On 05/10/05, Brett Parker iDunno@sommitrealweird.co.uk wrote:
We know all about maintainence barriers... so, who other than MJ Ray has access to the website, and can upload changes to the static pages? It appears that we've ended up in the situation of having a defined method of updating the static content of the site, but the method involves knowing how to (at the very minimum) use make, and read the README in the tar ball of the site source, which is not in the most obvious of places.
Our entire site is a wiki. There is *no* static content. Well, there's a couple of locked pages - the voting pages and the LUG finances - which you can understand I'm sure. The front door and every page other than the two I have mentioned are open for edits though. So there really is no overall control from one person. I think at the last count there were about 10 or so people with the "admin" password.
The admin password on our wiki allows you to quickly and easily rollback changes with one click (any user of course can edit out something they don't like - it's just easier for admins). Admins can also maintain the list of banned words and banned hosts. Oh and they can lock and unlock pages and the whole site if it's under sustained attack.
As I mentioned quite a few of us have RSS readers open most of the day and as such most spam doesn't go unnoticed by us for long. Either an admin or a "normal" person (or an admin who has forgotten the admin password and accesses the site like any other joe) can and does undo the damage.
Hmm, well, OK - so, here's a new, slightly sadistic idea... how about having 2 different stages for wiki edits, how about a maintainance section for logged in, trusted users (where the trust is assigned via discussion on the list, maybe), the changes these 'trusted' users make are immediately available in the wiki... changes done anonymously are accessable to all, but are not the default view of the wiki, they go through a 'staging' session...
This is actually not far off what we have in practice. Mr Scripting Dude spams loads of pages with some duff content. A potential visitor could drop by at this point and see the duff content. Within some hours or often minutes (depending on time of day really) the content is reversed. Job done. More visitors come to the site and are oblivious as to what happened.
So in effect us admins watching the site are letting stuff stay ( good content ) and removing tha bad stuff. Ok the odd bit gets through, but it's not much and not often any more. We used to get attacked really regularly, almost daily, and sometimes by different spammers all making multiple changes to the same set of pages. That rarely happens now - not because of the admins, but because of the extra patches - detecting bad words and rejecting content that content..
We even have a patch (which has not been applied for performance reasons) that runs all changes through spamassassin!
(Yes, I know that I no longer live in East Anglia, before anyone helpfully points that out, but I don't believe that ALUGs goals state that you have to live in East Anglia to contribute, or to be a member... if anyone has got an objection with me contributing, though, feel free to bring it up).
I don't live in Anglia either, but my geographic location didn't stop me helping Surrey LUG and Wolves. Once an acceptable solution is found to a problem that affects quite a few LUGs, it makes sense to share it.
Our solution works for us and some other LUGs. You don't have to use it of course, and a LUG the size of Anglia clearly has some considerable creative minds who can probably come up with a better system than us, but until you do, ours is there for the taking.
Again, I'll gladly offer my assistance where it may be required.
Cheers, Al.