[time-nuts] Time-Nuts Wiki now available
david.kirkby at onetel.net
Mon Aug 1 20:19:24 EDT 2005
John Ackermann N8UR wrote:
> HI David --
> There's a bug (or more accurately, an unpleasant interaction)
Also know as "a feature" !
> in the
> combination of wiki software (moinmoin) and web server (apache with
> mod-cgi) that I'm running that prevents second-level wiki names from
> working without some special magic. I haven't had a chance to implement
> that magic yet...
> The "BadContent" page is actually an automatic download that drives a
> simple spam prevention system.
I gathered it was for spam prevention.
> The page is read-only and is
> automatically updated daily from a server. There's really no harm in
> having it visible, as the content can't be mucked with and it's all
> publicly available from the upstream source. I don't know how well it
> works yet, but the reports from others are that it's at least modestly
> helpful. I'm hoping that the fact the wiki is set up to allow only
> registered users to add or change pages will help, though that's far
> from complete protection.
I'd beg to differ.
In the following, I am using a T rather than a V for the well known drug:
I can see the word Tiagra is in the list, but I can easily tell that by
swapping the i for a 1, it will be OK. Since that swap of i for 1 is
common, other spam filters will pick up on it. But you are basically
giving your rule set away.
I take your point that the list can be downloaded, but the average idiot
finding that will not download the source code and check. They are far
more likely to try a few combinations then give up. I think by making
the list too public on your own site, the effectiveness is reduced.
I would say it is a bug if the software you use requires the file to be
readable to the world. I would have thought it only necessary for a
script to parse that file, not make it publically visable.
The default apache configuruation stops any files begginging .ht from
being sent to a browser, yet they must have read permissions to the world.
> I gave up on my guestbook years ago when it got spammed by DeutschePorn,
> and I ended up turning comments off on my blog (which I use as a lab
> notebook -- http://www.febo.com/geekworks/blog) when the same thing
> happened. It's amazing how *anything* attracts spam.
Yes, I can understand you giving up with a guest book. I find it useful,
as the one I run often gets comments from those in the railway industry,
that I suspect might be relectant to post them if they had to register.
> By the way -- for anyone interested, all the febo.com stuff is
> self-hosted and I use my ISP (Roadrunner) purely for bandwidth -- all
> the mail, web, ftp and other services run on a bunch of Linux machines
> in my basement.
That works fine, if you don't have huge files. My uplink (download for
you) is only 256 kbit/s, which would be far too small to host that 600MB
I've got a few large files at http://www.g8wrb.org/ that really need
professional hosting, but other sites I run, I host myself. (Old Sun
> David Kirkby wrote:
>>John Ackermann N8UR wrote:
>>>I've set up a wiki at http://www.febo.com/time-nuts (I want to change
>>>that to /wiki/time-nuts, but at the moment that doesn't seem to work).
>>If you mean http://www.febo.com/wiki/time-nuts there is no reason that
>>can't be done. Any server should be able to handle that.
>>Or how about wiki.febo.com/time-nuts ?? That is harder to configure, but
>>can be done, if you have the right control at your ISP who your domain
>>is registered with.
>>I doubt you want to make this page public
>>It's a feast for those that want to circumvent the protection. w.
>>I run a guest book on
>>and have a bit of a battle with the idiots who try to put things on
>>there I don't want them too. What measures are taken (and some are) are
>>best kept to yourself.
>>I keep a record of all attempts at posts. Every time a post is made, a
>>record of it is kept. It is quite amusing to look at all the failed
>>attempts to circumvent the protection. Every time one manages to do
>>something I don't want them doing, I try to add a bit to keep one step
> time-nuts mailing list
> time-nuts at febo.com
Please check out http://www.g8wrb.org/
of if you live in Essex http://www.southminster-branch-line.org.uk/
More information about the time-nuts