Opened 12 years ago

Closed 9 years ago

#1121 closed task (fixed)

Spam on GeoNetwork WIKI in trac - please block user

Reported by: ticheler Owned by: sac@…
Priority: major Milestone:
Component: SysAdmin Keywords:
Cc:

Description

Dear SAC,

It seems that we get spam on our GeoNetwork wiki pages that run on trac. Could you please block the user with the name NewtonKing for us (and/or contact him if someone knows he is a legitimate user)?

Did you install any anti-spam plugin in the trac WIKI? One of our community members suggested this:

"There is a spam plugin (http://trac.edgewall.org/wiki/SpamFilter) for trac - I have never tried it but it seems like it could help in these situations....."

Thanks in advance for taking this up.

Jeroen

Change History (9)

comment:1 by warmerdam, 12 years ago

NewtonKing account disabled (password reset).

The SpamFilter looks complicated and error prone. I particularly hate wiki edits requiring recaptas. I'm not interested in pursuing this avenue and would be really sad if it was widely in place.

The approach we usually take is to just watch for spam and remove it.

in reply to:  1 comment:2 by neteler, 12 years ago

Replying to warmerdam: ...

The approach we usually take is to just watch for spam and remove it.

Note that this is only related to the trac wiki (not the case for mediawiki).

comment:3 by warmerdam, 12 years ago

Understood. I find myself using our main mediawiki instance substantially less than I used to due to it's regular math challenges any time I put in a link.

comment:4 by EliL, 12 years ago

The GeoMoose mediawiki instance suffered terribly from spam. We added email account verification and account approval which has ended spam. Now to get an account you must have a valid email and make some minimal effort to demonstrate that you are a person with a passing interest in the topic. This also means that admins must/should act promptly on account requests.

(I don't think that being human, having a passing interest in the topic, and some effort to demonstrate that is too high of a barrier to entry, however, I also know that there is a whole wikipedia/mediawiki entry describing all the things wrong with such an approach.)

comment:5 by warmerdam, 12 years ago

I will note that OSGeo Trac instances use OSGeo accounts which have an OSGeo unique subscription method. So far spammers have all been manual labour based and could get through any sort of test with the exception of a real "knowledge of geo" sort of test.

comment:6 by EliL, 12 years ago

The PDX-OSGeo list requires new members answer "What is your favorite map?" (Unfortunately, a lot of requests forget to answer the question and require follow up or we just recognize the email address and approve it, so that would not necessarily work in wider extents).

I think having a semi-legitimate answer to "What is your favorite map?" is a fair requirement to getting an OSGeo account. We could also do "Who is the OSGeo President?", "How many members are on the OSGeo Board?", "Who is the most recent Sol Katz Recipient?"...

Sorry for hijacking this ticket on semi-tangential topics.

in reply to:  3 comment:7 by neteler, 12 years ago

Replying to warmerdam:

Understood. I find myself using our main mediawiki instance substantially less than I used to due to it's regular math challenges any time I put in a link.

The mediawiki was spammed to death otherwise: http://lists.osgeo.org/pipermail/sac/2011-September/003280.html (and related)

We may take the math challenges out as soon as the LDAP integration is implemented (same applies for the GRASS GIS wiki):

http://lists.osgeo.org/pipermail/sac/2012-March/003777.html
"[SAC] Time to move wiki logins to OSGeo Ids?"

but

http://lists.osgeo.org/pipermail/sac/2012-March/003778.html

comment:8 by strk, 9 years ago

User 'NewtonKing' is still present in the database, and it is the author of 6 version fo GeoNetwork trac WikiStart wiki pages which are still present in the trac database. No other artifacts from that user on any of the trac dbs.

Let me know if you want me to remove those 6 versions from the database.

Frank: given the password reset was 3 years ago, should it be time to _drop_ the user completely ?

comment:9 by strk, 9 years ago

Resolution: fixed
Status: newclosed

User was dropped

Note: See TracTickets for help on using tickets.