[pmwiki-users] Spam Defacement Protection

Sivakatirswami katir at hindu.org
Fri Mar 4 10:56:50 CST 2005 

I am just today setting up PMwiki on our public server, initially we 
will be behind a simple .htaccess auth entry, usage will be for a 
limited dev team, once they get past the apache dialog, all wiki pages 
are open..

But our "future strategy" discussions get  difficult when we discuss a 
wiki that would probably be implemented as another field on a farm 
(once I get my head around that) and wants to seek collaboration of 
100's of individual's, or more, all over the world...

  I'm advocating that we require registration and issue passwords, or at 
least some very simple "gateway"... I tend to be cautious and place a 
"high impact" value on a risk assessment issues like this. Others want 
to make it open to the world based on the "conventional wisdom" that 
"wiki's rarely get defaced."  and "let's just see what happens, it the 
site gets defaced, we will face it then."

  I must be getting old, ad hoc development has bitten me too many 
times.. I like to have some idea of where I'm going before I turn on 
the engine.

So, we're kind of stuck there in terms of getting a functional 
specification for a bigger wiki plan off the ground without being able 
to settle this very basic first issue. We are not in a hurry on this 
latter scheme... we have a lot to learn and will do our home work, 
prototype hacking for a wiki structure, behind the .htaccess entry for 
now... But I would appreciate early in the game insights on

1) likelihood of spamming-defacement ( pmwiki.org itself for example, 
is wide open.) is the "rarely" still a valid truism? I think it is more 
question of which kind of sites are "worthy targets" and which are not. 
Put another way, for experienced wiki admins, how often do we as a 
group, find ourselves wasting time dealing with the unfortunately 
mishaps that are a consequence of leaving the wiki wide open?

2) Revert options for someone who doesn't know PHP... in the latest 
version of PMWiki? Is it a simple matter now?

We want to delegate certain levels of admin to those actually 
responsible for the content. In fact they want control because, they 
don't want to have to keep coming to me to implement anything. These 
are non-programmers.. who want to implement the wiki within the 
parameters of what they themselves can do.. which is a good thing... ( 
I still intend to get some kind of forms going for them so that not all 
the data is totally unstructured... )

But, if they tell me "gosh, the site got spammed, how do we revert 
back" I'm hoping I can give them a simple path that doesn't require a 
lot of PHP knowledge... If reversion is *not* simple, and experienced 
admins tell us "it's happening, you will have to deal with it... don't 
think you won't"  then we'll probably go for  some level of initial 
access protection.

Any other insights will be helpful...I'm sure this is a common 
question. and there is nothing like the wisdom of experience.

Sivakatirswami
Himalayan Academy Publications
www.HimalayanAcademy.com,
www.HinduismToday.com

More information about the pmwiki-users mailing list