[pmwiki-users] Spam Defacement Protection
Sivakatirswami
katir at hindu.org
Fri Mar 4 10:56:50 CST 2005
I am just today setting up PMwiki on our public server, initially we
will be behind a simple .htaccess auth entry, usage will be for a
limited dev team, once they get past the apache dialog, all wiki pages
are open..
But our "future strategy" discussions get difficult when we discuss a
wiki that would probably be implemented as another field on a farm
(once I get my head around that) and wants to seek collaboration of
100's of individual's, or more, all over the world...
I'm advocating that we require registration and issue passwords, or at
least some very simple "gateway"... I tend to be cautious and place a
"high impact" value on a risk assessment issues like this. Others want
to make it open to the world based on the "conventional wisdom" that
"wiki's rarely get defaced." and "let's just see what happens, it the
site gets defaced, we will face it then."
I must be getting old, ad hoc development has bitten me too many
times.. I like to have some idea of where I'm going before I turn on
the engine.
So, we're kind of stuck there in terms of getting a functional
specification for a bigger wiki plan off the ground without being able
to settle this very basic first issue. We are not in a hurry on this
latter scheme... we have a lot to learn and will do our home work,
prototype hacking for a wiki structure, behind the .htaccess entry for
now... But I would appreciate early in the game insights on
1) likelihood of spamming-defacement ( pmwiki.org itself for example,
is wide open.) is the "rarely" still a valid truism? I think it is more
question of which kind of sites are "worthy targets" and which are not.
Put another way, for experienced wiki admins, how often do we as a
group, find ourselves wasting time dealing with the unfortunately
mishaps that are a consequence of leaving the wiki wide open?
2) Revert options for someone who doesn't know PHP... in the latest
version of PMWiki? Is it a simple matter now?
We want to delegate certain levels of admin to those actually
responsible for the content. In fact they want control because, they
don't want to have to keep coming to me to implement anything. These
are non-programmers.. who want to implement the wiki within the
parameters of what they themselves can do.. which is a good thing... (
I still intend to get some kind of forms going for them so that not all
the data is totally unstructured... )
But, if they tell me "gosh, the site got spammed, how do we revert
back" I'm hoping I can give them a simple path that doesn't require a
lot of PHP knowledge... If reversion is *not* simple, and experienced
admins tell us "it's happening, you will have to deal with it... don't
think you won't" then we'll probably go for some level of initial
access protection.
Any other insights will be helpful...I'm sure this is a common
question. and there is nothing like the wisdom of experience.
Sivakatirswami
Himalayan Academy Publications
www.HimalayanAcademy.com,
www.HinduismToday.com
More information about the pmwiki-users
mailing list