Comments on: Twiki userpages spammed http://spamhuntress.com/2006/08/06/twiki-userpages-spammed/ Just another WordPress weblog Sun, 07 Sep 2008 15:15:43 +0000 http://wordpress.org/?v=2.0.7 by: Peter Thoeny http://spamhuntress.com/2006/08/06/twiki-userpages-spammed/#comment-29949 Mon, 07 Aug 2006 02:11:44 +0000 http://spamhuntress.com/2006/08/06/twiki-userpages-spammed/#comment-29949 The Spamhuntress blog on "TWiki userpages spammed" prompted me to write an overview on wiki spam on my own blog: <a target="_blank" onclick="return top.js.OpenExtLink(window,event,this)" href="http://www.structuredwikis.com/peter_2006-08-06.html">http://www.structuredwikis.com/peter_2006-08-06.html</a> The Spamhuntress blog on “TWiki userpages spammed” prompted me to write an overview on wiki spam on my own blog: http://www.structuredwikis.com/peter_2006-08-06.html

]]> by: Joe http://spamhuntress.com/2006/08/06/twiki-userpages-spammed/#comment-29947 Mon, 07 Aug 2006 02:00:18 +0000 http://spamhuntress.com/2006/08/06/twiki-userpages-spammed/#comment-29947 I know your focus is intranet, but there are many people using it on the web who likely aren't on your mailing list. I know I rarely sign up to mailing lists of software I use. We have been trying to raise the awareness of wiki spam for years but it isn't working well. Like comment spam, the only thing that will lessen the problem is wikis with better built in spam protection. Few have it. TWiki isn't targeted for the internet so it is somewhat understandable, but even the big ones like MediaWiki provide little protection by default. I know your focus is intranet, but there are many people using it on the web who likely aren’t on your mailing list. I know I rarely sign up to mailing lists of software I use. We have been trying to raise the awareness of wiki spam for years but it isn’t working well. Like comment spam, the only thing that will lessen the problem is wikis with better built in spam protection. Few have it. TWiki isn’t targeted for the internet so it is somewhat understandable, but even the big ones like MediaWiki provide little protection by default.

]]> by: Peter Thoeny http://spamhuntress.com/2006/08/06/twiki-userpages-spammed/#comment-29919 Mon, 07 Aug 2006 00:01:43 +0000 http://spamhuntress.com/2006/08/06/twiki-userpages-spammed/#comment-29919 The BlackListPlugin could be included in the distribution, however, it does not make sense for TWiki since its focus is the Intranet. To address the issue, we sent out several spam related alerts to the twiki-announce mailing list, and I sent personal e-mails to some site owners not on the list. Still, the awareness of wiki spam needs to be raised so that more site owners take actions. The BlackListPlugin could be included in the distribution, however, it does not make sense for TWiki since its focus is the Intranet.

To address the issue, we sent out several spam related alerts to the twiki-announce mailing list, and I sent personal e-mails to some site owners not on the list. Still, the awareness of wiki spam needs to be raised so that more site owners take actions.

]]> by: Joe http://spamhuntress.com/2006/08/06/twiki-userpages-spammed/#comment-29883 Sun, 06 Aug 2006 21:09:10 +0000 http://spamhuntress.com/2006/08/06/twiki-userpages-spammed/#comment-29883 Couldn't the BlackListPlugin be included and turned on in the default install? People on intranets who don't need it could easily turn it off. But it would protect those who use Twiki on the internet that aren't aware of the spam problem or the solution. Couldn’t the BlackListPlugin be included and turned on in the default install? People on intranets who don’t need it could easily turn it off. But it would protect those who use Twiki on the internet that aren’t aware of the spam problem or the solution.

]]> by: Spamhuntress » Blog Archive » The upload spammer http://spamhuntress.com/2006/08/06/twiki-userpages-spammed/#comment-29865 Sun, 06 Aug 2006 19:44:24 +0000 http://spamhuntress.com/2006/08/06/twiki-userpages-spammed/#comment-29865 [...] Spamhuntress Just another WordPress weblog « Twiki userpages spammed [...] […] Spamhuntress Just another WordPress weblog « Twiki userpages spammed […]

]]> by: Peter Thoeny http://spamhuntress.com/2006/08/06/twiki-userpages-spammed/#comment-29863 Sun, 06 Aug 2006 19:36:59 +0000 http://spamhuntress.com/2006/08/06/twiki-userpages-spammed/#comment-29863 Wiki spam is a growing problem. Spammers get more sophisticated; we fight back. Spam on TWiki sites is not new. To find out, please follow the the WikiSpam link located on the twiki.org homepage: http://twiki.org/cgi-bin/view/Codev/WikiSpam I disagree with your statement: TWiki developers do fight spam for a long time. TWiki has a BlackListPlugin that is quite effective, and we update the Plugin every time we disciver a new spam twist, such as redirects obfuscated in JavaScript eval. The BlackListPlugin fights spam on several fronts: * Multiple registrations in rapid succession * Multiple page saves in rapid succession * Saving text with known wiki-spam (spam list is maintained and shared by TWiki, MoinMoin and Mediawiki sites) * Attaching files with known wiki-spam * Attaching files with JavaScript eval * Manually maintained BLACKLIST of malicious IP addresses * Automatically updated BANLIST of IP addresses with suspicious activities * Registration form with magic number in hidden form field to make scripted registrations harder * Add a rel="nofollow" parameter to external URLs to defeat the purpose of spamming TWiki sites We strongly recommend owners of public TWikis to upgrade to the latest BlackListPlugin. But the reality is that there are many public TWiki sites that do not even have this Plugin installed. Thanks for raising the awareness on wiki spam! -- Peter Thoeny - peter AT structuredwikis DOT com - http://twiki.org/ Wiki spam is a growing problem. Spammers get more sophisticated; we fight back. Spam on TWiki sites is not new. To find out, please follow the the WikiSpam link located on the twiki.org homepage: http://twiki.org/cgi-bin/view/Codev/WikiSpam

I disagree with your statement: TWiki developers do fight spam for a long time. TWiki has a BlackListPlugin that is quite effective, and we update the Plugin every time we disciver a new spam twist, such as redirects obfuscated in JavaScript eval.

The BlackListPlugin fights spam on several fronts:
* Multiple registrations in rapid succession
* Multiple page saves in rapid succession
* Saving text with known wiki-spam (spam list is maintained and shared by TWiki, MoinMoin and Mediawiki sites)
* Attaching files with known wiki-spam
* Attaching files with JavaScript eval
* Manually maintained BLACKLIST of malicious IP addresses
* Automatically updated BANLIST of IP addresses with suspicious activities
* Registration form with magic number in hidden form field to make scripted registrations harder
* Add a rel=”nofollow” parameter to external URLs to defeat the purpose of spamming TWiki sites

We strongly recommend owners of public TWikis to upgrade to the latest BlackListPlugin. But the reality is that there are many public TWiki sites that do not even have this Plugin installed.

Thanks for raising the awareness on wiki spam!

– Peter Thoeny - peter AT structuredwikis DOT com - http://twiki.org/

]]>