All the Perl that's Practical to Extract and Report

Perl QA wiki moved

brian_d_foy on 2007-05-06T05:15:00

The current Perl QA wiki has been attracting a lot of spam recently - and we seem to have lost contact with Tyler MacDonald who as far as I know is the only person with admin access to it.

So I've moved all the content to perl-qa.hexten.net and set it up so that only registered users may edit. It's a shame to have to restrict access in that way; certainly we'll get fewer drive-by contributions as a result. On balance it's better than the message that a spam-riddled quality (quality!) wiki sends I think.

Please update bookmarks / links accordingly.

Why not use a CAPTCHA?

streawkceur on 2007-05-06T07:46:26

If you'd implement a CAPTCHA to edit the wiki, the users didn't have to register and spam should be prohibited.

You're probably no PHP guy, but I guess that some CAPTCHA plugins for MediaWiki exist.

Re:Why not use a CAPTCHA?

fireartist on 2007-05-06T20:36:39

I've seen forum spamming software which can register a new account, successfully answer the captcha, respond to a verification email, and /then/ post the spam - all fully automatic.
If there's not yet similar software available for wikis, I'm sure it's not long coming.

I even heard about a website recently (can't remember the name) which pays people to answer captchas.

Re:Why not use a CAPTCHA?

streawkceur on 2007-05-06T20:48:48

It somewant explicitly wants to spam a certain site, it will be hard to fight that.

The attacker just has to register itself on the site and can now spam it.

But I assume that the QA wiki was a victim of random spam bots rather than trageted attacks. And most of those bots will be kept away by a CAPTCHA.

If the wiki was targeted by a specific attacker, the need for registration won't bring any cure to the problems.

Re:Why not use a CAPTCHA?

fireartist on 2007-05-07T07:45:51

I think the way the software worked, was that it used a search engine to find sites using forum software that it knew about - I imagine it would search for particular markup that's common to that software.
All it needs is a MediaWiki plugin, and any site using that software that google knows about is a potential target.

Re:Why not use a CAPTCHA?

streawkceur on 2007-05-07T13:51:07

So an obligatory registering step wouldn't hinder _this_ bot either.

If we conclude, that you cannot fight that intelligent bot, we don't have to think about that one any more.

To fight stupid bots, a CAPTCHA should be enough and even harder for a bot than registering on the site.
Additionally a CAPTCHA will be less work for the "drive-in" contributer, as no registration/check mail/log-in/repost is needed.

Re:Why not use a CAPTCHA?

bart on 2007-05-21T00:17:16

I've seen forum spamming software which can register a new account, successfully answer the captcha, respond to a verification email, and /then/ post the spam - all fully automatic.
Yes, I've seen it too, there was a demonstration video posted on Reddit.com some time ago. The full video (no description) can be found here.

I think CAPTCHA is less effective than registering because if you catch a user spamming, you disable his account. If somebody bypasses a captcha, you're powerless. All you can do is clean up the broken pieces.