You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@spamassassin.apache.org by Justin Mason <jm...@jmason.org> on 2004/07/15 20:38:39 UTC
Re: wiki spam
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Sidney Markowitz writes:
> I'm ok with requiring a login if that works. Is there any reason to have
> it active for anything except the sandbox page other than the patch
> would have to be modified to test something in the page template?
Yep -- recently it's been on FrontPage and TitleIndex too, and I have
no reason to believe there's much stopping spammers from
- picking other Moin-standard wiki pages
- using RecentChanges or WordIndex to pick a random page to deface
in future.
- --j.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Exmh CVS
iD8DBQFA9s8vQTcbUG5Y7woRAmZvAJ9lvxCiAvzx56A5vhhPWYOOFS4cdQCeNiha
ZvPM5nrfHIumo8nIQMGNgZU=
=a4jL
-----END PGP SIGNATURE-----
RE: wiki spam
Posted by Johannes russek <jo...@io-consulting.net>.
ye guys,
what about that web-of-trust theory, google used in its new "community"
concept,
like: everyone is trusted, that got invited by someone already trusted.
but maybe thats overshot for what you guys want?
regards, johannes
> -----Original Message-----
> From: Theo Van Dinter [mailto:felicity@kluge.net]
> Sent: Thursday, July 15, 2004 9:46 PM
> To: SpamAssassin-dev@incubator.apache.org
> Subject: Re: wiki spam
>
>
> On Fri, Jul 16, 2004 at 07:38:17AM +1200, Sidney Markowitz wrote:
> > Umm, I'm hoping for something that has a bit less impact on the
> human UI
> > while only affecting the robots. Wikis have been working fine without
> > having to identify or trust the humans. (I know you were being
> > sarcastic, but I want to point out that the direction to go in is _not_
> > to increase trust levels in the people who make edits).
>
> Heh. Actually, I was only partially sarcastic. I've been on a
> philosophical thought path about trust and related issues recently.
>
> But yeah, cryptographic signing would make the whole concept of the
> wiki kind of moot given the current state of things, imo. We do want
> in some measure to require a slightly higher trust level that the edit
> coming in is valid, though, such as simple authentication or something.
>
> --
> Randomly Generated Tagline:
> Gimme two brains on drugs, over easy, and bacon...
>
Re: wiki spam
Posted by Theo Van Dinter <fe...@kluge.net>.
On Fri, Jul 16, 2004 at 07:38:17AM +1200, Sidney Markowitz wrote:
> Umm, I'm hoping for something that has a bit less impact on the human UI
> while only affecting the robots. Wikis have been working fine without
> having to identify or trust the humans. (I know you were being
> sarcastic, but I want to point out that the direction to go in is _not_
> to increase trust levels in the people who make edits).
Heh. Actually, I was only partially sarcastic. I've been on a
philosophical thought path about trust and related issues recently.
But yeah, cryptographic signing would make the whole concept of the
wiki kind of moot given the current state of things, imo. We do want
in some measure to require a slightly higher trust level that the edit
coming in is valid, though, such as simple authentication or something.
--
Randomly Generated Tagline:
Gimme two brains on drugs, over easy, and bacon...
Re: wiki spam
Posted by Sidney Markowitz <si...@sidney.com>.
Theo Van Dinter wrote:
> Clearly, all Wiki changes need to be GPG signed
Umm, I'm hoping for something that has a bit less impact on the human UI
while only affecting the robots. Wikis have been working fine without
having to identify or trust the humans. (I know you were being
sarcastic, but I want to point out that the direction to go in is _not_
to increase trust levels in the people who make edits).
-- sidney
Re: wiki spam
Posted by Theo Van Dinter <fe...@kluge.net>.
On Fri, Jul 16, 2004 at 07:30:07AM +1200, Sidney Markowitz wrote:
> It might be more effective and less intrusive to add some randomization
> to the page that changes whatever elements the robots are using to post
> the changes but doesn't effect the human UI. I certainly would not want
> to end up having to use a CAPTCHA -- I find them really annoying.
Clearly, all Wiki changes need to be GPG signed, and ideally there'll
be a trust path between the author and either the last author or some
other configured key.
--
Randomly Generated Tagline:
"The universe is already insane, anything else would be redundant."
- Londo on Babylon 5
Re: wiki spam
Posted by Sidney Markowitz <si...@sidney.com>.
Justin Mason wrote:
> Yep -- recently it's been on FrontPage and TitleIndex too
Sigh.
It might be more effective and less intrusive to add some randomization
to the page that changes whatever elements the robots are using to post
the changes but doesn't effect the human UI. I certainly would not want
to end up having to use a CAPTCHA -- I find them really annoying.
-- sidney