Kiran wrote:Why not enforce Scrypt proof of work on new users? This would make it computationally difficult for spammers to make new accounts, and the few they create can be banned quickly. Also, post rate limits can be imposed on new users, to ensure they do not spam too much. Someone who actually wants to join can wait a few minutes for PoW to be solved.
Another idea: if it's not done yet, restrict page creation to autoconfirmed users. Wikipedia uses an account age of 4 days as a default for this, IIRC, which works well; most spammers don't create accounts in advance and then use them later.
MediaWiki also has a rate-limiting feature that could be used to set limits on the number of actions (edits etc.) that users could perform in a given amount of time. This works per user-group, so different rates could be set for anonymous users, registered-but-not-yet-autoconfirmed users, (regular) registered and autoconfirmed users and trusted users. See the manual entry for edit throttling, too.
MediaWiki has quite a few useful features for ensuring the operational safety of a wiki.
What I'm taking home from all this is that fighting spam needs a two-pronged approach:
- keep spammers from registering accounts in the first place; and
- keep those spammers that somehow do manage from creating too much trouble.
So far we've mostly focussed on the first -- but I think we should also look into the second more, e.g. using the above features.