[Pmwiki-users] Re: hackers: Another good reason for authentication

Steven Leite steven_leite
Thu Jun 17 22:16:49 CDT 2004


That's a good idea, but to improve on that idea a bit, I would create a
custom template for the Main/WikiSandbox page.  The only difference
between the default site template and this template would be the text at
the top of the page reading:

"This page is password protected.  The edit password is "xxx".

This will prevent people from messing with the same message if you had
typed it in the wiki's page text instead.

--

Other good idea's I've seen include:

* auto resetting the wiki.d/Main.Sandbox page every xx minutes (after
the last edit)
* using robots.txt to instruct search bots NOT to index the Sandbox page
(doesn't help prevent spam, but at least the spammer will be wasting
their time, at least on that one page).
* looking at the HTTP_REFERRER to see if it's a browser or bot.  If it's
a bot, don't allow edits, or if an edit is attempted, just redirect to
the same page (instead of bringing up the edit dialogue).
* ip banning (counter-attack after abuse has already occured)
* preventing external links (requiring admin to approve/disapprove links
before they are allowed in the wikitext).

If anyone can think of other approaches, add them to this list (or
create a page on the PmWiki website).  Understanding the problem
clearly, will help a lot in trying to come up with ideas and methods to
fix the problem.

Cheers,

-S


On Thursday, June 17, 2004 12:50 PM [GMT+1=CET],
Albi Rebmann <albi at life.de> wrote:

> Crisses schrieb:
>
>> As much as I dislike having to have passwords to protect every wiki,
>> a good authentication scheme will prevent the robots from messing
>> with the wikis.
>
> If you have problems with Spam, just enable password and write the
> password on the webpage. A human will read ist, but a spambot may not
> know what it is for.
>
>
> ALBI...




More information about the pmwiki-users mailing list