[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#690231: wiki.debian.org: error in Locale page (sshd vs. ssh))

MJ Ray wrote:
>Paul Wise <pabs@debian.org>
>> On Tue, Oct 16, 2012 at 5:28 PM, MJ Ray wrote:
>> > This is a bug.  http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=678540
>> I agree, reCaptcha is suboptimal but the alternative is for the wiki
>> team (1.5 persons) to revert lots of spam daily instead of one or two
>> per week. If you have an anti-spam mechanism that is as effective as
>> reCaptcha then we would love to hear about it.
>This is topic-drift, so only a short reply: reCaptcha is not "an
>anti-spam mechanism".  It does nothing to test whether a submission is
>spam or a submitter is a spammer.  It is merely a physical ability
>test that is failed by a group which includes most spam robots and
>some software-assisted humans.  It works a bit, but is evil.
>http://wiki.debian.org/DebianWiki/DealingWithSpam doesn't look
>current, so I don't know what anti-spam mechanisms are actually
>installed, but things like rate limits and a moderation queue may help.

The main thrust of our anti-spam strategy is:

 * require people to have accounts to be able to edit
   (create/change/rename etc.) pages in the wiki

 * control account creation so that spammers either don't create them
   in the first place, or we disable accounts when we detect spam

Recaptcha is simply one of several methods that we've used to limit
account creation.

I've also added moin support for requiring email verification to limit
throwaway account creation. This helped a fair amount for a short
while, but the spam bots have been getting more and more sophisticated
and simply started using throwaway hotmail/gmail/wherever email
addresses to get around that. So I re-enabled recaptcha again and it

Most recently, I've added local filtering at account creation time to
pick up on various patterns (email address, username, source IP, etc.)
and block account creation altogether for the more obvious
spammers. This *has* been very successful, modulo the occasional false

Given that, I've disabled recaptcha again for new account creation and
I'll monitor the effects for the next few days. Hopefully things will
stay under control now. Nobody *likes* using recaptcha, agreed...

Your other suggestions for anti-spam are common suggestions, but (in
my opinion) not likely to work. Rate limits are difficult to enforce
with spamming scum using bots located all over the world to create
random pages; moderation is very labour-intensive when we're
perpetually short of admin time already...

Steve McIntyre, Cambridge, UK.                                steve@einval.com
"We're the technical experts.  We were hired so that management could
 ignore our recommendations and tell us how to do our jobs."  -- Mike Andrews

Reply to: