Wiki is being hammered by spammers

Wed Jan 13 02:00:36 CST 2016

On Tues, Jan 12 2006 at 12:42:09 CST, Rosanne DiMesio wrote:
> In the past hour, I've restored the Front Page three times, and deleted over two dozen newly created spam pages. Earlier, Alexandre deleted many more spam pages. Something needs to be done now.
Besides the day-to-day, I have another project on my plate right now so 
I can't really help much with the wiki right now. After seeing the 
emails over the past few days, I checked the RecentChanges page though, 
and it has become truly insane.

I can think of a few things we can do, but there's the issue of getting 
in touch with Dimi. When I started working on the wiki back in 2012, he 
was pretty quick to respond and helpful, but the few times I've tried 
emailing or CC-ing him since around 2014, I've never heard back. I get 
the feeling he's just totally swamped at his company or with other 
things in life; one of the developers that knows him well might need to 
get in touch by phone or in person.

As for what we can do, these come to mind...
1. Disable automatic account creation, at least for now. Unfortunately, 
at least for the version of Moinmoin we're still on, this is even 
grungier and more restrictive than it first sounds. There wasn't (and 
still isn't?!) a standard mechanism like "we'll notify the moderator and 
after looking over your email and IP, they click a button to send you 
your account info." You have to disable /all/ account creation through 
the wiki, and personally email the moderator, who then manually adds 
your account and emails you your info. There are apparently bits of 
orphaned code or plugins that may help, but I haven't tested any of 
them. The clearest docs I could find revolve around this page:
https://moinmo.in/FeatureRequests/DisableUserCreation

2. All the spam is bad enough. What genuinely unnerves me is that at 
least one page they tried to create causes an error in Moinmoin. Yes, 
it's annoying because the page doesn't load so it can't be deleted 
through the wiki, but what takes the cake is that it's giving debug 
output, with a traceback through the MoinMoin code /and/ certain system 
details about the server. Yikes! So we can just adjust the config file 
to disable that in our version of Moinmoin right? Well, that's where it 
gets worse; we're apparently one minor revision short of that fix (so we 
need to update first or patch it ourselves):
https://moinmo.in/MoinMoinQuestions/ConfigFiles#Disable_ErrorLogs_in_webbrowser.2C_enable_only_in_flat_files

3. Which leads to my 3rd suggestion. After we bandage up those problems, 
I have to nominate replacing MoinMoin with some other wiki-engine, 
especially if we plan on directing users to the wiki even more. I don't 
know if MediaWiki would be the best for us (long-run, I'm intrigued by 
some of the wiki-plugins I've seen for Django, Rails, etc.), but as the 
most battle-hardened and tool-rich (=> easy to import?) one out there, 
it might be a good stop-gap.

I've fiddled with Python way more than PHP, which is probably both cause 
and effect for my Pythonist biases, and I do like the way we could match 
the wiki theme with the rest of WineHQ (though at least in Moinmoin 
v1.5, the theming and particularly the hard-coded CSS handles could be 
really brittle). And it does seem lots of interesting work is being done 
on the Moinmoin-2.0 branch. Yet their stable docs are still a labyrinth, 
many of the useful features in 2.0 haven't been backported to 1.9, and I 
really don't know where they're trying to take the project anymore.

Anyways, sorry for the long email. If anyone has questions about 
patching or migrating the wiki though, I can try helping with tips and 
provide some old prototype scripts I've written. I just probably won't 
be able to get my own hands dirty writing code or testing for a while.

Oh yeah, I also wanted to say that restoring the front page from the 
Wayback Machine was really a master-stroke, Rosanne. When I first saw 
the email from Michael S. saying it had been wiped, I just thought, "I'm 
glad I'm not the one trying to fix that because I have no clue where to 
start."

Kyle