1 christophe Oct 08, 2007 08:47
3 wayfinder Oct 08, 2007 16:50
It would be good if we could manually whitelist stuff that would normally be caught by the antispam terms. I recently ran into the same problem with a blogspot URL.
4 afwas Oct 08, 2007 17:36
All anti spam measures are delibirate chosen. A whitelist is concidered, but never made it in B2evo. It is even more difficult to maitain than a blacklist.
If you have an URL that is refused and you want to know why, try this: in ../blogs/conf/_advanced.php enable $debug. Now enter your URL as you would and it gives a more detailed error that includes the part you want to allow from your blacklist.
Blogspot is a known cause of a lot of spam. You will have to decide for your self if you want to allow blogspot or not.
Good luck
5 christophe Oct 08, 2007 17:53
It is very painful to remove anything from blacklist. I think I am obliged to remove all url containing blogspot. One by one, I have to open the list and remove url (which does not correpond exactly to the one in my blog). It takes a lot of time.
Thanks for your previous fast answer.
6 christophe Oct 08, 2007 18:03
After removing all URL blogspots. It works. Thanks. (1 hour)
7 jibberjab Oct 08, 2007 18:23
That's strange... when I filter my blacklist with the term "blogspot" (not in quotes) I get only one response:
.blogspot.com
That should be the only one you have to remove...
jj.
8 christophe Oct 08, 2007 18:31
I updated the blacklist. I did not find the blogspot.com but many others. So I don't understand.
9 afwas Oct 08, 2007 18:36
I have the same single .blogspot.com entry as reported by jibberjab, but it might be there was a central spamlist with (many) bloglist entries before they decided to remove them and add the root. The spamlist changes from time to time and URLs that don't generate spam anymore can be removed.
10 wayfinder Oct 08, 2007 19:47
Afwas wrote:
All anti spam measures are delibirate chosen. A whitelist is concidered, but never made it in B2evo. It is even more difficult to maitain than a blacklist.
A non-central whitelist would be really easy to maintain actually. A global whitelist, updated from a central server, would be a lot of hassle for sure, but if we could just do a local whitelisting of an immediate single url, that would be great. Like if you tried to make a post containing a blacklisted item, it could pop up an error message, "facesinplaces.blogspot.com - whitelist this host locally?" and then you could post the url you want to post.
edit: The workaround being, of course, some kind of url forwarder like tinyurl.com.
11 afwas Oct 08, 2007 23:45
Actually, I like your idea. But have a look at this scenario: You have a few bloggers and one is malicious. He whitelists an URL and his friends send bots to your blog.
The idea I once posted in the 'feature request' topic was a searchbox where you can enter the URL and it would tell what part of it is blocked. Think 2007: you enter an URL in your post, some ajax pops up, tells you why the URL is blacklisted and asks you to allow the URL (not through a whitelist, but by removing from blacklist.)
Hope this topic gives the programmers some inspiration.
Good luck
12 stk Oct 09, 2007 05:31
Christophe & Wayfinder,
I feel your "invalid URL" pain. This has always been a pet peeve of mine with b2evolution.
(CAVEAT: We run a single-author blog. The pet peeve would be considered "a blessing" for a multi-author blog site.) ;)
While I appreciate having a black-list that keeps spammy visitors off my blog (and legit visitors from adding spammy links in comments), I've always felt it was MY blog and doggone it, if I want to add (what somebody else feels) is a spammy URL ... I should be able to do so without question.
(Sort of feel the same way about the HTML-checker in general. I've trained myself to write pretty clean, valid XHTML mark-up, so I don't like the checker telling me that something isn't well formed, or allowed ... when I know bloody well that it is!!) ... like style="color:red;" as an attribute example.
Anyway ... rather than maintaining white|black|grey|purple or any other kind of list (which are a pain to maintain, distribute, update, etc) ... there are a few other options you may wish to consider, rather than hunting and pecking through a well-intentioned black list.
(1) Turn off the HTML-checker when you make a post (conf/_formatting.php). Requires changing a 1 to a 0, uploading a file and remembering to turn it back "on" again. Think the variable is "use_html_checker" or something like that. (It's important to turn it back on, but there were many times where I forgot and it sat "off" for days) 8|
(2) Use/write plugin that adds a check-box that turns off the HTML-checker when you make a post and have it show in the back office (this is the method we use ... and have it set to OFF for EVERY POST) ... cause I got so bloody annoyed at code that "thought it was smart", but just got in the way.
(3) Some time ago, I wrote a hack that actually provided a more meaningful response than just "invalid URL" (sorry, yer hosed ... try again, but we won't tell you WHICH URL is invalid, or WHY") It showed the blacklist match ... and a few other things. Not sure where that post is, or if the hack still works in a 1.10 (or 2.0) world. Not quite as nice as letting your stuff slide through, but does provide enough information to deal with the problem without hunting and pecking.
EDIT: [url=http://forums.b2evolution.net/viewtopic.php?p=25077#25077]found it![/url]
Anyway ... we're lucky and haven't fiddled with black-lists (or the HTML-checker) in some time. Don't even have a black-list and (horrors - we allow links in our comments) but that's another story. ;)
Hope this helps.
13 harishankar Oct 09, 2007 06:24
I entirely agree that a central blacklist is a bad idea. We should have the option to turn it off completely and avoid making such connections to a server every time.
14 yabba Oct 09, 2007 11:36
You don't have to use the central blacklist, it's a choice thing. Just empty your antispam table and don't request any more updates from the central blacklist ;)
¥
15 harishankar Oct 09, 2007 12:13
But where are the urls which are banned? I see only "keyword" banning in the anti-spam control list.
16 yabba Oct 09, 2007 12:18
the urls are keywords ;)
¥
blogspot is in the antispam list because a lot of spam originates from blogspot sites. You can manually remove domains/sites from your local blacklist to be able to post links to those sites again.
jj.