Re: Spam bots on the relax wiki again!Re: Spam bots on the relax wiki again!He he, the spam bots are still signing up (http://wiki.nmr-relax.com/Special:ListUsers), but they can't do anything :) This is an awesome fix for the problem! Maybe I'll delete users if they haven't been upgraded to the 'Trusted' level after 3 or so months, to keep this list tame. Cheers, Edward On 12 May 2014 10:21, Edward d'Auvergne <edau@xxxxxxxxxxxxxxxxx> wrote:
Great! This should finally kill these incredibly annoying spam bots! This 'Trusted' access level is perfect. As this will be a low traffic wiki, we should never be overwhelmed by users asking to be in the 'Trusted' group. Cheers, Edward On 11 May 2014 09:09, Troels Emtekær Linnet <tlinnet@xxxxxxxxxxxxx> wrote:Guide lines here: http://wiki.nmr-relax.com/How_to_edit_pages_at_the_wiki Permissions available here: http://wiki.nmr-relax.com/Special:ListGroupRights 2014-05-11 8:59 GMT+02:00 Troels Emtekær Linnet <tlinnet@xxxxxxxxxxxxx>:Hi Ed. Now settings are: # First reset all. $wgGroupPermissions['*']['edit'] = false; $wgGroupPermissions['*']['createpage'] = false; $wgGroupPermissions['*']['createtalk'] = false; $wgGroupPermissions['*']['writeapi'] = false; # Then for user we are going to be a little strict. $wgGroupPermissions['user']['createtalk'] = false; $wgGroupPermissions['user']['createpage'] = false; $wgGroupPermissions['user']['edit'] = false; $wgGroupPermissions['user']['minoredit'] = false; $wgGroupPermissions['user']['movefile'] = false; $wgGroupPermissions['user']['move'] = false; $wgGroupPermissions['user']['move-subpages'] = false; $wgGroupPermissions['user']['move-rootuserpages'] = false; $wgGroupPermissions['user']['reupload-shared'] = false; $wgGroupPermissions['user']['reupload'] = false; $wgGroupPermissions['user']['purge'] = true; $wgGroupPermissions['user']['read'] = true; $wgGroupPermissions['user']['sendemail'] = false; $wgGroupPermissions['user']['upload'] = false; $wgGroupPermissions['user']['writeapi'] = false; # Make allowance for email confirmed users. # But these are also bots ! $wgGroupPermissions['Emailconfirmed'] = $wgGroupPermissions['user']; # These are for users we manuallu allow. # They are trusted. We copy over settings from before, and then modify. $wgGroupPermissions['Trusted'] = $wgGroupPermissions['Emailconfirmed']; #$wgGroupPermissions['Trusted']['createtalk'] = true; # No talks please. $wgGroupPermissions['Trusted']['createpage'] = true; $wgGroupPermissions['Trusted']['edit'] = true; $wgGroupPermissions['Trusted']['minoredit'] = true; #$wgGroupPermissions['Trusted']['movefile'] = true; $wgGroupPermissions['Trusted']['move'] = true; $wgGroupPermissions['Trusted']['move-subpages'] = true; #$wgGroupPermissions['Trusted']['move-rootuserpages'] = true; #$wgGroupPermissions['Trusted']['reupload-shared'] = true; #$wgGroupPermissions['Trusted']['reupload'] = true; $wgGroupPermissions['Trusted']['sendemail'] = true; $wgGroupPermissions['Trusted']['upload'] = true; $wgGroupPermissions['Trusted']['writeapi'] = true; #$wgGroupPermissions['Trusted']['editprotected'] = true; ### Possible to setup for a group which is auto promoted $wgAutopromote['Emailconfirmed'] = APCOND_EMAILCONFIRMED; And then this: # Permission to skip captcha $wgGroupPermissions['bureaucrat']['skipcaptcha'] = true; # $wgGroupPermissions['Emailconfirmed']['skipcaptcha'] = true; $wgGroupPermissions['Trusted']['skipcaptcha'] = true; 2014-03-26 12:36 GMT+01:00 Troels Emtekær Linnet <tlinnet@xxxxxxxxxxxxx>:Hi Edward. I have made it so, that now only "image" questions are now being asked. Expanding acronyms are a easy task by doing a wiki page lookup? For users who are Email confirmed, they get these rights $wgGroupPermissions['Emailconfirmed']['createpage'] = true; $wgGroupPermissions['Emailconfirmed']['edit'] = true; $wgGroupPermissions['Emailconfirmed']['minoredit'] = true; $wgGroupPermissions['Emailconfirmed']['move'] = true; $wgGroupPermissions['Emailconfirmed']['move-subpages'] = true; $wgGroupPermissions['Emailconfirmed']['sendemail'] = true; $wgGroupPermissions['Emailconfirmed']['upload'] = true; $wgGroupPermissions['Emailconfirmed']['writeapi'] = true; I have prepared a "'Trusted'" group, and I could manually add users to that group, if they ask for it. But I hope to have now an automatic system, that works. :-) I will wait with you paper reference system. But I really like the idea! It reminds me of Commodore 64 game protection, where one should write a word from the manual, to prove you have bought the game. :-) Best troels 2014-03-25 14:33 GMT+01:00 Edward d'Auvergne <edau@xxxxxxxxxxxxxxxxx>:Hi Troels, In case you missed it, I have been deleting a number of spam bots from the wiki: http://wiki.nmr-relax.com/index.php?title=Special:RecentChanges&from=20140324000000 Somehow the new CAPTCHA method (http://thread.gmane.org/gmane.science.nmr.relax.devel/4334/focus=4367) has been defeated. Maybe there is a person who spends their whole day just creating bots by hand and they managed to find the result to one of the questions on the internet? I have no idea how they got through! So maybe we need to modify the questions a little. For example the spectrometer frequencies with Bruker magnet pictures, maybe instead of asking for MHz we could ask for Hz. For the magnet company starting with B, that could be changed to J, V or I. The white nucleus to the black. The RDC, NOE, and FID acronym questions rewritten (maybe expanding acronyms is the weak point). The HSQC text removed from the pulse sequence. I have a completely different idea which would be much stronger, and would block the way the bots previously got in. That would be to have a list of the top original papers in NMR dynamics as DOI number (maybe not as a link to make it more complicated). Then we ask questions such as, what is word 9 on line 6 of paragraph 2 in the PDF of the paper with DOI number X? Or what is the the last name of the second author of reference 22 in the paper with DOI number X? We could avoid the title, author list, abstract, and anything else available to the general public. Then only people with journal subscriptions can sign up. We could then provide a 'reload captcha' link to allow the person to easily access a different question, just in case they don't have access to a subset of the papers. Anyway, the spam bots have been significantly slowed down by the NMR-based CAPTCHA. They are currently manageable. But what do you think about changing the CAPTCHA again? Cheers, Edward _______________________________________________ relax (http://www.nmr-relax.com) This is the relax-devel mailing list relax-devel@xxxxxxx To unsubscribe from this list, get a password reminder, or change your subscription options, visit the list information page at https://mail.gna.org/listinfo/relax-devel_______________________________________________ relax (http://www.nmr-relax.com) This is the relax-devel mailing list relax-devel@xxxxxxx To unsubscribe from this list, get a password reminder, or change your subscription options, visit the list information page at https://mail.gna.org/listinfo/relax-devel