On Sat, Jan 12, 2008 at 11:07:00AM +0100, Petko Yotov wrote: > Hello all, > > > > I'm willing to do a captcha, at least for a while, if someone will > > > prototype a replacement Site.EditForm page for it. > > I am strongly against a Captcha solution. If I have to do one and > only edit in the day, a Captcha is acceptable. But as we may be > doing several of edits or fixes, it is really a pain.
Captchas in PmWiki are once-per-session -- i.e., once you've verified a captcha, that verification is good for all subsequent edits until the session expires. > And here is the proof: > http://google.com/search?q=%2262.140.77.68%22+proxy > > (62.140.77.68 edited PITS.00108) > > I also do not understand why in the Blocklist there are whole ranges of > blocked IPs, like : > block:12.43.115.* For a long time it was too much trouble to list individual addresses, and we _would_ receive spam posts from multiple addresses in the range. > Even if it is > the case (which is not: these are open proxies), there are 254 legitimate > innocent IPs that are blocked. I'm fine with guilt-by-associate for now. I've never run into a case where a legitimate poster complained about being inadvertently blocked by one of these address ranges. > If this is not a malicious attack by someone who hates us, what I > beleve to be best is to have an edit password on the groups that > we are cleaning every day. It may be written in the Site.EditForm : > > Please enter '''pmwiki''' in the following textbox in order to edit. > > This is less annoying than a Captcha and may work. The issue I have with this approach is that someone viewing and interacting with PmWiki for the first time can get very confused by this. For one, if the page is protected by a password other than "pmwiki" (and there are some), then the new author will be very confused by the fact that the statement doesn't seem to work. Beyond that, I think that newcomers who don't understand that the password is being used as a spam mechanism will be likewise confused. I can envision people thinking "What good is it to publicly display the edit password?" and concluding that "PmWiki isn't very secure." That's not really the impression I want to leave newcomers to the site. Pm _______________________________________________ pmwiki-users mailing list pmwiki-users@pmichaud.com http://www.pmichaud.com/mailman/listinfo/pmwiki-users