[time-nuts] Time-Nuts Wiki now available

David Kirkby david.kirkby at onetel.net
Mon Aug 1 20:19:24 EDT 2005


John Ackermann N8UR wrote:
> HI David --
> 
> There's a bug (or more accurately, an unpleasant interaction) 

Also know as "a feature" !

> in the
> combination of wiki software (moinmoin) and web server (apache with
> mod-cgi) that I'm running that prevents second-level wiki names from
> working without some special magic.  I haven't had a chance to implement
> that magic yet...
> 
> The "BadContent" page is actually an automatic download that drives a
> simple spam prevention system. 

I gathered it was for spam prevention.

> The page is read-only and is
> automatically updated daily from a server.  There's really no harm in
> having it visible, as the content can't be mucked with and it's all
> publicly available from the upstream source.  I don't know how well it
> works yet, but the reports from others are that it's at least modestly
> helpful.  I'm hoping that the fact the wiki is set up to allow only
> registered users to add or change pages will help, though that's far
> from complete protection.

I'd beg to differ.

In the following, I am using a T rather than a V for the well known drug:

I can see the word Tiagra is in the list, but I can easily tell that by 
swapping the i for a 1, it will be OK. Since that swap of i for 1 is 
common, other spam filters will pick up on it. But you are basically 
giving your rule set away.

I take your point that the list can be downloaded, but the average idiot 
finding that will not download the source code and check. They are far 
more likely to try a few combinations then give up. I think by making 
the list too public on your own site, the effectiveness is reduced.

I would say it is a bug if the software you use requires the file to be 
readable to the world. I would have thought it only necessary for a 
script to parse that file, not make it publically visable.

The default apache configuruation stops any files begginging .ht from 
being sent to a browser, yet they must have read permissions to the world.

> I gave up on my guestbook years ago when it got spammed by DeutschePorn,
> and I ended up turning comments off on my blog (which I use as a lab
> notebook -- http://www.febo.com/geekworks/blog) when the same thing
> happened.  It's amazing how *anything* attracts spam.

Yes, I can understand you giving up with a guest book. I find it useful, 
as the one I run often gets comments from those in the railway industry, 
that I suspect might be relectant to post them if they had to register.

> By the way -- for anyone interested, all the febo.com stuff is
> self-hosted and I use my ISP (Roadrunner) purely for bandwidth -- all
> the mail, web, ftp and other services run on a bunch of Linux machines
> in my basement.

That works fine, if you don't have huge files. My uplink (download for 
you) is only 256 kbit/s, which would be far too small to host that 600MB 
5370B manual!!

I've got a few large files at http://www.g8wrb.org/ that really need 
professional hosting, but other sites I run, I host myself. (Old Sun 
SPARCstation 20).



> John
> ----
> David Kirkby wrote:
> 
>>John Ackermann N8UR wrote:
>>
>>
>>>I've set up a wiki at http://www.febo.com/time-nuts (I want to change
>>>that to /wiki/time-nuts, but at the moment that doesn't seem to work).
>>
>>
>>John,
>>
>>If you mean http://www.febo.com/wiki/time-nuts there is no reason that
>>can't be done. Any server should be able to handle that.
>>
>>Or how about wiki.febo.com/time-nuts ?? That is harder to configure, but
>>can be done, if you have the right control at your ISP who your domain
>>is registered with.
>>
>>I doubt you want to make this page public
>>
>>http://www.febo.com/time-nuts/BadContent
>>
>>It's a feast for those that want to circumvent the protection. w.
>>
>>I run a guest book on
>>
>>http://www.southminster-branch-line.org.uk/guest-book/guest-book.html
>>
>>and have a bit of a battle with the idiots who try to put things on
>>there I don't want them too. What measures are taken (and some are) are
>>best kept to yourself.
>>
>>I keep a record of all attempts at posts. Every time a post is made, a
>>record of it is kept. It is quite amusing to look at all the failed
>>attempts to circumvent the protection. Every time one manages to do
>>something I don't want them doing, I try to add a bit to keep one step
>>ahead.
>>
> 
> 
> 
> _______________________________________________
> time-nuts mailing list
> time-nuts at febo.com
> https://www.febo.com/cgi-bin/mailman/listinfo/time-nuts
> 
> 


-- 
David Kirkby,
G8WRB

Please check out http://www.g8wrb.org/
of if you live in Essex http://www.southminster-branch-line.org.uk/






More information about the time-nuts mailing list