This is the mail archive of the
gdb@sourceware.org
mailing list for the GDB project.
Re: [GDB Wiki] Add editor privilege control
- From: Jonas Maebe <jonas dot maebe at elis dot ugent dot be>
- To: Joel Brobecker <brobecker at adacore dot com>
- Cc: "Frank Ch. Eigler" <fche at redhat dot com>, Stan Shebs <stanshebs at earthlink dot net>, gdb at sourceware dot org
- Date: Wed, 9 Apr 2014 15:12:22 +0200
- Subject: Re: [GDB Wiki] Add editor privilege control
- Authentication-results: sourceware.org; auth=none
- References: <20140214030759 dot GC5485 at adacore dot com> <52FE61DD dot 6010000 at earthlink dot net> <y0mppm4r4ue dot fsf at fche dot csb> <20140303161227 dot GL4860 at adacore dot com> <20140409125330 dot GA21704 at adacore dot com>
On 09 Apr 2014, at 14:53, Joel Brobecker wrote:
Frank - Do you know what would need to be done at the technical
level to protect ourselves? I would think we first create a
EditorGroup
page in the wiki, then add the corresponding group and its privileges
in the wiki's configuration, right? Or can everything be done directly
from the wiki? Anything else we should be doing?
A very useful protection against spammers for our wiki that I've found
is using the stopforumspam.com blacklist. It's specifically geared at
stopping wiki/forum spammers and works much better than more generic
blacklists such as the Spamhaus XBL. Here's how to use it in MediaWiki/
PHP:
if(isset($_SERVER['remote_addr']) && ereg('yes', file_get_contents('http://www.stopforumspam.com/api?ip='
. $_SERVER['remote_addr'])))
{
<it's a blacklisted IP>
}
I know neither PHP nor Python very well (I got the above code from
somewhere else), so I can't translate it, but I'm sure you get the
gist. As long as you
a) forbid editing by anonymous users
b) perform the above check at account creation time and whenever
someone tries to add a link to an article
you should be pretty safe. I've had only 3 potentially bogus account
registrations and not a single instance of spam on our wiki since I
started using that blacklist 10 days ago. You can use it freely,
except if you have more than 20000 queries per day (we have about 200
account creation attempts per hour on average, sometimes spiking to
over a 1000). In that case you should download snapshots of their
database and use that instead, as explained at http://www.stopforumspam.com/downloads/
Jonas