From mboxrd@z Thu Jan 1 00:00:00 1970 X-Msuck: nntp://news.gmane.io/gmane.comp.tex.context/82078 Path: news.gmane.org!not-for-mail From: Aditya Mahajan Newsgroups: gmane.comp.tex.context Subject: Re: [wiki] fake account spam Date: Thu, 25 Apr 2013 13:46:32 -0400 (EDT) Message-ID: References: <20130405134301.GA4807@phlegethon> <20130406145315.GA7808@phlegethon> Reply-To: mailing list for ConTeXt users NNTP-Posting-Host: plane.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; Format="flowed" Content-Transfer-Encoding: 7bit X-Trace: ger.gmane.org 1366912004 26920 80.91.229.3 (25 Apr 2013 17:46:44 GMT) X-Complaints-To: usenet@ger.gmane.org NNTP-Posting-Date: Thu, 25 Apr 2013 17:46:44 +0000 (UTC) Cc: Taco Hoekwater To: mailing list for ConTeXt users Original-X-From: ntg-context-bounces@ntg.nl Thu Apr 25 19:46:48 2013 Return-path: Envelope-to: gctc-ntg-context-518@m.gmane.org Original-Received: from balder.ntg.nl ([195.12.62.10]) by plane.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1UVQFn-0004s8-Qg for gctc-ntg-context-518@m.gmane.org; Thu, 25 Apr 2013 19:46:43 +0200 Original-Received: from localhost (localhost [127.0.0.1]) by balder.ntg.nl (Postfix) with ESMTP id 4D32F101E8; Thu, 25 Apr 2013 19:46:43 +0200 (CEST) X-Virus-Scanned: Debian amavisd-new at balder.ntg.nl Original-Received: from balder.ntg.nl ([127.0.0.1]) by localhost (balder.ntg.nl [127.0.0.1]) (amavisd-new, port 10024) with LMTP id 8j7aS1VPzBYV; Thu, 25 Apr 2013 19:46:41 +0200 (CEST) Original-Received: from balder.ntg.nl (localhost [IPv6:::1]) by balder.ntg.nl (Postfix) with ESMTP id 2D091101E4; Thu, 25 Apr 2013 19:46:41 +0200 (CEST) Original-Received: from localhost (localhost [127.0.0.1]) by balder.ntg.nl (Postfix) with ESMTP id D168E101E4 for ; Thu, 25 Apr 2013 19:46:39 +0200 (CEST) X-Virus-Scanned: Debian amavisd-new at balder.ntg.nl Original-Received: from balder.ntg.nl ([127.0.0.1]) by localhost (balder.ntg.nl [127.0.0.1]) (amavisd-new, port 10024) with LMTP id T4aBqUYYJqWt for ; Thu, 25 Apr 2013 19:46:38 +0200 (CEST) Original-Received: from filter5-til.mf.surf.net (filter5-til.mf.surf.net [194.171.167.221]) by balder.ntg.nl (Postfix) with ESMTP id 6C1D3101E0 for ; Thu, 25 Apr 2013 19:46:38 +0200 (CEST) Original-Received: from hellskitchen.mr.itd.umich.edu (smtp.mail.umich.edu [141.211.14.82]) by filter5-til.mf.surf.net (8.14.3/8.14.3/Debian-9.4) with ESMTP id r3PHkZUN030126 for ; Thu, 25 Apr 2013 19:46:36 +0200 Original-Received: FROM Decentralized.ECE.McGill.CA (Decentralized.ECE.McGill.CA [132.206.69.142]) By hellskitchen.mr.itd.umich.edu ID 51796BF9.6266B.5762 ; Authuser adityam; 25 Apr 2013 13:46:33 EDT In-Reply-To: User-Agent: Alpine 2.02 (LNX 1266 2009-07-14) X-Bayes-Prob: 0.0001 (Score 0, tokens from: @@RPTN) X-CanIt-Geo: ip=141.211.14.82; country=US; region=MI; city=Ann Arbor; postalcode=48109; latitude=42.2923; longitude=-83.7145; metrocode=505; areacode=734; http://maps.google.com/maps?q=42.2923,-83.7145&z=6 X-CanItPRO-Stream: uu:ntg-context@ntg.nl (inherits from uu:default, base:default) X-Canit-Stats-ID: 0WJshKzJt - 75b366931d6a - 20130425 (trained as not-spam) X-Scanned-By: CanIt (www . roaringpenguin . com) on 194.171.167.221 X-BeenThere: ntg-context@ntg.nl X-Mailman-Version: 2.1.14 Precedence: list List-Id: mailing list for ConTeXt users List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: ntg-context-bounces@ntg.nl Original-Sender: ntg-context-bounces@ntg.nl Xref: news.gmane.org gmane.comp.tex.context:82078 Archived-At: On Thu, 25 Apr 2013, Sietse Brouwer wrote: > We're getting 3-12 new accounts created per day. If nothing else, > they're cluttering up the recent changes list. > > I think it's a good idea to update the security questions --- it's > easy to do, it'll probably work, and we can always move on to stronger > measures that require more work. Below are some replacemetn questions. > > * If you have a log of which questions get answered correctly, > perhaps only rotate out the bad question(s); > * If finding the cracked questions is nontrivial (i.e. more work than > 'just open the log file and see which ones get answered every day'), > just replace them all. > > If this works, hooray; if it stops working, we can either change the > questions again (if the spammers took long to get through) or move on > to e.g. the ConfirmAccount extension [1,2] (if the questions got > cracked quickly, so we are getting 'human' attention from the spammer > instead of his bots). Confirm account means that a new user will not be able to quickly correct typos etc. Isn't there a simple way to add a captcha to mediawiki. I am not a big fan of Captchas, but the are the de facto standard for human verification. A user only has to do it once, so it is not too big of an annoyance either. Aditya ___________________________________________________________________________________ If your question is of interest to others as well, please add an entry to the Wiki! maillist : ntg-context@ntg.nl / http://www.ntg.nl/mailman/listinfo/ntg-context webpage : http://www.pragma-ade.nl / http://tex.aanhet.net archive : http://foundry.supelec.fr/projects/contextrev/ wiki : http://contextgarden.net ___________________________________________________________________________________