You are viewing a plain text version of this content. The canonical link for it is here.

Posted to user@jspwiki.apache.org by Roland Whitehead <ro...@quru.com> on 2008/11/24 15:20:38 UTC

Stopping anonymous login

Some friendly hacker has a script which trawls for pages without  
comments and adds one filled with links to unsuitable sites. We also  
have the same person try creating new user accounts but clearly that's  
too laborious for them so they've only done this four times.

I have removed anonymous ability to create and edit pages. I now wish  
to stop people from registering, leaving that up to the administrators.

Short of hacking Login.jsp, how can I stop people from setting up new  
accounts? I know that this has been asked before (I've found it in the  
main wiki and in the list archives) but I haven't yet found an answer  
other than "its self-regulating so we haven't done anything like  
this"...

TIA

Roland

Re: Stopping anonymous login

Posted by Janne Jalkanen <ja...@iki.fi>.

Have you tested the SpamFilter already?  It's quite efficient; on
jspwiki.org it stops something like 100+ invalid edits/day.  It is 
particularly smart at weeding out scripts.

Also, you can set up Administrator moderation for new user accounts,
just look at the bottom of jspwiki.properties.

# Uncomment the next line to require the Admin group to approve new
# user profiles
#jspwiki.approver.workflow.createUserProfile=Admin

This is, in general, less laborious than having an admin manually
create new user accounts.

(BTW, you don't say which version of JSPWiki you are using.  So these
instructions are for 2.8 [though should work for 2.6 as well].)

/Janne

On Mon, Nov 24, 2008 at 02:20:38PM +0000, Roland Whitehead wrote:
> Some friendly hacker has a script which trawls for pages without  
> comments and adds one filled with links to unsuitable sites. We also  
> have the same person try creating new user accounts but clearly that's  
> too laborious for them so they've only done this four times.
> 
> I have removed anonymous ability to create and edit pages. I now wish  
> to stop people from registering, leaving that up to the administrators.
> 
> Short of hacking Login.jsp, how can I stop people from setting up new  
> accounts? I know that this has been asked before (I've found it in the  
> main wiki and in the list archives) but I haven't yet found an answer  
> other than "its self-regulating so we haven't done anything like  
> this"...
> 
> TIA
> 
> Roland