There have been some developments on the wiki front.
As to be expected, I would like to get rid of the burden of spam contents; just a few mimutes a day but why do that if it can be avoided.
First of all, I deleted all user entries in cache – well, except the ones I want to keep, of course. Removing the spam alltogether was quite a different story so in the end, I decided to remove everything dated after Jan-01, 2011. That got rid of the spam messages, indeed. Plus a bit more, which rendered the wiki unusable: Starting page gone, frontpage gone. But the wiki is backed up on a weekly basis so I could restore it all, though it does take quite some time to re-appear.
Next, diiging through the documentation, I found a way to allow users to sign up, but the really create a page, it’s possible to require SSL – maning: a login on the system. This has been tried bu it caised a number of problems. First, I needed to define a SSL-enabled entry that requires you to log in. Next, I had to find a way to make the wiki normally accessabe over port 80 (where you could create an account) but you would need to login on port 443 (using https) to create of alter a page. Things has been set up that way – both WASD and wikli – but not only was the wiki inaccesable (unauthorized) when accessed of http, ALL pages were immutable when accessing the wiki over https: – I even didn;t need to login.
Put a question on the WASD list for the first issue (being typically a WASD issue) and reversed teh configuration. I got my answer from Mark, but I still need to implement it.
But it seems that the abusers found out the wiki cannot be abbused any more. In the last week, a few bogus users have been created but no new pages have been created, looking at the “Recent Changes” page. And slowly, the number of new users decreased.
Similarly, the SYSMGR blog seems to be plagued with bogus users, it seems most reside in the .ru domain. But as far as I can find out, there is no problem with them except using a single row in the database. They can only be subscribers, meaning they cannot contribute. I don’t know why they subscribed – problably opting for abuse, exploiting a possible flaw in WordPress? I know I need to upgrade to the latest version, and of PHP as well, and so for Python and MoinMoin, and possible VMS….
But plans are to redesign it all – abandoning MySQL and PHP, and Python and MoinMoin competely, and switch to the native VWCMS allgtogether. though it’ll mean a lot of work…
Next week, I’ll need to refresh the licences – expiration date approaches….