[Freeipa-devel] FreeIPA wiki - fighting the spammers

[Martin Kosek]

Hello everyone,

As some of you noticed, we had lately an increasing number of spam attacks
against FreeIPA.org wiki. Even though we did not accept user registration
through the standard Mediawiki User Creation form (which is often misused by
attacked) and only allow Fedora users logged in by OpenID, the spam producers
started to favor this authentication mode too.

This week and especially yesterday, the spam activity was high enough to
warrant a "drastic change" in how we allow wiki modifications. Me and Petr
Vobornik had to react quickly yesterday to hundreds of new spam-based pages
(thanks to Petr for deleting the spam pages, Stephen for altering us and
Patrick Uiterwijk for advising us!).

As a prevention for future attacks, I also needed to chose the most simple and
convenient method to stop spammers from editing wiki. This is the result:

- Anonymous and regular users are no longer allowed to create or edit wiki pages
- Anyone who wants to be able to edit wiki needs to be in a new "editor" group

The full description of new group rights is here:
http://www.freeipa.org/page/Special:ListGroupRights

I added the contributors active in the last 30 days to the editor group. If
more people are needed, wiki "Bureaucrats" can it through this form:
http://www.freeipa.org/page/Special:UserRights

If you do not know who is in the Bureaucrat group, this is the list:
http://www.freeipa.org/index.php?title=Special%3AListUsers&username=&group=bureaucrat&limit=50

The model I had in mind was that new wiki contributors would ask for access on
#freeipa IRC channel, when they have some content to be added to the pages. We
should probably add that suggestion to the wiki somewhere.

I hope this works for you. If you have comments on above or even better ideas
what is the easiest way to fight spam on our precious wiki, please let me know.

-- 
Martin Kosek <mkosek at redhat.com>
Manager, Software Engineering - Identity Management Team
Red Hat, Inc.