Posted on: 06/02/04 10:32am
By: tomw
All right they have made me mad. I am creating a plugin to handle comment spam. It will be modular so that you can drop in new features as the comment spammers change. Here are my general specs:
There will be three distinct type of modules.
One type of module will handle detection of spam comments and a second type of module will determine what action(s) are taken after the spam comment is detected. The third type of module will be comment admin help like mass delete of comments based on criteria or review of saved comments. You will be able to pick which modules you use.
The first detection module I will write will use the MT-Blacklist to detect spam comments. The second detection module will use IP banning.
There are several different action modules possible. First will be a module to just reject the comment. This will be followed by modules to notify the admin of the comment, automatically ban the IP of the commenter, save the comment for review, sanitize the comment, etc.
The plugin will be object oriented and the modules will simply be class files dropped in the approiate place. I anticipate no additional tables so install will be easy.
Expect the initial version sometime latter today or tonight.
TomW
Comment Spam Plugin
Posted on: 06/02/04 08:10pm
By: keystone430
Thanks tomw! You and Dirk provide about the best support I have ever seen. It is very much appreciated!
Comment Spam Plugin
Posted on: 06/03/04 11:21am
By: tomw
Ok I have the basics of the comment spam plugin working with the MT-Blacklist module. I need a couple of testers who are knowledgeable about Geeklog. There are no install instructions and the admin interface is not working, but comment spam is squashed according to my tests. Drop me an email if you want to test it.
TomW
Comment Spam Plugin
Posted on: 06/03/04 07:18pm
By: keystone430
Tomw I would love to help if I can. You have all helped me get through this mess and I would like to return that.
I am far from an expert but I can try what ever you want. I have 14 Geeklog sites on all different versions. I have 1.3.7, 1.3.8sr4 and 1.3.9sr1.
I may need a little more direction but I am a fast learner.
Comment Spam Plugin
Posted on: 06/04/04 10:18am
By: tomw
Thanks Keystone, if no one else is interested I will not bother to polish it up and release it.
TomW
Comment Spam Plugin
Posted on: 06/04/04 10:35am
By: Anonymous (Rob)
I'm interested in helping, but which versions of geeklog will it support, I believe I'm running the latest version of 1.38 and I know I'm running a few 1.39 as well.
-Rob
Comment Spam Plugin
Posted on: 06/04/04 11:16am
By: tomw
No restrictions, it is not using anything that is version specific.
TomW
Comment Spam Plugin
Posted on: 06/04/04 11:30am
By: keystone430
Version 1.3.9rc1 I get the following message when trying to view logs:
The requested URL /admin/plugins/ban//logview.php was not found on this server.
It gives me a 404 page with that error message.
Comment Spam Plugin
Posted on: 06/04/04 11:40am
By: keystone430
Can I say how much I like this already?
I posted spam links while logged in and got returned to the front page with no comment posted. Log shows the following:
Fri Jun 4 10:35:55 2004 - Found Spam Comment matching (levitra|lolita|phentermine|viagra|vig-?rx|zyban|valtex|xenical|adipex|meridiab)[w-_.]*.[a-z]{2,}
Fri Jun 4 10:35:55 2004 - Deleted Spam Comment
This is version 1.3.9rc1 with anon comments still turned off.
Comment Spam Plugin
Posted on: 06/04/04 12:30pm
By: keystone430
Version 1.3.7 has a couple problems.
Had to create the file: spamx.log in the the logs folder.
Installs correctly but when trying to post comments I get the following error:
Warning: Missing argument 8 for savecomment1() in /home/httpd/vhosts/keystonesoldiers.com/httpdocs/comment.php on line 221
Warning: Missing argument 9 for savecomment1() in /home/httpd/vhosts/keystonesoldiers.com/httpdocs/comment.php on line 221
This is for comment.php,v 1.38.4.4 2004/01/23 that has the anonymous comments fix.
I also get the same errors as the other version when trying to access the logs in spamx. Where do I get rid of that extra slash in the URL? I mean what file will I find it in?
edited to add: No comments will post at all on this version. Logged in or logged out it is the same.
keystone
Comment Spam Plugin
Posted on: 06/04/04 12:37pm
By: tomw
I see now that from version 1.3.8 on there is one less parameter for the savecomment() call. Guess I will have to take that into account.
TomW
Comment Spam Plugin
Posted on: 06/04/04 02:16pm
By: keystone430
Both versions are working fine. I have anonymous comments turned back on for the site that had been hit the hardest last week.
Comment Spam Plugin Final Call
Posted on: 06/05/04 01:18pm
By: tomw
This is the final call for testers. Keystone and Blaine have volunteered to help. If I don't get at least one more tester, I will charge for the plugin when it is finished!
Come on people if you take from the community, you should be willing to give back. I am not asking for coders just people to install and test and provide feedback.
Update: last night the spam filter caught about 100 attempts to post spam comments on my sites. It was interesting to see the progression. The first site hit had about 80 attempts before the spammer gave up, the following two sites had only one attempt for each different comment. It appears that there was a person running the attempt because a script would have just kept trying on all the sites. 3 of the 4 attempts were rejected because of urls I noticed yesterday, the other had a levitra website name and was caught by the normal mt-blacklist. The attacker had 4 ips he/she was rotating through.
TomW
Comment Spam Plugin
Posted on: 06/06/04 02:51pm
By: Blaine
Tom, this looks great. It's installed on
my site[*1] now and have done some intial testing and it looks good. I like that I can easily just expand the filtered list.
The built in log viewer is great and would make a nice core feature in Geeklog. As a plugin developer, you know how often we tend to use the error.log file for debugging comments - and also forget to remove these calls too ofen
Thanks again - great and timely contribution.
Comment Spam Plugin
Posted on: 06/06/04 03:25pm
By: jmichael
TomW, if you still haven't found another tester, I'd be happy to take a shot. jmi at dominopower dot de
Comment Spam Plugin
Posted on: 06/06/04 03:38pm
By: keystone430
I like this plugin a lot. My sites have been hit hard with this spam but this seems to be keeping it pretty clean. I have the anonymous comments turned back on and no spam in over 24 hours. The only attempt was 2 posts for some pill seller and it booted them right out.
I agree with Blaine about the log viewer included too. That is a great feature.
Comment Spam Plugin
Posted on: 06/06/04 03:52pm
By: Blaine
15 minutes after posting here - I had about 20 spam post attempts in 2 min from various IP's . All were detected and deleted
Comment Spam Plugin
Posted on: 06/06/04 04:12pm
By: comicbookguy
I would be willing to test the plugin on my sites. I have been getting hit with spam comments for a couple of weeks now. I only get a couple comments a day so it hasn't been a big problem but I would like to put an end to it.
That's interesting
Posted on: 06/06/04 04:15pm
By: keystone430
I got hit right after I posted here too. The site was one that was not on the list so I had 45 to delete.
Blaine.....have you modified the blacklist yet? I have had to add several to the list. I will send you the updated one if you like.
Comment Spam Plugin
Posted on: 06/06/04 04:20pm
By: Blaine
I just added the work 'sex' to the list and that appeared to be what caught this last barage.
Comment Spam Plugin
Posted on: 06/07/04 10:05am
By: tomw
Hey ComicBookGuy I emailed you, but have not had a reply. If you want to test just email me.
TomW
Comment Spam Plugin
Posted on: 06/07/04 11:28am
By: comicbookguy
I just sent you a reply. I will be happy to try it out tonight when I get home from work.
Comment Spam Plugin
Posted on: 06/07/04 11:37pm
By: comicbookguy
I have the plugin installed and it is working like a charm.
I did have to create the spamx.log file but otherwise it seems to work ok now. The only thing I was uncertain of (which I mentioned in my email) was the change to the comment.php file.
You know the quick response to problems like this is why I love Geeklog so much. Good luck trying to get this quick a response from most software vendors, even if you are a paying customer. Geeklog is free and the support and help from the developers and the geeklog community is awesome.
That's just my two cents.
Comment Spam Plugin
Posted on: 06/07/04 11:51pm
By: ScurvyDawg
Your so right about the quick responses ComicBookGuy.
I guess that is why most of the developers have a donate button for their paypal accounts. I know many users give a donation just to say Thank you when they can.
It is a good way to support further development. I think it is not the top item on the list as to why people take these projects on, but it helps.
If you have programming skills or graphic skills, heck any skills. Then we need those as a community too, read the forums, answer peoples questions when you can. Send them links to documentation that exists already if possible.
Do what you can, enjoy an amazing package and support the community in whatever ways you can and it will offer you a richer and more mature package.
Comment Spam Plugin
Posted on: 06/08/04 11:27am
By: comicbookguy
I checked the logs this morning and Spamx caught two attempts to post spam from two different IP addresses.
So far so good.
Comment Spam Plugin
Posted on: 06/08/04 12:21pm
By: keystone430
Mine too. It caught both attempts. The spambot must have some kind of limiter on it or it is a human who is posting.
Comment Spam Plugin
Posted on: 06/08/04 02:01pm
By: Barry Vrielink
Hi tomw,
If you need another beta tester let me know. Got hit by a spam attack today as well (first time). The only way they could find out about my site is by searching for the "Powered By GeekLog" slogan with Google. Maybe we should 'hide' this fact from Google someway.
Barry
Comment Spam Plugin
Posted on: 06/08/04 02:54pm
By: tomw
Sent you an email. Shouldn't be more than a couple days until the first version is ready.
TomW
Comment Spam Plugin
Posted on: 06/08/04 03:59pm
By: ByteEnable
Hi,
I sent you an email the other day requesting the plugin to help with testing. Did you get it? I used the email button in forum.
Thanks,
Byte
Comment Spam Plugin
Posted on: 06/08/04 05:20pm
By: tomw
Nope didn't get it use
tomw AT pigstye DOT net
TomW
Comment Spam Plugin
Posted on: 06/08/04 05:21pm
By: Robin
Hi
I'd like to test it also so please send me a copy.
I was wondering whether it's only English language sites that are vulnerable? I haven't noticed any attacks on my site but ... better safe than sorry
Comment Spam Plugin
Posted on: 06/09/04 02:36pm
By: Barry Vrielink
Hi Tomw,
I replied to your email but your email program is configured wrong (pgistye instead of pigstye). I then tried to contact you from this site. Dunno if you got my mail though. Anyway, still waiting for a beta .
Barry
Comment Spam Plugin
Posted on: 06/09/04 03:08pm
By: tomw
Hi Barry,
Sorry We have had problems connecting. After you note I checked and noticed that my email address here was the problem. It had pgistye DOT net. I have still not received an email to know where to send it. When I get one I will send it on.
TomW
Comment Spam Plugin
Posted on: 08/16/04 08:14am
By: Elegantly
I am currently
writing/trying to write a CAPTCHA plugin for Geeklog[*2] . The plugin forces anonymous users to identify a secret code (e.g., "294821") embedded in an image, so to stop bots spamming comments on a Geeklog site (
sample image[*3] ). The only additional system requirement for this feature is GD support for the PHP installation.
I already have the code together to randomly generate such an challenge/response image, and the code to verify the user's answer, but do not currently know how I could glue this into Geeklog.
Then I found this thread. If you want to, I can help (with limited programming skills ) to integrate such a feature into your existing plugin - if you want to, of course. I see no reason to have another plugin if its only one anti-spam feature which could possibly be integrated into your well-working existing one. I don't care about credits or such things, I only want powerful anti-spam functionalities for my website!