Recent Topics

1 Feb 19, 2007 08:30    

Who can write a plugin that can detect if a "referer" ends in "/NN.html" or "/NN.htm" where NN is a pair of digits, and immediately deems the source a spammer (and therefore doesn't waste any more server resources on it)? If you do that everyone will love you - until they employ a different tactic.

I emptied my antispam table and dumped all my whatever they ares in my .htaccess file, so now I get to see what spam looks like again. So far it's either blatantly obvious (1400 hits overnight) or it comes in the form of "subdomain.domain.tld/NN.html". Therefore detecting the NN.html part immediately and closing the door makes sense.

If I could I would, but I can't. So someone else should.

Please!

2 May 22, 2007 01:44

Why not just add a RewriteRule to your .htaccess? It's going to be quicker than running the PHP to determine if it's a spammer or not!

3 May 22, 2007 16:49

Well, um... , because I figure for the purposes of these forums it should be something people who use b2evolution should be able to do easily. Tweaking .htaccess is a bit outside this app ya know?

What would the .htaccess look like for that? Personally I'm afraid to tinker with that file much. A bit here and there, but NEVER have I added something I thought up by myself. Usually stuff I find and can confirm via google.

Hey!

A plugin that makes a nice interface for a user's .htaccess file would be da bomb!!! Because yeah .htaccess is the powerhouse of lightning fast spam killing. So like the templates tag, if it's still there, is a way to edit an existing file. Building a little page to write stuff based on user input isn't all that difficult, so would adding the two together be hard? For someone who knows how to use .htaccess I mean.

BTW this issue came and went. Another in a short-lived type of spam issue that would benefit from a clean answer, but doesn't need the answer for very long. I hate those. Antispam Central is FULL of stuff like that.

kwa I'll bet you got what it takes to make a plugin that can do cool tricks with .htaccess. Does it interest you?

4 May 22, 2007 17:06

Here is an example of a .htaccess file that should work in the case you described first (I have not tested it, however):

# .htaccess (not tested)
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /

# Block some referrer spammers
RewriteCond %{HTTP_REFERER} /\d\d\.html? [NC]
RewriteRule . [F,L]
</IfModule>

Doing it as a plugin would help some people to make it easier to filter spam. And in the case .htaccess is not supported (especially when using some other web servers than [url=http://www.apache.org]Apache[/url]) that plugin might filter referrer spammers from the PHP.

Another interesting feature would be to have a centralized regular expressions-based blacklist. (I know, you don't like to let others to choose your visitors for you. ;))

I'm going to think about it. I use [url=http://akismet.com/]Akismet[/url] on my [url=http://wordpress.org]WordPress[/url] blogs and I like the idea to centralize the antispam service. However, [url=http://akismet.com/]Akismet[/url] has huge amounts of false positives on most of my French-spoken blogs. Maybe would it be interesting to set up a competing antispam service to make competition improving the centralized antispam services? ;)

I'm going to think about it! ;)

EDIT:
    [*]2007/05/22, 18:11: fixed the above .htaccess (the previous one blocked access to local files with filenames made of two digits)[/color][/list:u][/i]

5 May 22, 2007 17:13

Hmmm... does "\d\d" mean "number number"?

Hey a central system of whatever can work fine as long as the owner of the blog has the ability to say "stop doing this thing you do". An example is the antispam list. I published blogspot, but on one of my installations I have to make sure blogspot is allowed in again. Many people do, but we gave up trying to keep up with the spam from that source.

IP blacklists typically have no way of saying "don't blacklist this IP for my particular blog". To me that's a problem.

So a central supply of tricks for htaccess kinda sounds like a good idea, but I would want to be able to pick the ones I liked. Does that make sense?

If my brain wasn't twice as old as me I'd be into learning new things :(

6 May 22, 2007 17:20

EdB wrote:

Hmmm... does "\d\d" mean "number number"?

Yes, it does. (In fact, "\d" stands for "digit".) "\d" is a synonym of "[0-9]" or "[0123456789]" or "one character long digit" (however that last sentence is not a regular expression ;)).

EdB wrote:

Hey a central system of whatever can work fine as long as the owner of the blog has the ability to say "stop doing this thing you do". An example is the antispam list. I published blogspot, but on one of my installations I have to make sure blogspot is allowed in again. Many people do, but we gave up trying to keep up with the spam from that source.

IP blacklists typically have no way of saying "don't blacklist this IP for my particular blog". To me that's a problem.

So a central supply of tricks for htaccess kinda sounds like a good idea, but I would want to be able to pick the ones I liked. Does that make sense?(

Such a plugin should make possible to block spammers based on:

  • IP address;

  • refering URL;

  • [*]accessed blog.[/list:u]It also should let the user to modify its suggestions.

7 May 22, 2007 17:32

To my way of thinking your last line sums it up nicely. I think that would be a nice plugin - but as you say it would only be nice for those who can use it.

8 May 22, 2007 18:10

I've just updated the above .htaccess
kwa wrote:

EDIT:

    [*]2007/05/22, 18:11: fixed the above .htaccess (the previous one blocked access to local files with filenames made of two digits)[/color][/list:u][/i][/quote]The plugin should be tested before release! :lol:

9 May 23, 2007 04:05

EdB wrote:

To my way of thinking your last line sums it up nicely. I think that would be a nice plugin - but as you say it would only be nice for those who can use it.

Hmm... Im not sure, but I think there are no hosts that can run a mediocre visited b2e site that do not allow .htaccess use. Most hosts that do not allow it are usually the free hosts and will kick out mediocre visited b2e sites, and other blog apps.

I'm seeing more and more hosts (paid at that) offering a blog package, because blogs require a more specific server setup, and they always include .htaccess.

10 May 24, 2007 02:42

Laibcoms wrote:

Hmm... Im not sure, but I think there are no hosts that can run a mediocre visited b2e site that do not allow .htaccess use. Most hosts that do not allow it are usually the free hosts and will kick out mediocre visited b2e sites, and other blog apps.

I'm seeing more and more hosts (paid at that) offering a blog package, because blogs require a more specific server setup, and they always include .htaccess.

Some people can have IIS-based hosting that does not support .htaccess usage. Even if some other web servers support .htaccess files usage, it is still Apache-specific.

It doesn't seem bad to add both .htaccess and similar PHP-based solution, especially when every host does not allow by default to write or over-write files in the web hosting directory.

In addition to .htaccess, I also believe adding any kind of Iptables support (that would be Linux-specific only and usable by server administrators only, since I don't have access to any Windows-based server) to block some known spamming IPs at the firewall level, since this is the most cost-effective way to block known spammers.


Form is loading...