wiki spam

[jeffy]

Hi gang,

The wiki has a spam problem. We're getting an average of something like 3-5 a day which doesn't sound like much until a lot of days have gone by and you have to do the 8 or 9-step process to delete the garbage and ban the user for each and every one of them.

Ed and I have been keeping up with it, but it's disheartening when most days the only new changes are spam.

I've poked around a little on the mediawiki sites and it looks like there isn't really a friendly and effective solution. There are blacklist plugins, but spammers are endlessly inventive and wiki admins are overworked under-timed. (The main suggestions are requiring accounts for editors and implementing captchas, both of which we have done and we still get spam.)

It looks to me like the easiest and most effective remedy for a wiki of our size and activity would be to lock down account creation so that an admin has to create new accounts on request. This would happen much less often than the spam for our wiki, and would replace an unhappy chore with a happy one. We'd have to go through and nuke all of the spam accounts out of our existing user list of over 1000 names, but that'd be a finite task we could kill off in a couple of hours with some volunteer time.

Anybody got an opinion or alternate solution?

[jimsmyth]

Works for me.

Of course, I already have my wiki account, but still, there's not much in new posters here.

Could we leave it open for read-access, but require an account for updates?  (Actually, isn't it that way already?)  That would let new readers catch up on the info, which would be their first need.

Only other thing I can think of is putting a note somewhere so readers who want access know what to do, even if they don't come to the message board.

[Elizabeth Bear]

This seems like a viable solution to me.

hacking around the spam issues have become the chief maintenance sink here and there. :-P

[jeffy]

Works for me.

Of course, I already have my wiki account, but still, there's not much in new posters here.

Could we leave it open for read-access, but require an account for updates?  (Actually, isn't it that way already?)  That would let new readers catch up on the info, which would be their first need.

Only other thing I can think of is putting a note somewhere so readers who want access know what to do, even if they don't come to the message board.

Yes, the site would remain read only without an account as it is now.

Definitely a good idea to have a note in large friendly letters telling people how to get an account if they want one.

Here's the section of the mediawiki manual that shows how to do this.
http://www.mediawiki.org/wiki/Manual:Preventing_access#Restrict_account_creation

Simple change to LocalSettings.php. Looks like it would also be convenient to add  $wgEnableEmail=true so manually created users can get their randomized new password emailed to them. There's a plugin that supports having a user approval queue but if that's too much trouble (wouldn't surprise me) I'd be willing to expose an email address for folks to use to request an account. All the spammers already know me ;-)

Let us know whenever the webghoul can get around to it. Thanks!