Wiki Spam

Wiki Resource Management & Use (Documentation)

Moderators: OpenUru.org Moderators, Wiki Resource Managers

User avatar
Mac_Fife
Member
Posts: 1239
Joined: Fri Dec 19, 2008 12:38 am
Location: Scotland
Contact:

Wiki Spam

Post by Mac_Fife »

Given the recent outbreak of "wiki spam", would it be too painful to create a specific user group for wiki authors, then have those who wish to have create/edit access manually request addition to the group?

[Edit]
Hmm... Rather than making things harder for legitimate users, maybe it'd be better to make use of the Forum registration tables: We already have an additional stage there to "activate" posting privileges so we could use that usergroup to authorise people in combination with a wiki extension like phpBB/Users Integration.
Mac_Fife
OpenUru.org wiki wrangler
User avatar
JWPlatt
Member
Posts: 1137
Joined: Sun Dec 07, 2008 7:32 pm
Location: Everywhere, all at once

Re: Wiki Spam

Post by JWPlatt »

The reason for the surge is that the new site nav menu restores searchable direct links to the wiki from the home page. I expected this - it's the reason we provided links only to the forums - but hoped we had more time. We really can't do without menu links directly to the resources.

Last night, in fact, I set $wgGroupPermissions['*']['createaccount'] = false to stop wiki registrations until we can get a handle on this.

Your first suggestion works just like these forums which require self-promotion to a user group before posting. Authentication integration has not been desirable because of the maintenance and update issues, but the wiki extension looks like that is minimal compared to the substantial hassle of spam. I'll take a look and will probably install it.
Perfect speed is being there.
User avatar
JWPlatt
Member
Posts: 1137
Joined: Sun Dec 07, 2008 7:32 pm
Location: Everywhere, all at once

Re: Wiki Spam

Post by JWPlatt »

Ok, the phpBB authentication wiki extension has been added.

I made a couple of mods. I moved the extension into a proper ./extensions/Auth_phpBB subfolder instead of ./extensions itself. Also, authentication did not check user type for whether the user has been validated (type <> 1). I added the validation check to the SQL.

Users are required to join themselves to the forum "Members" usergroup to log in and edit the wiki.

The normal wiki email validation, independent from the forums, also is required.
Perfect speed is being there.
User avatar
Mac_Fife
Member
Posts: 1239
Joined: Fri Dec 19, 2008 12:38 am
Location: Scotland
Contact:

Re: Wiki Spam

Post by Mac_Fife »

:? Ummm... Looking at the way that extension works, there might be a problem validating users who use a lower case first character in their forum user name, since the extension is using the "wikified" version which always makes the first character upper case even if it wasn't typed that way. Probably need to adapt the code so that if the lookup initially fails, then munge the first character to lower case and try again. And prohibit people from using either '[' or ']' in their forum usernames.
Mac_Fife
OpenUru.org wiki wrangler
User avatar
JWPlatt
Member
Posts: 1137
Joined: Sun Dec 07, 2008 7:32 pm
Location: Everywhere, all at once

Re: Wiki Spam

Post by JWPlatt »

Brackets are considered spacers in the registration settings for allowable username charactres. I'd have to eliminate all spacers (space, -, +, _, [, ]) from available options. Additionally, the available options also seem to exclude special characters such as apostrophe by virtue of the no-spacers option also including only all alphanumerics at best. And I don't want to go into the code. It's probably less trouble to wait for someone to use them, let them complain, and offer to change their username.

Not sure I understand the edited portion (since edited out - heh!). The Member group is already used to allow wiki edits.
Perfect speed is being there.
User avatar
Mac_Fife
Member
Posts: 1239
Joined: Fri Dec 19, 2008 12:38 am
Location: Scotland
Contact:

Re: Wiki Spam

Post by Mac_Fife »

JWPlatt wrote: I'd have to eliminate all spacers (space, -, +, _, [, ]) from available options.
I really just meant tell people not to do it, rather than enforce it through a configuratiuon setting.
Mac_Fife
OpenUru.org wiki wrangler
User avatar
JWPlatt
Member
Posts: 1137
Joined: Sun Dec 07, 2008 7:32 pm
Location: Everywhere, all at once

Re: Wiki Spam

Post by JWPlatt »

Oh! Sorry, too easy. Isn't there a more complex way to handle it?

;)
Perfect speed is being there.
User avatar
Mac_Fife
Member
Posts: 1239
Joined: Fri Dec 19, 2008 12:38 am
Location: Scotland
Contact:

Re: Wiki Spam

Post by Mac_Fife »

OK, it looks like it copes with lower case first characters and the use of apostrophes in user names, after a fashion.

First, the Wiki always capitalizes names, so forum user b'ert would find that his Wiki username would display as B'ert. That's always been the case.

It seems like the Wiki extension can validate names like that against the phpBB user accounts OK, but returns a Wiki user name that has been capitalized and encoded, so b'ert now comes back as Bʹert (see the subtle change in the apostrophe?). This works OK I think, but if b'ert (or B'ert) has an existing Wiki account he'll find a new account created for Bʹert, and the contribution histories will be disjoint. I'd expect something similar to happen for other non-alphanumeric characters.

All in all, I don't think this is going to be too big of an issue.
Mac_Fife
OpenUru.org wiki wrangler
User avatar
Mac_Fife
Member
Posts: 1239
Joined: Fri Dec 19, 2008 12:38 am
Location: Scotland
Contact:

Re: Wiki Spam

Post by Mac_Fife »

I'm finding that there are some limitations on the current bridge technology that we won't be able to live with long term, most noticeably the fact that certain user names will not validate against the forum user tables due to the wiki software substituting certain non-alphanumeric characters.

Having had a look at the bridge, which just uses an implementation of the standard, plug-in authentication interface for mediawiki, it doesn't look like it's a trivial exercise to get the username, as typed, passed to the forum authentication. I'm considering that the simplest way out of this may be to create an additional lookup table in the wiki database containing the wiki format username and forum format username for any "problem" accounts. The idea would be that on sign-in the username would be checked against the table and if found in the wiki username list then it get substituted with the corresponding forum username. If it's not found, then the authentication will proceed using the name as supplied by the wiki sign-in.

We'd need a custom "admin" form to add new accounts to the table (and maybe edit existing ones), but that can be kept outside the wiki, so there'd be no impact on software maintainability.

Thoughts?
Mac_Fife
OpenUru.org wiki wrangler
User avatar
JWPlatt
Member
Posts: 1137
Joined: Sun Dec 07, 2008 7:32 pm
Location: Everywhere, all at once

Re: Wiki Spam

Post by JWPlatt »

I'm of a mind to not spend T&E by fighting this with software. We can try to advise against using incompatible usernames, but for folks who have already made to choice to use such things as underscores in their usernames ( ;) ), we could just create a second account for them to be used only on the wiki - at least for now. Also, rarified's quest for unified logon may offer new solutions in the future.
Perfect speed is being there.
Post Reply

Return to “Wiki (MediaWiki)”