[e-lang] wiki clock wrong? Also, access control...

[Kevin Reid]

On Jun 30, 2007, at 23:11, Mark Miller wrote:

> More interestingly, I notice that virtually all recent changes are  
> either made by spambots, or made by us to reverse the damage, and  
> to banish the accounts of the spambots. ... Should we instead shift  
> to requiring new accounts to be manually approved?

I think we should. If we do, we should make it clear that requests  
for accounts are not a big deal.

Using a captcha is also reasonable, *if* it helps (but we should make  
manual requests also an option in that case).

> Given that Wikipedia is clearly more of a target than we are, and  
> that they would seem to be even more vulnerable than we are (they  
> don't require a login before posting), I don't understand how they  
> survive. Can anyone explain how they handle these issues?

Speculation: Wikipedia does not actually get proportionally more --  
this particular attack seems to me to be spread across all  
MediaWikis. I haven't been watching Wikipedia's changes, though -- it  
would be hard to notice these in the volume of normal edits.

Also, I don't think they're significantly more vulnerable, in that  
account creation is only a constant factor more effort than anonymous  
editing.

Also, Wikipedia has far more editors and far more pages than we do,  
of course. What we don't know is whether the attack volume is more on  
Wikipedia, less on Wikipedia, or even per-page rather than per-wiki  
(e.g. search the web for MediaWiki pages and attack them regardless  
of wiki site).

Also, they may well ignore Wikipedia, e.g. if the intent is to spam  
small *unmaintained* wikis.

-- 
Kevin Reid                            <http://homepage.mac.com/kpreid/>