MJ Ray wrote: >Paul Wise <p...@debian.org> >> On Tue, Oct 16, 2012 at 5:28 PM, MJ Ray wrote: >> >> > This is a bug. http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=678540 >> >> I agree, reCaptcha is suboptimal but the alternative is for the wiki >> team (1.5 persons) to revert lots of spam daily instead of one or two >> per week. If you have an anti-spam mechanism that is as effective as >> reCaptcha then we would love to hear about it. > >This is topic-drift, so only a short reply: reCaptcha is not "an >anti-spam mechanism". It does nothing to test whether a submission is >spam or a submitter is a spammer. It is merely a physical ability >test that is failed by a group which includes most spam robots and >some software-assisted humans. It works a bit, but is evil. > >http://wiki.debian.org/DebianWiki/DealingWithSpam doesn't look >current, so I don't know what anti-spam mechanisms are actually >installed, but things like rate limits and a moderation queue may help.
The main thrust of our anti-spam strategy is: * require people to have accounts to be able to edit (create/change/rename etc.) pages in the wiki * control account creation so that spammers either don't create them in the first place, or we disable accounts when we detect spam attacks. Recaptcha is simply one of several methods that we've used to limit account creation. I've also added moin support for requiring email verification to limit throwaway account creation. This helped a fair amount for a short while, but the spam bots have been getting more and more sophisticated and simply started using throwaway hotmail/gmail/wherever email addresses to get around that. So I re-enabled recaptcha again and it helped. Most recently, I've added local filtering at account creation time to pick up on various patterns (email address, username, source IP, etc.) and block account creation altogether for the more obvious spammers. This *has* been very successful, modulo the occasional false positive. Given that, I've disabled recaptcha again for new account creation and I'll monitor the effects for the next few days. Hopefully things will stay under control now. Nobody *likes* using recaptcha, agreed... Your other suggestions for anti-spam are common suggestions, but (in my opinion) not likely to work. Rate limits are difficult to enforce with spamming scum using bots located all over the world to create random pages; moderation is very labour-intensive when we're perpetually short of admin time already... -- Steve McIntyre, Cambridge, UK. st...@einval.com "We're the technical experts. We were hired so that management could ignore our recommendations and tell us how to do our jobs." -- Mike Andrews -- To UNSUBSCRIBE, email to debian-www-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/e1to7jc-00070z...@mail.einval.com
