[cgiapp] CGI::Application wiki page SettingDropDownValues updated by BryanSmith

Mark Stosberg mark at summersault.com
Fri Oct 26 10:27:55 EDT 2012


On 10/25/2012 05:58 PM, Ron Savage wrote:
> Hi Mark
> 
> On 26/10/12 02:01, Mark Stosberg wrote:
>> On 10/25/2012 10:51 AM, Brian Wightman wrote:
>>> Are we able to block this username (I know it won't be very effective) from
>>> doing any type of updates?  Perhaps just bit-bucketing them or blacklisting
>>> the IP for a period of time?
>>
>> I believe we have, or can have, root access on the server where the site
>> is hosted. So we have some options to block IPs at the OS or Apache level.
> 
> AFAIK, some ISPs, including Amazon, share IPs among many users, so 
> blocking an IP is contentious.
> 
>> The application could be patched to ban this username as well.
> 
> Could be done, but then he'd switch.
> 
> I suggesting disabling edits unless the user name is on a list. Then 
> there's the chance the abuser would see legit edits and impersonate that 
> user...

Ron,

You are right on all points. That brings me to Plan B, which is perhaps
over due:

 Start over the wiki using a new platform.

It's due for a "refresh" anyway. I'm sure a lot of the content should
use a review for updates, purging and adding, and the design is stale
now as well.

More modern choices have decent option for spam prevention built in.

  Mark


More information about the cgiapp mailing list