about
search
post article
Documentation
Mailing Lists
Bug Tracking
Development
Installation
Upgrading
Download
admin
rdf
main
|
 Spam at my squishdot siite
|
 Posted by on Wednesday December 13, 07:11PM, 2006
from the dept.
Question about minimizing spam attacks to squishdot.
Greetings,
I've been running a squishdot site for 6 or 7 years now. The site is designed to help people with FreeBSD. http://lantech.geekvenue.net/chucktips if you're interrested. Squishdot is a fantastic product! Many thanks to all who created it.
Anyhow, I get so many spam posts these days that it's difficult to keep up with the modration. The other day I renamed my addPostForm to Add_PostForm and I changed my links from post article to "add article" and I also changed Reply to "Add a Reply.
Well, to make a long story short I slightly, very slightly, cut back on the number of spam posts. However it didn't stop it and within less than 24 hours I was deleting 10 or more spams posts.
If you have any ideas of how to minimize the posts by fooling whatevcer bot xomes by I would greatly appreciate it!
Thank you in advance.
Jason Neumann,
Chucktips Newbie Friendly
< Here Is A DTML Method For Squishdot Which Produces An Atom 1.0 Feed | email notification >
|
|
Related Links
|
|
|
|
The Fine Print: The following comments are owned by whoever posted them.
( Reply )
|
A couple of recipes...
by on Friday December 15, 01:09PM, 2006
|
I know the feeling :-(
Right, what I do is have a Script (Python) called checkSpam that's wired into my validatePosting script.
This checks for common spam phrases and rejects the posting if it finds them.
That said, I'd be really interested if someone managed to sensibly integrate Akismet:
http://akismet.com/
http://www.voidspace.org.uk/python/modules.shtml#akismet |
[ Reply to this ]
|
Captcha
by on Friday December 15, 05:41PM, 2006
|
Thanks Chris,
Since I first posted this my wife, who unlike myself is clever with java and what not, came up with the idea of using an "image validation" script in the posting page. Hopefully sometime after January she'll have the time to work on it. Here's a link to one that I found in PHP but there are others out there.
http://www.finalwebsites.com/snippets.php?id=39
|
[ Reply to this ]
|
-
Squishdot Captcha would be nice :-)
by on Sunday December 17, 09:10PM, 2006
|
Yeah, Captchas have been around as a solution for a long time.
I don't like them myself as it puts a burden on the end users of the site.
Sadly, in this day and age of spam saturation, there's not a lot else we can do :-(
If anyone comes up with a nice recipe for adding a Captcha to a Squishdot site, I'd be very interested!
|
[ Reply to this ]
|
|
Scoring with SpamAssassin
by on Wednesday January 10, 07:47PM, 2007
|
Hi Jason,
I saw your post today, and am facing the same problem. I tried to make a totally free solution, and I want to share it here. I wrote an external python script, called "spamassassinator.py", that runs spamc on a pseudo-email constructed from the author, title (subject), and body of a posting. I take the score, place a maximum bound on it using validatePosting, and then reject the posting outright if it passes spam criteria. I've attached the script. To use it, create an External Method in the Squishdot instance. Modify validatePosting as follows:
# check to see if this is SPAM!
score = container.spamassassinator(Processed['author'],Processed['title'],Processed['body'])
if score>0.2:
return Processed,'Your message is rejected due to consistence with spam.'
return Processed,None
I run linux, using Zope 2.8.3 (packaged with Fedora linux) and spamassassin 3.0.6.
Cheers,
Steve  spamassassinator.py
0KB (925 bytes)
|
[ Reply to this ]
|
-
Re: Scoring with SpamAssassin
by on Wednesday March 28, 04:41PM, 2007
|
I'm just now getting back to this thread. Your script looks handy, how is it working for you so far?
My only defense against all this nonsense is to use a packet analyser (a sniffer) and write cisco ACL's to block the traffic from those sites. I think I've cut it down by a third so far. I started by blocking Asia all together- a ton comes from there... after that I started looking at groups of IP addresses. It's a bit of a pain but I needed to do something as I was getting hundreds a day!
Cheers,
Jason
|
[ Reply to this ]
|
|
Re: Spam at my squishdot site
by on Wednesday April 04, 07:33PM, 2007
|
Okay, I took Steve's idea and ran with it. I'm using a very old squishot- squishdot-0-7. So... my fix may differ on your more modern squishdot sites but the principle is the same.
I asked my wife, who can actually write code unlike myself, to see if she could create a keyword search in the squishdot validate code to look for common spam words. Buda-bing-bada-boom she had it done in under 24 hours!
This small bit of code is placed just below the comment information at the beginning of the validateArticle and validateComment section of squishdot. By adding search words to the string (see my uploaded text file) I was able to instantly stop hundreds, literally HUNDREDS of spam posts a day! The keywords should be entered in capital letters because the code converts all the info to capital before checking against the keywords. That way you don't have to worry about the wierd capitalization that spammers use.
I think the nice thing about this solution is that it can be plugged directly into squishdot without installing any new software like SpamAssassin- it stands alone.
My wife is now working on a more elegant solution- using a new squishdot property SPAMWORDS where you can simply add keywords in one location that will be read by validateArticle and validateComment.
Hope you find this useful. I know I have!
-Jason
new validate dtml code.txt
0KB (652 bytes)
|
[ Reply to this ]
|
-
Re: Spam at my squishdot site
by on Monday April 09, 02:36PM, 2007
|
See my recipe above in this thread ;-)
|
[ Reply to this ]
|
|
The Fine Print: The following comments are owned by whoever posted them.
( Reply )
|
|
