHA solutions of its users: free distributed human labor (and probably far more motivated than your own users, too).
My point is that fancy verification mechanisms are an arms race we can't really win, and the fancier or more difficult, the more legitimate users we would hurt.
I think it's more important that our verifier be unique than that it be particularly difficult. If spammers can't exploit economies of scale by utilizing off-the-shelf software, it becomes much less economical for them to spam us in particular.
-mental
On Wed, Nov 24, 2004 at 11:31:47AM -0500, MenTaLguY wrote:
Also, let's not forget the age-old tactic of hooking the back-end of the spamming tool to a porn site that requests CAPTCHA solutions of its users: free distributed human labor (and probably far more motivated than your own users, too).
Oh man, that's terrific. Kinda like gathering entropy in a kernel.
On Wed, 24 Nov 2004, MenTaLguY wrote:
My point is that fancy verification mechanisms are an arms race we can't really win, and the fancier or more difficult, the more legitimate users we would hurt.
I think it's more important that our verifier be unique than that it be particularly difficult. If spammers can't exploit economies of scale by utilizing off-the-shelf software, it becomes much less economical for them to spam us in particular.
Agreed. Also, I am only aiming to get 80-90% out of the software, and count on the Inkscape community for the remaining 10-20%. As long as we have the tools at our disposal to get rid of the most repetitive, high-hassle stuff, the rest can be taken care of by just ensuring we have good participation from Wiki users.
A few weeks ago I met with some Wikipedia editors/admins and asked how they handled spam in Wikipedia. They said they have some code to measure time between edits, but beyond that they fish the spam out manually, the same way we've been doing. They just have a lot more eyeballs on it.
Anyway, I figure as long as we help keep the hassle of using wiki under control, we can depend on our community to help maintain it. :-)
Bryce
On Wed, 24 Nov 2004, Bob Jamison wrote:
Maybe instead of text, do what some e-shopping sites do. Have a pass phrase displayed on an image, and let the person type that in. Then the pass cannot be harvested.
I think the text-based verifier should be sufficient: the important thing is that it should no longer be possible to spam our wiki using *off-the-shelf* automated tools.
I realize that tools can be customized, but we can always change the form of the verifier again if countermeasures to it becomes widespread, and I think most spammers wouldn't see it as worth the effort initially, just for one wiki.
Additionally, to be effective, an image-based CAPTCHA would need to be heavily distorted (many spamming tools have OCR), which is really cruel to folks with less-than-perfect eyesight, or those who are not using graphical browsers for whatever reason.
I probably fall into both categories somewhat; I wear glasses and have problems with eyestrain, and it's also not unusual for me to do quick wiki bits from lynx or w3m rather than hauling out Mozilla. If we adopted an image-based CAPTCHA I would probably stop posting.
-mental
On Wed, Nov 24, 2004 at 11:09:48AM -0500, MenTaLguY wrote:
bits from lynx or w3m rather than hauling out Mozilla. If we adopted an image-based CAPTCHA I would probably stop posting.
Just to check: does this current solution deter you? We need to keep the wiki usable. :)
MenTaLguY wrote:
On Wed, 24 Nov 2004, Bob Jamison wrote:
Maybe instead of text, do what some e-shopping sites do. Have a pass phrase displayed on an image, and let the person type that in. Then the pass cannot be harvested.
I think the text-based verifier should be sufficient: the important thing is that it should no longer be possible to spam our wiki using *off-the-shelf* automated tools.
Did everyone catch the hashcash story involving wiki's on Slashdot recently?
Beat Spam Using Hashcash http://it.slashdot.org/article.pl?sid=04/11/10/1811251&tid=111&tid=1...
On Wed, 2004-11-24 at 20:33, Jon A. Cruz wrote:
Did everyone catch the hashcash story involving wiki's on Slashdot recently?
Beat Spam Using Hashcash http://it.slashdot.org/article.pl?sid=04/11/10/1811251&tid=111&tid=1...
Ok. Any suggestions how to implement it without requiring the client to have Javascript?
-mental
A quick update on the wiki situation:
In the past 4 days since the change, spamming has nearly disappeared. The NOSPAM change has delt a solid blow to the spammers. :-)
However, there has been two cases of spam, to the PastMilestones page, on Nov 26 and again on the 27th. These were by spammers in the .bn.by and .bas-net.by domains, both of which are now blocked. Thus, we're not completely immune. I surmise they may be manually spamming us; this is good because it is something we can deal with effectively through administrative actions (banning, etc.)
A number of pages were added on Nov 23 that need to be deleted. Scislac could you tackle these?
Bryce
On Wed, 24 Nov 2004, Jon A. Cruz wrote:
MenTaLguY wrote:
On Wed, 24 Nov 2004, Bob Jamison wrote:
Maybe instead of text, do what some e-shopping sites do. Have a pass phrase displayed on an image, and let the person type that in. Then the pass cannot be harvested.
I think the text-based verifier should be sufficient: the important thing is that it should no longer be possible to spam our wiki using *off-the-shelf* automated tools.
Did everyone catch the hashcash story involving wiki's on Slashdot recently?
Beat Spam Using Hashcash http://it.slashdot.org/article.pl?sid=04/11/10/1811251&tid=111&tid=1...
SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://productguide.itmanagersjournal.com/ _______________________________________________ Inkscape-devel mailing list Inkscape-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/inkscape-devel
would someone be able to give me a link to the Wiki?... it'd be much more helpful for me to read there rather than ask old uuestions on-list ;)
thanks,
Miriam
Here you go:
http://inkscape.org/cgi-bin/wiki.pl
On Mon, 29 Nov 2004, miriam clinton (iriXx) wrote:
would someone be able to give me a link to the Wiki?... it'd be much more helpful for me to read there rather than ask old uuestions on-list ;)
thanks,
Miriam
On Sun, 28 Nov 2004, Bryce Harrington wrote:
Date: Sun, 28 Nov 2004 21:42:28 -0800 (PST) From: Bryce Harrington <bryce@...260...> To: "miriam clinton (iriXx)" <iriXx@...568...> Cc: inkscape inkscape-devel@lists.sourceforge.net Subject: Re: [Inkscape-devel] Wiki again
Here you go:
Is mod_rewrite available on the webserver? (And ideally mod_spel too) Is there any chance the webmaster could clean things up so that cgi-bin is hidden from users?
In case you are wondering why I think this kind of detail is important Jakob Neilsen provides plenty of reasons and suggestions how to improve URLs in this article: http://www.useit.com/alertbox/990321.html
There are other things that could be tweaked to make the site even easier for users that are geussing at Locations, but mod_spel alone would make a massive difference. We have a page at http://inkscape.org/faq.php but nothing at http://inkscape.org/faq/ or http://inkscape.org/faq.html
The Inkscape website uses the default Apache 404 messages. It would be good if we could include the search tool on the 404 page, and a linkback to the front page. Ideally the 404 page would be styled and have the standards includes like every other page. This is something I might be able to help with. http://www.useit.com/alertbox/404_improvement.html
Sincerely
Alan Horkan
Free SVG Clip Art http://OpenClipArt.org Inkscape, Draw Freely http://inkscape.org Abiword is Awesome http://abisource.com
On Mon, 29 Nov 2004, Alan Horkan wrote:
Here you go:
Is mod_rewrite available on the webserver? (And ideally mod_spel too) Is there any chance the webmaster could clean things up so that cgi-bin is hidden from users?
In case you are wondering why I think this kind of detail is important Jakob Neilsen provides plenty of reasons and suggestions how to improve URLs in this article: http://www.useit.com/alertbox/990321.html
There are other things that could be tweaked to make the site even easier for users that are geussing at Locations, but mod_spel alone would make a massive difference. We have a page at http://inkscape.org/faq.php but nothing at http://inkscape.org/faq/ or http://inkscape.org/faq.html
The Inkscape website uses the default Apache 404 messages. It would be good if we could include the search tool on the 404 page, and a linkback to the front page. Ideally the 404 page would be styled and have the standards includes like every other page. This is something I might be able to help with. http://www.useit.com/alertbox/404_improvement.html
Alan, these all sound like good ideas - why don't you take them on? I've granted you CVS and shell access.
You can log into your shell account via ssh shell.sf.net. Our stuff is in /projects/i/in/inkscape.
The website itself is in CVS in the inkscape_web module. Wiki is stored in the inkscape_project module.
Go ahead and log in and see what can be done. The amount of configuring that can be done is limited, but it's worth a shot. The 404 error message replacement is an excellent idea.
Thanks, Bryce
Still catching up on the 100+ inkscape messages from vacation...
A quick update on the wiki situation:
In the past 4 days since the change, spamming has nearly disappeared. The NOSPAM change has delt a solid blow to the spammers. :-)
However, there has been two cases of spam, to the PastMilestones page, on Nov 26 and again on the 27th. These were by spammers in the .bn.by and .bas-net.by domains, both of which are now blocked. Thus, we're
not
completely immune. I surmise they may be manually spamming us; this
is
good because it is something we can deal with effectively through administrative actions (banning, etc.)
A number of pages were added on Nov 23 that need to be deleted.
Scislac
could you tackle these?
If they have not been handled yet, will do!
Bryce
allready done last week, but they still appear in history
Selon "Joshua A. Andler" <joshua@...533...>:
Still catching up on the 100+ inkscape messages from vacation...
A quick update on the wiki situation:
In the past 4 days since the change, spamming has nearly disappeared. The NOSPAM change has delt a solid blow to the spammers. :-)
However, there has been two cases of spam, to the PastMilestones page, on Nov 26 and again on the 27th. These were by spammers in the .bn.by and .bas-net.by domains, both of which are now blocked. Thus, we're
not
completely immune. I surmise they may be manually spamming us; this
is
good because it is something we can deal with effectively through administrative actions (banning, etc.)
A number of pages were added on Nov 23 that need to be deleted.
Scislac
could you tackle these?
If they have not been handled yet, will do!
Bryce
SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://productguide.itmanagersjournal.com/ _______________________________________________ Inkscape-devel mailing list Inkscape-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/inkscape-devel
I've thought of that; we'll keep that in our back pocket in case this doesn't work. If spammers are specifically looking at and targetting our site, that'd be a way to stop them, however I think we're getting hit by random robots that are striking wiki's in general. If I'm right, then even this simple change will throw them off.
If not, I've also added Geraud as an admin, so he can catch anything that gets by this initial block.
Bryce
On Wed, 24 Nov 2004, Bob Jamison wrote:
Maybe instead of text, do what some e-shopping sites do. Have a pass phrase displayed on an image, and let the person type that in. Then the pass cannot be harvested.
Bob
Kees Cook wrote:
On Tue, Nov 23, 2004 at 04:13:39PM -0800, Bryce Harrington wrote:
The idea is basically to include a second edit box next to the comment box, with the phrase, "Type NOSPAM here:" [________]
Can someone with Perl skills volunteer for this task?
Done!
SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://productguide.itmanagersjournal.com/ _______________________________________________ Inkscape-devel mailing list Inkscape-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/inkscape-devel
Actually, the easiest thing is for me to deputize a few of y'all to be wiki admins. If you are willing to take this role, email me offline and I'll select a couple people and provide the info. Obviously, only ask if you've been active in Inkscape for a while, and expect to continue to be keeping an eye on the wiki.
Powers will include page deletion, updating the spammer ban list, and locking/unlocking pages.
Even if we implement the wiki.pl change, we probably still could use another couple admins, just in case.
Bryce
On Tue, 23 Nov 2004 matiphas@...8... wrote:
The wiki is facing two different types of spammers :
- the ones that create some new pages flooded with spam (current case)
- some others that simply add parasite links/coontent to existing web pages
- and some other replacing the content of some pages with spam
Something interesting, most of the time the parasite content/spam is exactly the same within a same or different spam campaign. Does anyone know about a robot/script allowing to do some reverse spam (simply removing some identified content) ?
Regards,
MatiphasSelon Arpad Biro <biro_arpad@...36...>:
Hi,
Yet another spammer wants to be banned from the Wiki. See the recent changes for details (if you're strong enough for this kind of stuff).
Arpad Biro
Do you Yahoo!? The all-new My Yahoo! - Get yours free! http://my.yahoo.com
SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://productguide.itmanagersjournal.com/ _______________________________________________ Inkscape-devel mailing list Inkscape-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/inkscape-devel
SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://productguide.itmanagersjournal.com/ _______________________________________________ Inkscape-devel mailing list Inkscape-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/inkscape-devel
participants (10)
-
unknown@example.com -
Alan Horkan -
Arpad Biro -
Bob Jamison -
Bryce Harrington -
Jon A. Cruz -
Joshua A. Andler -
Kees Cook -
MenTaLguY -
miriam clinton (iriXx)