On 13 December 2012 18:34, Rob Weir <robw...@apache.org> wrote: > On Thu, Dec 13, 2012 at 12:15 PM, TJ Frazier <tjfraz...@cfl.rr.com> wrote: > > On 12/13/2012 09:14, janI wrote: > >> > >> I give +1 for the list and the WIKI account part, then we can see over > >> time, if web discussions naturally move to that list. > >> > >> Jan. > >> > > "By request" account creation on the wiki is a fine short-term solution > for > > the spammer problem (until the upgrade). In the long run (after the > > upgrade), IMHO it is unnecessary and unacceptable. AOO doesn't need this > > anywhere else, Wp doesn't need it, and our wiki shouldn't, either. > Running > > on an up-to-date platform, we should be able to find some technology > which > > suits our users' needs, and keeps the spam down (not completely, but > nothing > > will). > The upgrade alone does not change the spam possibility, but it is correct there are several techniques out there that can effectively help us.
> > > > A little forensic research on those thousands of spam accounts might > show us > > what we do need. What kind of email addresses did they use? We used to > have > > some local code to prohibit the "public drop box" email sites, as well > as a > > RECAPCHA for account creation and for external-link saves. Did any of > that > > make it through the move to Apache? Checking links might be expensive, > since > > it would have to be done on every save, but account-creation checks > should > > only be invoked on account creation. > We still have code in there to stop "public drop box) email sites. The RECAPCHA is NOT in there anymore, but that would be a NICE feature (do you happen to know which extension was used?). The editor actually checks for external links, and if your page contains a link, you are requested to answer a simple math. question. It is important to notice that about 80% of the spam account, did not try to make a page...they simply tried to fill our account log, to make the site go down (a variation of "service denial" attach"). > > > > If the account requests go away, so does the admin ML. Probably a good > > thing. > I do not quite see it so, I for one believe it would be good to have a place where we solely discuss web issues since it goes across all other mailing lists. > > > We don't need a long-term solution to a short-term problem. But if > this is going to continue indefinitely, it might be worth having the > admin address. > I am sorry, but spam is a very long time problem and it getting worse. There are simply too many out there, why get merit by shutting down a site. > Remember, each request is impinging on volunteer's attention in four ways: > > 1) Since requestors are not subscribed, their requests end up in list > moderator's inbox and need to be approved > > 2) Request is then becomes noise on the dev list > > 3) Admin then needs to act on the request > > 4) Admin confirms request, which is more noise on the list > > Since we're soon going to start up the doc effort, with a call for > volunteers there, and there is some talk of using the wiki for future > documentation, I'm expecting the wiki account request rate to get > higher. > > Maybe there are other/better ways of handing this? Requests via > Bugzilla? Of course, if this is a short-term problem... > I will find a solution, given a bit of time, and less discussions in here. > > -Rob > > > > > > /tj/ > > > > > > >
