Using email activation might prevent some spam, since user have to manually activate their accounts, and if it's just a spam bot chances are that the bot isn't yet that well adapted for XWiki as to know how to verify their accounts. Another trick that helped us fight spam on xwiki.org is to forbid registration of users that enter the same first and last name, since we noticed that all automatically created accounts followed this rule. Another thing that helps us keep spam low is the IRC bot and the global notifications watchlist. Whenever someone modifies something, the IRC bot notifies that change, and at the end of the day the notification mail also mentions it. Most of the time one of the devs that are on IRC will immediately check that change and revert it if it's spam (and delete the user account as well). But I guess that won't work for a large active community wiki with lots of valid changes every day. On 06/09/2012 05:16 PM, Niels Mayer wrote:
This is either a feature request or a request for discussing solutions to the issue of known comment spammers against XWiki installs.
There's known spammers like [email protected] (see http://www.nielsmayer.com/bin/view/XWiki/DavyCrokkett ) which have to be managed and curtailed for any XWiki install enabling comments.
During registration, it would it be nice to check sites like http://www.stopforumspam.com/ and prevent registration emails from going out to known comment spammers.
For example, the aforementioned spammer is listed at http://www.stopforumspam.com/ipcheck/111.243.227.227 suggesting Current country of origin: Taiwan, Province of China
Date IP Address Username Email 1-Jul-11 07:31 111.243.227.227 coseteene [email protected] 30-Jun-11 18:29 111.243.227.227 Assusypesound [email protected] 30-Jun-11 13:43 111.243.227.227 Impuppota [email protected] 30-Jun-11 11:22 111.243.227.227 Biordaccoma [email protected] 30-Jun-11 07:01 111.243.227.227 rooviskitte [email protected] 29-Jun-11 23:59 109.230.222.175 Beethyemegree [email protected] 29-Jun-11 22:49 111.243.227.227 Kneefshes [email protected] 29-Jun-11 13:59 111.243.227.227 seltencarne [email protected] 29-Jun-11 13:31 111.243.227.227 inigneedync [email protected] 29-Jun-11 11:50 174.142.132.203 Beethyemegree [email protected] 29-Jun-11 11:50 174.142.132.203 phorilmiplism [email protected] 29-Jun-11 07:53 111.243.227.227 Agergeevame [email protected] 29-Jun-11 05:56 111.243.227.227 Atomnegmess [email protected] 29-Jun-11 05:50 111.243.227.227 Impuppota [email protected]
It would also be interesting for such flagged users to return a list of associated IP's (such as above) which could be blacklisted as well.
I guess the correct solution would be to use http://extensions.xwiki.org/xwiki/bin/view/Extension/Social+Login but then the spammers would just end up getting twitter, facebook or foursquare logins and use those instead of hotmail accounts.
-- Sergiu Dumitriu http://purl.org/net/sergiu/