A New Attack On An Open Wiki

Wow, this was new to me.  I woke up this morning to a different kind of spam on one of my sites.

I'm used to moderating blogs and wikis that I leave open to the public so that students and parents can easily modify them.  I am also used to getting the notifications that say someone edited a page and I can scan and see if it's appropriate.

However, this morning, an edit was made that I couldn't find. I had to get all the way down to the source code to find that a link was added inside the html code. Looking at the page, you would never see the link to a 'toy' website. I'm sure just being on the page provides some beneficial monetary payoff for the spammer, but without auto-notification, I never would have known it was there.

So, let's review lessons learned about using an open wiki:
1) Yes, anybody can edit them.
2) We now know the edits can be made at the code level and not seen when browsing the page.
3) Teachers often turn of Notifications because of the constant email hassle. Without notifications, I would have missed this.
4) Remember that when posting warnings about web scams or spams, don't use the actual language used in the attack because then your webpage will be forever linked to that site.  ie: typing the name of the link or the specific kind of toys will get me listed in places I don't want to be listed. Screenshots, blanking l*tters out, and inferring about a site ('that site sounding like schmoogle') are nice strategies.
5) This wiki is over a year old. Your web presence lives on. You still have to monitor every site you create, even if no longer using it.
6) Lastly, when working with students, 'Open' is rarely best. Most blog and wiki engines out there have some form of moderation tools ready to be used. If nothing else, create a single login and password for all of your students to use. Nothing is fool proof (I guess except for paper/pencil), but moderation is very much worth the hassle when thinking in terms of working online with students.

Okay, off to ISTE10 pre-con with the Discovery Educator Network!!  Yee Haw!
0 Responses

Post a Comment