Name | Type |
---|---|
"Prevent automatic/robot registration:" interferes with OpenID | tracker item |
[mailto:text|text] doesn't have antispam protection
In 2.0 a new email {img src=pics/icons/email.png } syntax was added in quickatgs {img src=images/code.png}%%% {CODE()} [mailto:text|text] {CODE} But this prevents the spam protection code from working |
tracker item |
12.x: Multiple Delete+BanIp for spam registrations (like the feature coded already for Comments) | tracker item |
Caldrac
Contributors |
tracker item |
Add anti-spam protection on tracker forms, for anonymous users
When trackers are used for contact forms, they are sometimes spammed. --- update by xavidp (Oct 4th 2008): using Tiki 2.1, feb12.css and trackers with mirror tables, an anonymous can insert a tracker item without filling the antibot captcha. You can test it live on: http://moviments.net/tracker15 All fields are text except for "correu electrònic a moviments.net" which has to be "e-mail"-type. --- |
tracker item |
14.0 has got antibot writing permission problem | tracker item |
User registration with anti-bot & user tracker for additional information not working
When a new user registered with anti-bot and user tracker for more user information getting error message that registration code is invalid. Here are steps to reproduce the problem. 1) Setup user information tracker with couple of fields. 2) Go to registration page 3) Enter registration details and click 'register' 4) This will take you to new screen where user tracker information needs to be filled. 5) Once you fill the user tracker information and click 'Save' 6) You will get error message that registration code is invalid |
tracker item |
articles needs aids to fight spam (e.g. admins see tiki-list_submissions.php at info.tw.o)
I looked today at http://info.tikiwiki.org/tiki-list_submissions.php and there are nearly 300 spam submissions there so far, and no way to delete them in groups. Maybe that's why nobody noticed my prior submission as info.tw.o editor from last month... (the user need to be in info.tw.o Admin group in order to see the spam list. If your users is just in the info.tw.o_editors group, you'll see nothing but your own submissions if any.) A text box to select the amount of rows to be listed would be welcome, and multiple checkboxes to select some or all, like with users, etc. --- By the way, how can anonymous spammers post submissions to info.tw.o? They can't through http://info.tikiwiki.org/tiki-edit_submission.php (at least, nowadays)... Spam hole somewhere? |
tracker item |
Add anti-spam protection on contact us, for anonymous users
Spamers are very annoying |
tracker item |
add antibot captcha for anons to newsletters, calendars and tracker item comments
add antibot captcha for anons to newsletters, calendars and tracker item comments |
tracker item |
Add CAPTCHA (anti-bot) support to article submission
Need to add CAPTCHA/anti-bot option when allowing anonymous submission of articles (tiki-edit_submission.php) |
tracker item |
Add CAPTCHA (anti-bot) support to suggest an FAQ feature
When allowing anonymous users to suggest a new FAQ question, need to include a CAPTCHA to eliminate spam. |
tracker item |
Add IP to syslog and/or action log when anons (at least) add content (for spam protection)
Add ip to syslog and/or action log, so that when anons (at least) are allowed to add content and it's spam (robots seem to be able to post with our current antibot captcha), there is way to identify the ip of the spammer. So far, antibot captcha is added (in trunk, at least) to: * wiki edit * wiki page comments * forum posts * tracker item comments * freetags * calendar items * newsletter subscription The action of adding content on those features should be logged in syslog and/or action log and IP recorded. |
tracker item |
Anti-bot captcha is ignored and bypassed for tracker items submitted by Anonymous | tracker item |
Antibot not working? | tracker item |
Blacklist domains and words
Discussion over at ((Spam Protection)) http://www.wikimatrix.org/wiki/feature:Blacklist |
tracker item |
CAPTCHA : The Antibot lib is weak because the bot detects the email address found in the form. | tracker item |
Captcha is not working anymore for anonymous post, registration, etc... | tracker item |
Clarify the way people should report Spam / rubbish issues on *.tiki.org | tracker item |
Comments: anonymous editors must input anti-bot code:
For wiki pages, we have this option. It would be nice to port to comments so we could open our blogs to anonymous comments without getting spammed. |
tracker item |
Community Currencies | wiki |
contact us mail address looks not converted
Hi, When I use contact us feature, mail address shows as webmaster(AT)kic(DOT)mine(DOT)nu Then click send mail, it shows AT DOT DOT <webmasterkicminenu> I use tikiwiki-1.9.7 on OpenSUSE-10.1, UTF-8 character code. Please advice or give me a hint. Thanks, Shigerusz3 |
tracker item |
email address -- Tiki-contact
In clean installs of both 1.9.7 and 1.10 I found that the email address entered in Tiki-Admin:General (Sender email)is reflected in Tiki-Contact the format user(AT)address(DOT)com. Example: the doc pages lead to the example at: http://security.tikiwiki.org/tiki-contact.php were the email address is also shown as: "click here to send us an email: security(AT)tikiwiki(DOT)org". All of my email clients parse this to an address of: AT DOT <securitytikiwikiorg>, which obviously does not work. I have viewed my pages on several different Linux and WinXP machines, all with the same results. If have not gotten far enough in my setup to see if this "problem" surfaces elsewhere. As I have not seen a bug report, nor other question on this issue I wonder if I am doing something wrong. Thank you for for this fantastic project! |
tracker item |
enhancing spam fight and protection: from multiple comments to banning multiple ips with minimum clicks
This improvement in Tiki would be very welcome. After spammers add noise to your site (in one day, 10 comments to different places in your tiki from 10 different ip's!), it would be nice if there was the chance that the tiki admin can ban all those 10 ip's with a minimum number of clicks (besides removing many spam comments at once, which can be done already). This is some possible way to add if (from the interface point of view): {img src=img122} Self explicative? User selects multiple checkboxes, and clicks on some button below which sends all that information (those ip's from those comments) to fill admin banning data (storing the data already for the 10 ip's at once). Alternatively, one by one, prefilling the interface one by one. {img src=img123} |
tracker item |
Fatal error when using CAPTCHA Questions for comments. | tracker item |
SPAM: Make it easier to delete a comment or edit and to ban that user
After deleting spam, we can ((doc:Ban)) users but this should be easier/faster. Ex.: after deleting a comment or rollbacking a wiki revision, have a link to ban the user. Or maybe a "ban user" link from tiki-adminusers.php |
tracker item |
Spam removal: tiki-view_forum.php?forumId=XX needs a select all to delete many threads at once
Comments are good in this respect |
tracker item |
Provide spammer test for new accounts
Using services like http://www.stopforumspam.com can help to identify and handle spam-related mail addresses trying to create an account. stopforumspam provides an API to test a mail address against a "known spammer"-list. This could be used to warn an admin before confirming an account. |
tracker item |
Security
Features Classification |
tracker item |
LTS: recaptcha 2.0 fatal error: Fatal error: Call to undefined function curl_init() on line 49 | tracker item |
Migrate @tiki.org off legacy server | tracker item |
Wrong feedback to comment poster when Comments Moderation is on and post is not shown | tracker item |
natokpe | tracker item |
Need way to define class for ANTIBOT code
When Tiki adds the antibot code to a form or table, there is no specific class assigned to the TD or TR. Sometime this results in odd UI (because sometimes the table is NORMAL, sometimes FORM, someimtes FORMCOLOR, etc.) |
tracker item |
new zend recaptcha not displying in trunk when user tracker enabled
We were trying to have the new antibot captcha working in a Tiki site based on Tiki trunk (during TikiFestBarcelona2 - mid July 2010), were a user tracker was set to collect more information from users at registration time. when we enabled zend new antibot-captcha , no antibot code was shown at registration time, because there seems to be some conflict with the user tracker. Once the user tracker was disabled, the antibot-captcha was shown properly, etc. ---- Update: disaled the new zend antibot catpcha, in order to use the former simple captchaimage, but that one is not working either, if user tracker is on. |
tracker item |
No longer any way to have CAPTCHA for some items, but not others
In earlier Tiki versions, the CAPTCHA for the registration was separate from other anti-bot protection. It was possible to have CAPTCHA protection for some areas (such as comments and trackers) but not other areas (such as registration). I have several sites that use "Require Admin Approval" and/or passcode options for Registration, so the CAPTCHA is not needed. In Tiki 6, CAPTCHA was made global -- there is no longer any way to have CAPTCHA support for some items, such as comments, but not other items (such as registration). |
tracker item |
No spam protection for shoutbox users
The user's email address is clearly visible in the html source. Interestingly, user gern22000 is affected, admin is not: http://www.vic-fontaine.com/forum/ Test user and password (if required): smarty |
tracker item |
nofollow on hyperlinks
Please see: http://www.wikimatrix.org/wiki/feature:nofollow http://googleblog.blogspot.com/2005/01/preventing-comment-spam.html |
tracker item |
OpenID registration does not work with CAPTCHA
When using OpenID + Registration CAPTCHA... With Tiki 2.2... I attempted to register using my OpenID: #On the Login page, I entered my OpenID. #My OpenID was validated and Tiki shows the page where I can either associate my OpenID with an existing Tiki account, or register as a new user. #I completed the registration form (including the correct CAPTCHA), but Tiki keeps saying that the Anti-bot code was incorrect. Additionally, the registration form presented with the OpenID __does not__: *Display the password minimum requirements (such as number of characters). *Allow for the selection of groups. __Duplicate of {wish id=1505}__ |
tracker item |
Recaptcha V2 should be displayed in the same language than the Tiki selected language | tracker item |
Registration on tiki.org is a too hard and may kill the site | tracker item |
Security, Captcha questions; It should be possible to translate the captcha questions if multilingual is enable | tracker item |
Security, Tracker plugin; Errors with the tracker plugin when Tiki uses Google Recaptcha3 | tracker item |
Select2 search and result "No items to show" hide captcha making the use of the Tiki captcha very hard | tracker item |
Spam filtering: Bad Behavior or Mollom or Akismet, Defensio or TypePad AntiSpam
Here are some options http://framework.zend.com/manual/en/zend.service.akismet.html http://bad-behavior.ioerror.us/ http://antispam.typepad.com/ http://www.defensio.com/ http://mollom.com/ See: ((Spam Protection)) |
tracker item |
Spam protection: email is obfuscated in javascript, generate image when no javascript is available
In Tiki 1.10, there is a feature to protect all emails against spam harvesters. Great. 1- Check that this protection is indeed powerful (so spammers can't get around it) 2- Have an option to show an image of the email when javascript is not available. 3- Extend this protection to [tiki-view_tracker_item.php?itemId=1147|the e-mail address in tiki-contact.php] |
tracker item |
Tiki Captcha, UI; The captcha fields width and buttons colouring don't match form element design | tracker item |
tiki-register.php should not ask for anti-bot number if GD is not working
There should be a note, only visible to tiki_p_admin that the anti-bot code is not currently here because the GD lib is not there. |
tracker item |
Trackback spam: better protection and easier to cleanup
I noticed today a bunch of trackback spam in my Tiki-powered blog. According to Wikipedia, "Many blogs have stopped using trackbacks because dealing with spam became too burdensome." http://en.wikipedia.org/wiki/Trackback If you get trackback spam in Tiki, here is how to clean: Using phpmyadmin, go to the table: tiki_blog_posts And find the colums "trackbacks_to" and "trackbacks_from". They should contain: a:0:{} instead of the spam. Now, a more permanent solution to avoiding Trackback spam would be nice. Checking how other blogging software does it should provide some tips. Some ideas: 0- A way to turn it off (this exists in more recent version of Tiki 1.9.x, see "Trackbacks Pings" in the admin panel) 1- Easier mass deletion 2- Email notification to blog owner 3- Using an online service to check for spam. |
tracker item |
use of punctuation removes antispam protection
When typing an email address in a wiki page, Tiki can automatically protect the address. For example: foo@bar.com But, if you enclose the email address with punctuation, the anti-spam protection is lost. For example: (foo@bar.com) |
tracker item |
Viewing user info | tracker item |
When viewing the bottom of a page the re-captcha shouldn't overlap with footer content | tracker item |
xavi
Contributors |
tracker item |
You cannot have 2 forms using wikiplugin with captcha for anonymous on the same page | tracker item |
http://www.wiki-translation.com/tiki-view_forum_thread.php?forumId=2&comments_parentId=39
{img src=images/code.png}%%% {CODE()}
I'm trying to log in with my OpenID. I don't have a wiki-translation.com account yet.
After validating my OpenID, I'm taken to a Tiki page that prompts me to create a new account on wiki-translation.com to associate with my OpenID. I enter a username and password, but then get the following error:
Wrong registration code
{CODE}
__Duplicate of {wish id=2204}__