Wiki mailing list

[Tim Slagle]

I set up a Google Group for discussions on the HacDC Wiki:
https://groups.google.com/a/hacdc.org/group/wiki

I thought it was better to use a mailing list than the discussion tab
on a page on the wiki itself, just because we use lists for other such
things, and the list can live on after the current 2012 cleanup
effort. If you are getting this email you are on the list, or even an
owner. I'll also post an announcement on Members and Blabber for
others who might want to sign up.
--Tim

[Nick Mapsy]

Sounds like a good compromise. Better than spamming all of blabber.

First thing I'm wondering about: is the CheckUser extension installed on the wiki?

I ask because there's like a dozen spam users being registered every day on the wiki, and the CheckUser extension lets us easily see the IP addresses used by registered users. I thought it'd help investigating this phenomenon.

Also, almost all these spam accounts which follow the same pattern: FirstnameLastname[three digits]. As a more longterm project, it'd be great to reject any registration of a username fitting that pattern (two camelcase words followed by three digits: m/([A-Z][a-z]){2}\d{3}/). For legit users who might want such a username, we can just tell them that because of spam problems they'll have to choose another name.

Nick

[ITechGeek]

I'll have to play w/ the permissions, it's suppose to be anyone w/ a
verified email address is part of the EmailConfirmed group which
doesn't seem to be happening.

Permissions by group: http://wiki.hacdc.org/index.php/Special:ListGroupRights

[ITechGeek]

Change log: http://wiki.hacdc.org/index.php/Special:Log

[Nick Mapsy]

It doesn't look like there's a CheckUser category (or an IP lookup right). Is there any way to find that information? Who knows if it'll provide much information, since the spammers are surely using proxies or botnets, but maybe there are patterns.

What about blocking creation of usernames that match certain patterns?

[ITechGeek]

Compile a list of modules you are interested in seeing added to our
wiki, we can look through them, discuss them, and if everyone agrees,
I can install them.

[Tim Slagle]

Would it be less work to limit who can create an account on the Wiki
have admins add people manually than to deal with all the spammers?
Maybe we can create accounts automatically for new HacDC members and
add them on request for everyone else. I don't see why the wiki has
to stay open to the world at large given the reality of spam.
--Tim

On Mar 29, 3:07 pm, Nick Mapsy <nma...@gmail.com> wrote:
> Sounds like a good compromise. Better than spamming all of blabber.
>
> First thing I'm wondering about: is the

> CheckUser<https://www.mediawiki.org/wiki/Extension:CheckUser>extension

> installed on the wiki?
>
> I ask because there's like a dozen spam users being registered every

> day<http://wiki.hacdc.org/index.php/Special:Log/newusers>on the wiki,

[ITechGeek]

I'm wondering if we can utilize APIs and create a web form that BOD
members can create Wiki/WP/Google Apps accounts from one web form and
members can create Wiki/WP accounts from that same web forms.

[Eric Miller]

I agree - I was thinking we could have a special code on the signup page that we just distributed on the mailing list or via email//personal contact.  The backend would be trivial in php (if $val = "12345")..

[Eric Miller]

Also can you make my account an admin? uid=Eric

Another thought on the user cleanup, I am hoping we can correlate page authors/editors with users and then delete anyone who has not contributed.

[Nick Mapsy]

Hmm, actually I think given how hard it is to get anyone to maintain the wiki at all, it's a bad idea to remove the ability of anyone to sign up on their own. The spam isn't actually a big problem at the moment. It's just that the user creation spam is annoying and gums up the list of users so it's hard to find the list of actual registered humans.

Also, we apparently haven't tried the obvious first step, which is to add reCAPTCHA on registration. It seems that even though the reCAPTCHA extension is installed, all you get on registration is a weak "enter the result of the equation below" "32 - 7 = ___".

Nick

On Thu, Mar 29, 2012 at 3:42 PM, ITechGeek <i...@itechgeek.com> wrote:

[Nick Mapsy]

Eric, that's an interesting idea, using something communicated through another channel. Of course, it'd be great to have it not be too confusing to figure out. A visitor to the wiki should really be able to click on "register" and be able to figure out, from there, what they need to do and where to get it. Hopefully without waiting for another email. But again, I'd advocate waiting until we see if a CAPTCHA would cut down on it.

So is it possible to make small modifications to things like the php code and html templates? Because something I've found pretty effective in fighting spam on my own site is to use a honeypot hidden input field thingy. It's a text input field with a label like "website" that's hidden via CSS (ideally through a linked stylesheet, far from the actual element). It doesn't show up to humans using a browser, but it shows up to bots reading the html. Like clockwork, they fill it out, I detect a value in that field, and block it.

All the same, I say let's hold off on the drastic measures for now, given that there are simpler things we've yet to try and the spam isn't actually disruptive.

Nick

[ITechGeek]

Eric, done.

Everyone,
This weekend, I'll look into making it so that after you sign-up, your
email account is confirmed, then you can edit/create pages.

As far as pulling information from the Wiki, I can directly access the
database if someone would like a specific query of information
(cleaning through the database isn't the best way of doing things).

[ITechGeek]

Template is editable.

[Nick Mapsy]

I don't know how the database is structured, but it would probably be a good start just to see the IP addresses that registered the last 100 users or so. If that's possible.

So if the template is editable, does it seem possible to do something like I described, inserting a stylsheet-hidden input field and checking if the user/bot fills it in?

Nick

[ITechGeek]

Yeah

[Tim Slagle]

I see ~150 spam deletions since the beginning of the year, Katie has
been doing most of them (thanks!)
http://wiki.hacdc.org/index.php?title=Special:Log&limit=250&type=delete
And we have 1500 spammer accounts. I would tend to say that we do
have a spam problem.

Time spent cleaning up spam could be better used for adding content or
improving organization. Here's how to restrict account creation:
http://www.mediawiki.org/wiki/Manual:Preventing_access#Restrict_account_creation
People request an account (or join as members), admins enter their
info, system emails them a password that they change on first login.
This also verifies their email address.
--Tim

On Thu, Mar 29, 2012 at 4:28 PM, Nick Mapsy <nma...@gmail.com> wrote:

[Nick Mapsy]

I'm just worried about further discouraging use of the wiki. The main problem we're facing at the moment seems to be outdated information from a lack of editing, not spam, right? So I'm just seeing if we could first just try adding a captcha to the registration process. It's not even captcha'd at the moment!

It's like we were discussing with the video camera - it doesn't seem like such a huge step to do a little postprocessing on recordings, but putting more steps in-between filming and uploading drastically reduces the likelihood of classes ever making their way to the public. I think there's the same principle with barriers to editing.

Nick

[Tim Slagle]

If we want to encourage people to use the wiki, we should make wiki
accounts for all current members, and new members when they join. We
could also post on the Blabber list asking anyone else who wants a
wiki account to email an admin with their login info. Wiki editors who
are not members or on Blabber are most likely spammers!

I think our spam level isn't a problem because Katie has been deleting
it all for us. She just got back, I'd be interested in what she has
to say (once she gets back to EST).
--Tim

[mirage335]

From what I've seen/heard, custom challenge response authentication is
*strong*. The problem is that the default questions are weak and/or
pretty much pubic knowledge (the enemy knows the system). I suggest
using QuestyCaptcha (see http://www.mediawiki.org/wiki/Extension:ConfirmEdit),
credit to badon@#medi...@irc.freenode.net .

Beyond that, I'm not sure what I can/should do to the wiki, being
fairly new around here. Give me an idea what to work on, and I'll
probably do it. If there is one idea I already have, it is that the
tooling should have category pages (eg. try finding the CNC Mill page
without using search). For now, I'm gradually cleaning up and adding
tooling documentation as I discover changes need to be made (eg.
recently added some stuff to the CNC Mill page, will probably add an
SMD soldering tutorial soon).

[Nick Mapsy]

I just remember that I registered on the wiki before I even became a member, which is probably why I'm advocating to keep that action simple. But I can compromise if you really want to make them go through an approval process, at least for the non-members. Pre-making an account for each member is a cool idea.

I kinda think the anti-spam system is already working as it should, since on a wiki, the anti-spam system just consists of people removing spam. It doesn't seem that bad if a single person can handle it. But I'd be happy to help Katie with the spam-fighting and make it half the job it already is. In fact, I'd prefer it to this BOD "moderator's spam report" thing. Hopefully with a stronger CAPTCHA and me helping out (and I guess moderated registrations), it'll be a light job.

As for organizing the wiki and making things discoverable, I've been thinking of making a sort of overview page that links to some essential articles, including some that have more lists of things like classes and organization info. Basically a tree of pages that link to every article at some point. With the size of our wiki, I think it's actually doable.

Basically, this can be the same as the idea with the categories, except we'll add some description text to the category pages and link them together in a hierarchy. In fact, using category tags will make it much easier to add new articles to this tree.

Nick

[Eric Miller]

I'd like to only implement a strong captcha.  Let's hold off on any draconian measures for now.

Nick as for your organizing thoughts those sound great.  I believe they intersect with the Outline page Tim is working on?