You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@jspwiki.apache.org by Roland Whitehead <ro...@quru.com> on 2008/11/24 15:20:38 UTC
Stopping anonymous login
Some friendly hacker has a script which trawls for pages without
comments and adds one filled with links to unsuitable sites. We also
have the same person try creating new user accounts but clearly that's
too laborious for them so they've only done this four times.
I have removed anonymous ability to create and edit pages. I now wish
to stop people from registering, leaving that up to the administrators.
Short of hacking Login.jsp, how can I stop people from setting up new
accounts? I know that this has been asked before (I've found it in the
main wiki and in the list archives) but I haven't yet found an answer
other than "its self-regulating so we haven't done anything like
this"...
TIA
Roland
Re: Stopping anonymous login
Posted by Janne Jalkanen <ja...@iki.fi>.
Have you tested the SpamFilter already? It's quite efficient; on
jspwiki.org it stops something like 100+ invalid edits/day. It is
particularly smart at weeding out scripts.
Also, you can set up Administrator moderation for new user accounts,
just look at the bottom of jspwiki.properties.
# Uncomment the next line to require the Admin group to approve new
# user profiles
#jspwiki.approver.workflow.createUserProfile=Admin
This is, in general, less laborious than having an admin manually
create new user accounts.
(BTW, you don't say which version of JSPWiki you are using. So these
instructions are for 2.8 [though should work for 2.6 as well].)
/Janne
On Mon, Nov 24, 2008 at 02:20:38PM +0000, Roland Whitehead wrote:
> Some friendly hacker has a script which trawls for pages without
> comments and adds one filled with links to unsuitable sites. We also
> have the same person try creating new user accounts but clearly that's
> too laborious for them so they've only done this four times.
>
> I have removed anonymous ability to create and edit pages. I now wish
> to stop people from registering, leaving that up to the administrators.
>
> Short of hacking Login.jsp, how can I stop people from setting up new
> accounts? I know that this has been asked before (I've found it in the
> main wiki and in the list archives) but I haven't yet found an answer
> other than "its self-regulating so we haven't done anything like
> this"...
>
> TIA
>
> Roland