How we keep WikiSpam out of wiki.EverythingSysadmin.com

Having a wiki open to the open web means that spammers can set up an account and fill your wiki with shit. Here's what we do to prevent this.

• Registration: We let anyone register. However, when someone registers webmaster receives email. We can quickly delete accounts we don't like. Not optimal, but better than nothing. We hope to add Captchas.
• Page edits: To edit a page or make any other change to the site, you have to be in a group called NotSpammersGroup. When the webmaster sees that someone has registered, if we know the person we add them right away. Otherwise, we wait for them to complain.

Short version: Create a group called NotSpammersGroup, add yourself and TWikiRegistrationAgent to the group. On each web, edit the WebPreferences page: Uncomment the "Set ALLOWWEBCHANGE" and add NotSpammersGroup to the list. To test this, create a new account (TestUser1^?) and make sure it gets created properly. Verify it can't change pages on each of your webs, and verify it can't create new topics. Then add it to the NotSpammersGroup and make sure it can edit topics and create new topics.

Step-by-Step

(This is by memory, so I hope it is right!)

1. Create a group called NotSpammersGroup, add yourself and TWikiRegistrationAgent to the group
   • Go to WebHome
   • Click on "Groups" in the left sidebar. This takes you to TWikiGroups
   • Use the "New Group" form to create the group.
   • Edit the group and add yourself and TWikiRegistrationAgent to the list (comma separated)
2. On each web, edit the WebPreferences page to restrict it.
   • Uncomment the "Set ALLOWWEBCHANGE" and add NotSpammersGroup to the list.
   • The line I added was

     * Set ALLOWWEBCHANGE = %MAINWEB%.TWikiAdminGroup, %MAINWEB%.NotSpammersGroup

3. To test that you are protected, create a new account (TestuserReadonly^?) and make sure it gets created properly.
   • You'll have to log out, then click on Register.
   • As you perform each step, watch each screen carefully for errors and warnings. You shouldn't get any.
   • Verify that not only did the account get created, but that it has a TestuserReadonly^? page.
   • If that page didn't get created, then TWikiRegistrationAgent didn't have the right permissions. This may mean that you forgot to add TWikiRegistrationAgent to NotSpammersGroup in the first step.
4. Verify that TestuserReadonly^? can't change pages on each of your webs, and verify it can't create new topics.
   • Select a page and click "edit". You should get an error.
   • Click on "Create New Topic" in the sidebar. MainWebTopicCreator^? is the link. You should get an error.
   • Do this for each of your webs.
5. To test that normal users can still operate, create a new account (TestuserCanwrite^?) and make sure it gets created properly.
   • You'll have to log out, then click on Register.
   • As you perform each step, watch each screen carefully for errors and warnings. You shouldn't get any.
   • Verify that not only did the account get created, but that it has a TestuserCanwrite^? page.
   • If that page didn't get created, then TWikiRegistrationAgent didn't have the right permissions. This may mean that you forgot to add TWikiRegistrationAgent to NotSpammersGroup in the first step.
6. Verify that TestuserCanwrite^? can change pages on each of your webs, and verify it can't create new topics.
   • Select a page and click "edit". You should get an edit page. Make a small change and make sure you can save the page. Verify that the change exists.
   • Click on "Create New Topic" in the sidebar. MainWebTopicCreator^? is the link. Make sure that you are able to create the page, edit it, and that when you save it the page is viewable.
   • Do this for each of your webs.

Something else you should know

Now that I have you attention, I'd like to make my case of a major change to TWiki:

The terminology sucks. In particular calling each part of the wiki a "web" and calling each page a "topic" surely made sense 10 years ago when TWiki was in its infancy, but grrrr its the number 1 human factors problem when I teach people how to use this software.

Calling each section a 'web' is logical from the 1997 version of the world, but now it would be better if it was called anything else... even just a "subweb" or a "subwiki". Just the fact that you can't meaningfully search for "web" in the documentation because that word appears in so many contexts drives me crazy.

The other term that drives me create is "topics". I'm sure the wiki purists are giving me a strange look right now. Yes, in theory each page is a topic. However, when teach people how to use a wiki they look at the software and say, "oh, you mean edit a page, right?" "Topic" is more generic, but that's the problem. A typical "web page" contains information about many topics. Heck, the main TWiki page contains tons of topics... how to install, how to get started, etc. etc. They are all topics on a page. I don't want to edit a "topic", I want to edit the page. Sure, if I was running a Wikipedia-like service using TWiki it might make more sense to use "topic", but that isn't the situation here.

If I had a million dollars I'd donate it to the people working on TWiki as a grant so they could globally change the software and documentation from using the word "topic" -> "page" and "web" to "subwiki" (or "wiki"). It would make the world a better place. Or at least improve TWiki.

I don't have a million dollars. However I do have this web page that you've just read. Thank you.

Sincerely,

ThomasLimoncelli