The secure CMS.
Resources
Topics
- Home
- Development (317)
- Geeklog (209)
- Plugins (111)
- Themes (2)
- News (387)
- Announcements (248)
- Geeklog.net (31)
- Security (76)
- Spam (11)
- Summer of Code (26)
User Functions
Events
What's New
Stories
No new storiesComments last 2 weeks
No new commentsTrackbacks last 2 weeks
No new trackback commentsLinks last 2 weeks
No recent new linksNEW FILES last 14 days
No new filesWelcome to Geeklog Monday, May 20 2013 @ 02:24 AM EDT
Experimental SLV module for Spam-X
- Sunday, July 30 2006 @ 10:40 AM EDT
-
- Contributed by:
- Dirk
-
- Views:
- 11,800
SLV (Spam Link Verification) is a service run by Russ Jones at www.linksleeve.org. The idea is that interactive sites like Geeklog or forums send all user-contributed posts to SLV first which then checks if certain links show up in unusually high amounts. In which case it considers those to be spam and flags them accordingly.
The SLV module for Geeklog's Spam-X plugin makes use of that service. See the included README for installation instructions.
This module should be considered experimental for now. I've been using an earlier version on two sites for several months now, though, and it did help quite a bit. And it can only get better the more sites use it.
As you probably know, MT-Blacklist has been discontinued quite some time ago and since then Geeklog didn't have access to an up-to-date blacklist. The plan is to remove the MT-Blacklist module from the Geeklog distribution eventually and replace it with something else. And the SLV module is one of the candidates.
So please give this module a try and provide us with some feedback. Thanks.
Trackback
- Trackback URL for this entry:
- http://www.geeklog.net/trackback.php/slv-for-spam-x
Here's what others have to say about 'Experimental SLV module for Spam-X':
- Testing the SLV module for Spam-X from Plugin CMS
- Tracked on Wednesday, August 02 2006 @ 07:18 PM EDT
PluginCMS now uses the SLV Spam-X Module in order to fight spam. [read more]
- Geeklog - Fighting Trackback spam, round 2
- Tracked on Sunday, September 10 2006 @ 02:59 PM EDT
The following comments are owned by whomever posted them. This site is not responsible for what they say.
Suggestions are welcome :)
PS. I'm glad to see Geeklog's continued dedication to spam prevention and quick responses to any and all security issues. As always, keep up the excellent work.
---
-- destr0yr
"I love deadlines. I like the whooshing sound they make as they fly by." -- Douglas Adams
In any case, your hack looks great and its should be added into GL! I'll be adding that to my sites immediately.
---
-- destr0yr
"I love deadlines. I like the whooshing sound they make as they fly by." -- Douglas Adams
Geeklog doesn't run new user signups through Spam-X and I'm not sure if it should. I mean, all we have from the user at that point is the name and email address - that's not a lot of information to base any decision on.
A blacklist for certain email addresses may help somewhat, as may CAPTCHAs (of which I'm not a big fan). In the end, these accounts are created to spam and my - possibly naive - hope is that when the spammers see that that is not successful (because Spam-X is doing it's job with the spam) they may give up that approach. But then again we're bombarded with un-obfuscated "viagra" spam every day of which not a single one ever made it through ...
bye, Dirk
What is more bothering me tough is that spam users keep signing up, and the number keeps raising every day. I want to keep my website kind of clean, and there´s nbothing that stops it.
I have noticed tough that all spam users seem to have the same domain: @mistacronks.net, so maybe adding an option to block certain domains or e-mail adresses could be a good solution (or to allow only certain domains)... I have no clue how to do php however, but it should not be too hard...
--
Herre Vermeer
---
Herre Vermeer
Search the forums for "mistacronks" - lots of discussions (and suggested patches) about this.
bye, Dirk
One aspect of how Spam-X does its job is slightly counterproductive to the "social" aspect of SLV: As soon as one of the Spam-X examine modules flags a post as spam, Spam-X stops calling up the remaining modules. Which means that the SLV module may not always be called and therefore the system isn't informed about spammy URLs.
An updated version (available from the same URL as above) addresses this by adding a Spam-X action module. So now SLV is informed in any case - either during the examine phase or, in case another examine module caught the spam, during the action phase. SLV is only contacted once in any case, of course.
Feedback on how well this module performs is still welcome, btw.
bye, Dirk
If the SLV module logs in error.log only when it detects spam it self (and not when some other test blocks spam), it has stopped about 20% of the spam in the last week.
And to improve the module I would suggest writing the the spam-x log and not to the error log.
---
Geeklog Plugins: http://plugincms.com
The SLV site was down last weekend, which revealed that the SLV modules used an "infinite" timeout, so posting on a site that had the modules installed became extremely slow.
An updated version of the SLV modules (from the same URL as above) is now using a default timeout of 5 seconds, which can also be changed by setting
$_SPX_CONF['timeout']to any other value (in seconds) in the Spam-X plugin's config.php file.bye, Dirk