The user creation spam seems to be trendy these days. Since we are a small community and we need to authorize one user at a time, I want to propose a new rule that will stop the spamming completely: normal user creation is removed and becomes on invite only.
Some people may thing that it may be drastic but if you really think about it, we are a small community and if you don't have a nesdev account, you cannot write on the wiki. Which mean usually the relationship with the BBS and the wiki is 1 to 1.
If people are fine with it, this is just one simple setup to change. After that, users that want an account request the wiki admins and we will create the account with a temporary password.
As long as there's more than one admin responsible for creating accounts. I've seen too many cases where a wiki or forum that I want to join has closed sign-up and no obvious way to contact an administrator.
There are MediaWiki extensions to use phpBB login, but with two problems: 1. most of them require phpBB 3, and 2. I don't know if any of them support a minimum post count.
I'm going to do an experiment on my own wiki over the next week, involving the AbuseFilter extension, to see if I can figure out how to thin out the new user spam in Recent Changes.
I saw this thread, I was just too busy to comment on the subject. Sorry about that. Now I want to do something about it.
tepples wrote:As long as there's more than one admin responsible for creating accounts. I've seen too many cases where a wiki or forum that I want to join has closed sign-up and no obvious way to contact an administrator.
I see your point but in our current state, we need to put new users in the trusted group,which mean if all admin disappear, the problem you mention would still occur. If all 4 of us are gone, that would be a major blow to nesdev You shouldn't worry too much about that scenario. Worst case, people can extract the xml and start a new wiki.
Until we can replace the phpBB 2 board with a phpBB 3 board so that we can unify login, I have a short list of extensions I'd like installed: SpecialInterwiki, AntiSpoof, and AbuseFilter. I've been using these extensions to help control spam on my own wiki, and I've been working on an ABUSE filter rule that cuts user creation log pollution in half.
Another question: Do we want to block all users in Asia? I've been told that a user living in Japan can no longer edit.
You misunderstood my pm: I cannot access the SSH server for updating the wiki application from a non static asian IP because of the current security rule to protect the server. When I need to do so, I ask Koitsu to allow my current IP.
Filter won't be of any help since we have a rule of nobody can create contents until they are approved. So "approving a user on the bbs then creating an account by the wiki admin" or the "user ask us to be in the trusted group then the admin add him to that group" is the same thing, just written differently. The first way, there is no possible way to make spam at all. I just don't want to go back to the recapcha thing again.
Until we have phpBB 3 installed AND some rule to avoid spammer in the first place, my solution in the simplest and can be effective right away. Adding a single sign-on is nice but without proper spamming rule we are just going to open the Wiki to spamming again and I don't want to go back to that since these days I don't have much time to admin it, thus the current issue at hand.
You're welcome. I should have acted earlier, I was just too busy with life. Sorry about that. You need to thanks Tepples for updating the setting on the server since I cannot access the wiki SSH for now.
In the future we need to think about a better solution, like the proposed single sign-on for phpBB 3. Right now, since not many real users are created on the wiki, I guess we can still cope with the extra work.
Banshaku wrote:... since I cannot access the wiki SSH for now.
Let me know privately what your IP is and I'll add exceptions like last time. (I should note we now have a server admin who's in Japan for 3 months, so I'm probably going to have to add more exceptions of this nature soon anyway)
