2008/05/01 – Javascript included Spam is going wild again. The script jumps to the spammer Home Page automatically. Should Javascript be acceptable?. I doubt it. To Edit the pages I type directly the URL + /versions/new and delete the contents but I can’t delete page completely.
Tuqui
2007/07/22 – The spam is still a problem, despite the BrainBuster CAPTCHA being turned on. I’ve noticed that links are being changed to point to spam sites, but their titles are left intact. For an example, see the DhtmlCalendar link at the bottom of this page:
http://wiki.rubyonrails.org/rails/pages/CalendarHelper/versions/57
Or the “Minimal configuration” link on this page:
http://wiki.rubyonrails.org/rails/pages/DynamicCalendarHelper/versions/33
2007/02/10 – Chad Johnson added Rob Sanheim’s CAPTCHA to the wiki (once we had reconstructed the right version of i2 to apply it to), and Ben Rockwood deployed it today. Dieter Komendera has produced a variant of Jim Weirich’s Ruse wiki that handles Textile markup, and Chad produced the database transformation scripts needed to bring data across from the old wiki to the new. Chad has also produced CSS styles for Ruse to match the Rails wiki. I am cleaning bad pages and spam versions out of the database. We need to test (and if necessary optimise) Ruse performance before moving to Ruse, and I hope the CAPTCHA will bring things back under control for the time that takes. Spamming has been incredibly heavy recently – 3000 updates/day. The wiki does have blocking of bad patterns and IP addresses in mod_security (and in a banned_ips list checked by i2), and when I looked at the effect of these in December they were blocking 80% of POSTs. Of the IP addresses spamming in a recent week, only 40% would have been caught by the dnsbl_check plugin. So – that’s where we are, and where we are going; sorry it has taken so long.
-Justin Forder
2007/02/05 – Just rolled back another spammed “HelpFightSpam” page so no effect so far from any efforts – sorry.
2007/02/04 – Can we have confirmation of that migration effort that’s supposedly under way?
It’s great to read that it is but I would like confirmation that someone is really doing something about it. I could spend some time doing it myself with a team of volunteers but it wouldn’t make sense to duplicate someone else’s efforts. Please, confirm.
-CFR
2007/01/28 – There is an effort underway as reported by DHH on a recent blog post:
"DHH on 28 Jan 18:05:
Hi Ben, there’s a group of people working on converting the Rails wiki over to Ruse. Hopefully it’ll be ready soon."
2007/01/25 – The situation is hopeless. The maintainer of the wiki hasn’t responded in months. Will someone fork this wiki to another site?? the bots come every hour or so; what’s the point of manually rolling back?
2007/01/17 WARNING- There are numerous pages now filled with porn links, obliterating the useful text that used to be here. Furthermore, there appear to be automated spam updates, because the pages get almost immediately overlaid after they are fixed!
I don’t know how to fix it, but there seem to be several ideas below… hopefully someone will take heed who has the horsepower, otherwise, this wiki will simply become useless (E.g., bad links from “LoginGenerator” page and from the RailsEngines pages…)
There is a plugin which filters based on dns blackhole lists.
WHOEVER IS FEELING RESPONSIBLE FOR THIS WIKI AND HAS THE RIGHTS TO DO IT: PLEASE INVEST THE 5 MINUTES TO INSTALL THIS PLUGIN AND MAKE OUR LIVES BEARABLE!
PLEASE, DO SO, IT’S REALLY ANNOYING/UNUSABLE AS IT IS NOW !!!
—
My Proposition:
http://wiki.rubyonrails.com/rails/pages/HowtoSecureFormsWithNoisyImages
well simplest way, also you have damn how-to on your wiki, why not put it to use ?
Rolling back is now a major pain as the Wiki pages are being blanked out by some automated process. I have just rolled back 3 pages. Each had over 70 blank revisions. This just takes too long. Who does run the Wiki? Pull your finger out. The community can only do so much.
wibble
—-
It seems some people are working on getting it fixed: http://groups.google.ca/group/ruby-talk-google/browse_frm/thread/7b4e3271fcc99451/818c8a33ff1e4a64#818c8a33ff1e4a64
Who wants write a counter-bot to rollback? :P
—-
Thank you for that update. I look forward to the new Wiki :) wibble-
-
Idea How about you take down the wiki. Setup a mailing list and we all describe what to do. I dont like having to keep rolling back a page so how about we found out a way to fix the problem then bring it back online with a fix of some type and then rollback pages. – Jeff
Im thinking lock the pages and implement logins of some sort. I just had to rollback the page about Fighting Spam… – Jeff
—
This wiki is a joke! Its amazing what a poor example it is setting for the Rails community. I find it unbelievable that the official Wiki for Ruby on Rails is maintained at such a poor standard and that good content which people take the time to write is just getting burried away by spam! Com’on whoever is in charge, its not that hard to fix this, it is like the bare minimum for any development project.
The large amount of hype around RoR at the moment obviously makes this wiki a prime target!
—
I would suggest to lock down the wiki for edits, only let admins clean it up, and keep it locked until a better anti-spam solution is in place.
—
This may be scandalous, but I would really suggest just porting to mediawiki – they have lots of built-in anti-spam features:
http://meta.wikimedia.org/wiki/Anti-spam_Features
And given the size of wikipedia, the list of anti-spam features will only grow. Why re-invent the wheel? Mediawiki is a great wiki, I think the ruby wiki should just use that (yes, I know, it’s not written in ruby, but c’est la vie!)
kwb
—
PLEASE PLEASE IMPLEMENT A LOGIN
QUESTION: Are people just blanking any page that has been modified? I’m fixing some pages and I go back in a few minutes and people have blanked them out even though I restored it from a previous entry.
-Jeff
Answer No. Sometimes when I click rollback and save, a blank entry is saved instead of the contents of the textarea. This is very annoying when I’ve taken the time to click back 40 versions to find good content.
Are you sure I have just clicked back through 40 blank revisions of the XmlHTTPRequest page to find a version with content so someone is blanking pages repeatedly???
—Yes, someone is blanking pages repeatedly. After submitting a rollback you may find you need to refresh your browser to see the result. —JF 6 Oct 06
Hey If you notice when you look at a previous entry in the address bar theres a number, just replace it with another number if you wanna move back faster to get an idea where the damage starts. I also think that questions and answers should be posted at the top of this page so that people can see current stuff first.
—If you “go back faster” there is a risk of picking up an out of date version of a page, or one with hidden links, and rolling back to that. I’ve seen this several times in the last few days. —JF 6 Oct 06
Many attacked pages have hidden links. Use edit to fix them.
QUESTION: How can we remove spam-pages? We can delete the content but the page is still listed and some of them are direct-links and they cannot be edited. We need something to delete those tamiflu (and others) from the database. We need more power to fight the spam!
DO NOT remove content. Often you just need to click the “back in time” link once or twice to get back to the original not spammed version of the page, click the “rollback” link, scroll down the page and hit “save”.
What about porting this wiki over to Stikipad? I think they can deal better with spam.
Suggestions
Let’s post constructive suggestions here that could theoretically be implemented in Instiki2 to combat spam.
- ManaMana? – see http://www.c2.com/cgi/wiki?ManaMana . In a nutshell, it’s killfiles for wikis by versioning. No, really. Well, it could be a lot more too – it’s an unimplemented design at this point. But it makes a dandy killer ruby wiki feature …
- Blacklist Regex List + Captcha If an Edit / New Page content matches something in the Regex Blacklist, the user is forced to enter a captcha.
- User Registration Only registered users with CAPTCHA allowed to post.
- While this would help with bots spanning any wiki, it would still allow a spammer to create one user id and then use it to spam multiple pages. Seems better, although inconvenient, to do a per-edit CAPTCHA.
- what about a per-edit CAPTCHA for anonymous cowards, and normal edits fo users that have a real verified email address and are older than a given amount (a month or so), as a convenience.
- Wiki-wide rollback by IP/user Saw this suggested on the front page, worth looking into. PF: yes, but that should read Wiki-wide rollback of posts by IP within a given time interval What if the evildoer has been given the same anonymous dialin IP during spamming than a valuable user 2 days before?
- Over Aggressive Posting Any IP that posts more than a reasonable amount of changes in a reasonable amount of time. If multiple articles are edited in less than a certain timeframe, then the use is put up to democratic blocking.
- Democratic Block/Rollback More than three rollbacks against an IP in a certain amount of time (or aggressive posting) puts an IP up for vote. If a certain number of people vote for block/rollback, then all changes from that user are rolled-back.
- Limit Linking Cowards cannot add links to external sites or are limited to a small number
- Post Moderation If a page is changed over a certain percentage (e.g. 50%) the change is kept pending moderation by a Moderator (/Team of Moderators).
- I’m not sure if there’s a way to block users, but someone who’s posting as teen girls galleries keeps changing the RealWorldUsage page to a bunch of porn links.
—-
How to manually rollback
Just append at the end of the url ‘/versions/x’, where x is the number of page version. You must find last version before the spammed one. Go to back and forward between versions with multiple of 100, then try with lesser numbers, while you haven’t found right version.
Then append to the url ‘/versions/new/x’ and save the page.
I know, it’s a dirty work, but someone’s got to do it..
—-
Create an alternate site for the promotion of Rails
Good morning all. My name is Robert Dempsey and I am the project director at Atlantic Dominion Solutions. I am considering starting a non-profit organization for the promotion of Ruby on Rails. The goal would be to put Rails in front of more business people and to show it as more than just a flashy new platform (which it is, along with so much more). I am a Rails devotee, having switched from PHP some time ago. I am unfamiliar with all of the ways that Rails is being promoted in the development and business communities, so if you have other suggestions or know of other outlets please let me know. I look forward to other suggestions and ideas. I am getting fed up with the spam bots killing our, yes our, wiki, and want to do more than continually rolling back the pages. I believe that a “controlled” site where content must be submitted and reviewed may be in order (though it goes somewhat against the idea of community). Unfortunately, it may be necessary to fight the bots. Let me know what you all think (and I will prepare for the flames).