NeilStevens: Can't ban gold, ToME has it. Can't ban item selling, ToME has it. Same with power levelling (I being a leader in developing those strategies eve, heh). Warcraft has to be allowed in case someone makes a module.

I've banned the IP address of the persistent attacker we've just endured, though.

And thank you to all who help clean that up.

ShrikeDeCil: This may just be crazy muttering, but can the current filter mechanism do any of these things:

A human can jump through the extra hoop, and disguise the 'safe text' as white text or something.

SkanderFord: Would it be possible to ban the '+' character in titles? It's a thing people don't use and all (or almost all) spam pages I've seen recently have. Also, forcing to pass a captcha before registering would prevent most bots from acting. I don't know if it's possible to create a new page if you're not registered (i think it is). For any captcha method to work, this should have to be disabled. It'd be a minor inconvenience to people, but I don't see many people creating new pages without being registered. And on the keywords issue, would it be possible to disallow pages with external links containing some keywords? Eg. you can write golo, or WoW, or anything but you can not do it if this word is inside a text which links to an external site.

BucketMan: Would it be such a terrible thing to revert to the old version? It didn't seem to have these problems.

NeilStevens: It's not possible. I only did the upgrade because I was forced to do so. Besides, the problem isn't the software. It's only that spammers are *looking* for this software in a way they never looked for the old.

Update: I'm now going to get more aggressive in IP banning.

ElCuGo: Could you please lock the page BugReport452? It has been vandalized over and over by spammers. It would also be a good idea to delete the history of the page, since the spam can still be found there and search engine bots don't care if it's an history, they still index the spam and the spammers win. Thanks.

NeilStevens: They'll just hit a different page if we block that one. And I'm not interested in deleting the histories of pages because those have value.

NeilStevens: I regret ever picking MoinMoin...

FedericoOdorizzi: It seems that this (DayInTheLifeArchive/LearningCompetition) page cannot be edited, I got this message when I tried to do it: "Spam block: Blacklist match: powerlvl" (edited to avoid the filter to stop me editing this too), the text I wanted to add at the bottom was "FedericoOdorizzi: Maybe after 2.3.5 comes out there will be more people around and we'll be able to make a new one.".

Suggestion: could you apply the filter to the diff and not to the whole doc?

NeilStevens: I'll just remove that word from the document myself, heh. I don't know how to make the filter apply just to the diffs. Not a big fan of MoinMoin these days.

FedericoOdorizzi :) Thanks. I suppose adding "China" to the filter isn't an option?

NeilStevens: I'm almost at the point where I will look up China's IP ranges and ban them all, sadly.

SaricRitzden: I have been trying to remove spam when i see it, but I was wondering if that is helpful at all, because the pages are usually junk and end up deleted anyway.

NeilStevens: It does help, at the very least by alerting me to the spam. Thank you.

Anonymous: Tried to leave a comment about the _2f URL encoding issue (nothing really productive however) but I can't update your page, Neil. Spamblock for links (due to your own links!)

Anonymous (again): Well, for what it's worth I got mediawiki running decently enough with not much preperation - it's not terribly hard (it's what wikipedia and friends use). However, getting all the data from HERE over to THERE... now that would be a challenge!

Anonymous (AGAIN): Perhaps a CAPTCHA for anonymous folk like me, or just outright removing anonymous contributions, would relieve some of the spam?

NeilStevens: Apparently MoinMoin will get some bot traps in the next version, but at least some of our spam is manual and that won't help. Also some of our spammers are using registered accounts. There really is no solution to spam on a wiki, save vigilance.

As for using different software... the key would be to port the data, yes, and if *MoinMoin* couldn't port its *own* data correctly (see the pages ending in ? we can no longer reach), I really doubt it'll export to another system well either.

*sigh*

Draeath: I'm the anonymous guy above. I'm not much of a database guru, but you should be able to connect to the database directly and issue SQL commands to query for such entries, and update them sans-"?" correct? MoinMoin does use a normal database I assume. Of course this whole train of thought is premised around the idea that you have the time and the want to do what would be, honestly, a complete pain in the butt. Or in the very least trust someone else enough to give them requisite access to the database - which in and of itself opens a whole security can of worms. You are right about the apparent futility of handling spam in a wiki environment. The only sure-fire way to stop it is to disallow anonymous editing, and remove the ability for users to register themselves. That unfortunately would require you or some other designated user(s) to receive requests to register, review, and register them - something that I think you would agree is out of the question. I have such a system on a personal wiki I've put up at work, but as that only has 4 users it's a completely different situation.

NeilStevens: No, MoinMoin doesn't use a DBMS. If it did I probably would have gotten everything resolved by now, heh.

Draeath: This may help. These scripts arn't perfect however, but they are meant to help you go from MoinMoin to mediawiki (which uses mysql or postgresql). Something to look into, anyways.

NeilStevens: That says it breaks some links. Plus isn't MediaWiki written in perl? As a matter of software engineering practicality I'd rather not have to mess with perl to maintain this wiki. Thanks though!

Draeath: I'll have to look, I think MediaWiki is all in PHP. The only requirements to use it are: apache2, mysql (or postgresql), and PHP5. Not sure of the minimum version of mysql, but if you want postgres you need the latest postgres (8.3) and mediawiki. I know that I had to edit a php file to set up access restrictions. But as far as broken links go... heh, look at what happened earlier? Anyways, I'm not trying to push or persuade, just bringing up an option I've seen. Note that if you do go that route, wikipedia, wikimedia, etc. all run on mediawiki - so you would very likely have a large community for help. They have a page explaining how it all works, that I just now noticed.

NeilStevens: I know you're just trying to help, but I'm just not inclined to leap from one set of problems to another. It sounds like this is ruled out though, I have psql 8.0, not 8.3.

What happened earlier links-wise is that I was otherwise forced into a python upgrade on the server. This python upgrade broke MoinMoin (which is a big strike against python). MoinMoin had no fix for the version I was on, but rather forced an upgrade to a newer MoinMoin version, which broke the old links. Upgrading to that newer version required literally dozens of scripts to be run on the data. None of which fixed the links.

And on top of that, the new MoinMoin version broke all pages that end in ?.

I'm open to options, but I have to be clear on what the gain is for our existing data set.

thanks though,

Draeath: No problem ;)

Shadus: I run several sites for friends including a few blogs and forums, the best long term solution i've found for spam is to use akismet. There is some discussion of that on the moinmoin site for later versions. I was getting 200-300 spam a day across the several blogs i was running and 50-60 spam a day on the forum, after hacking akismet into the forum spam disappeared (later I upgraded to phpbb3 and the captcha ate the spammers without akimet) and the blogs instantly dropped to 0 spam getting through. I was adding akismet (php) to a phpbb forum, but looking at the akismet code if you're decent with python (which I suck at) I don't think it would be very hard to implement it into moinmoin either. The entire php plugin with the hooks for wordpress is about 33k. There's also talk on the moinmoin wiki that 1.6 has considerably more antispam features than previous versions. I also know there is some talk of spamassassin and moinmoin, but I don't know anything about that. Just my .02c on spam and maybe something that will give you an idea. I know how annoying spam gets... good luck finding a solution :)

NeilStevens: Yeah, I checked a while back and apparently they were adding some testing in the next version. I'll probably have to upgrade *Again* when that comes out, heh.

thanks,

NeilStevens/NotesOnSpam (last edited 2008-06-16 22:00:44 by NeilStevens)