Return-Path: Delivered-To: apmail-incubator-jspwiki-dev-archive@locus.apache.org Received: (qmail 55616 invoked from network); 26 Dec 2007 10:31:54 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 26 Dec 2007 10:31:54 -0000 Received: (qmail 47697 invoked by uid 500); 26 Dec 2007 10:31:43 -0000 Delivered-To: apmail-incubator-jspwiki-dev-archive@incubator.apache.org Received: (qmail 47687 invoked by uid 500); 26 Dec 2007 10:31:43 -0000 Mailing-List: contact jspwiki-dev-help@incubator.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: jspwiki-dev@incubator.apache.org Delivered-To: mailing list jspwiki-dev@incubator.apache.org Received: (qmail 47678 invoked by uid 99); 26 Dec 2007 10:31:43 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 26 Dec 2007 02:31:43 -0800 X-ASF-Spam-Status: No, hits=2.0 required=10.0 tests=HTML_MESSAGE,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: domain of harry.metske@gmail.com designates 209.85.146.177 as permitted sender) Received: from [209.85.146.177] (HELO wa-out-1112.google.com) (209.85.146.177) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 26 Dec 2007 10:31:18 +0000 Received: by wa-out-1112.google.com with SMTP id n4so9789230wag.6 for ; Wed, 26 Dec 2007 02:31:22 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:references; bh=9Oh/IlD51F7LeZsvapmUGoYAzEMvUmra3jGXZt9kq9Y=; b=YFQq+ZPwU6wv6DciLP4rfnii/1aM6Y3MeYGdSWei8obcIC81xQo/vLSNr9fcNtqkW3tSAzMvUdhNnpj0XpUWOoVrJErnJOSPGVhwpeCbPpSlnl64jrADpofoZ34wg7TFqTVOhTSx4Vdd3wObHQMiFmVY8M04geYKCB3+UPd7T4U= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:in-reply-to:mime-version:content-type:references; b=PS0K07S5iNrpfKZshUF6p3/REclyibfgXcRZk0llke6uJUcmbYYCtNwQ33aueI3lCqJR+PR1nyRa58vyVzb2Gb/ItzjqOkIl5eakf/9IJko0TfQ4Umli6T388hy9z22uXtwOc2ijYiKDkkCLv3FMwF9fm9FwVkNqFgcSKZRGjpQ= Received: by 10.114.123.1 with SMTP id v1mr6341781wac.147.1198665082395; Wed, 26 Dec 2007 02:31:22 -0800 (PST) Received: by 10.114.124.14 with HTTP; Wed, 26 Dec 2007 02:31:22 -0800 (PST) Message-ID: <3a6c97f00712260231y3ff29f41nc3b3f70c77396e1@mail.gmail.com> Date: Wed, 26 Dec 2007 11:31:22 +0100 From: "Harry Metske" To: jspwiki-dev@incubator.apache.org Subject: Re: The guy's back... In-Reply-To: <58A1E27A-897A-4FC4-A2E6-821FBB2D8CE2@ecyrd.com> MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_Part_12445_156538.1198665082384" References: <7C1E56D8-C09D-4709-8BBD-2D82848B34E0@ecyrd.com> <3a6c97f00712251306n2d98cc77ybd0cd88c8e2f8fbf@mail.gmail.com> <2DA32C36-E574-4C43-ADB8-9AC1333A8996@ecyrd.com> <20071226024045.GJ12092@samad.com.au> <58A1E27A-897A-4FC4-A2E6-821FBB2D8CE2@ecyrd.com> X-Virus-Checked: Checked by ClamAV on apache.org ------=_Part_12445_156538.1198665082384 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline I also think it is too dangerous to offer spammers a dummy jspwiki.org, chances are that goodwilling editors are loosing their edits in the dummy wiki. Another more rigorous approach would be to only allow authenticated users to edit and comment (so anonymous or asserted users can no longer edit/comment), and expand the user registration process with an email confirmation step. But looking at the amount of spam-edits done so far, this might give a little bit too much collateral damage. (I also had a quick look at the registered users, and it seems to me that there are quite a few with invalid email adressess, I think those should be removed, what might also be a good idea is an extra attribute that holds the last access date of the user, this allows for removing users that haven't been used for a long time). regards, Harry 2007/12/26, Janne Jalkanen : > > > not sure if it possible, but why not let him have hi userid and > > when he logs in > > with it, send him to a clone of jspwiki.org, or code up a 200 > > response jst for > > him but throw away his edits ? > > > > > > I know this is outside normal wiki framework, but might allow the > > wiki to > > continue ? > > May be possible, but that would need a sure-fire way of recognizing > the userid. And, if we can do that, we could probably stop the edits > right away. > > I've been toying with the idea of collecting the IP addresses he > comes from, and building a "permanent blocklist". Also, it might be > cool to have a four-layer option set for edit management: > > 1) approve > 2) send suspect edit to a captcha routine > 3) send suspect edit to a human to approve > 4) reject outright > > Currently our system is not that fine-grained. > > /Janne > -- met vriendelijke groet, Harry Metske Telnr. +31-548-512395 Mobile +31-6-51898081 ------=_Part_12445_156538.1198665082384--