Preventing GuestPost Spam

Is Coranto not working properly for you? Here's where to ask for support help; for best results, follow these steps:
  • - Check your core/addon documentation for possible solutions
  • - Search these forums for similar problems that have already been solved
  • - If you're still stumped, check out THIS TOPIC, and post your question in this forum!!

Moderators: Spunkmeyer, Dale Ray, SrNupsen, Bluetooth, Jackanape

Preventing GuestPost Spam

Postby Pete » Sat Aug 13, 2005 3:04 am

I am using Coranto with Guestpost in many areas of my site ( http://www.petesqbsite.com ) to allow for unregistered users to submit content such as news items, program downloads and tutorials.

Lately, though, I've been getting spam posts for Texas Hold'Em Poker posted all over my site, which are (apparently) generated by a spam bot. Up until yesterday, they were just an occasional annoyance that I would delete... but yesteday, I had a rapid-fire spam attack of about ten posts within the same one or two seconds, and my Newsdat.txt file somehow got erased (it was 0 KB). I restored the latest backup, but I unfortunately lost many legitimate posts from the last week.

I suppose my strategy of "security through obscurity" was bound to fall through at some point.

I've got to come up with some method of preventing spam bot attacks, while still letting unregistered users post items through GuestPost. Do any of you have suggestions on how to achieve this? One of those image confirmation scripts seems like it would be just the ticket -- but does such a thing exist for Coranto? Any help you can provide would be greatly appreciated.
Pete
 
Posts: 22
Joined: Tue Jun 22, 2004 6:30 pm
Location: New York

Re: Preventing GuestPost Spam

Postby Parahead » Sun Aug 14, 2005 5:01 pm

Pete wrote:One of those image confirmation scripts seems like it would be just the ticket -- but does such a thing exist for Coranto? Any help you can provide would be greatly appreciated.
To my knowledge there exist no such thing for Coranto. Normally this wouldn't be required so this would be an extension the GuestPost addon I would say... It is an intriguing problem and I am a little interested in coding an addon that extends the GuestPost addon with this functionality, but I really shouldn't spend my time on this. However, I can give some pointers and start a little deeper discussion about the subject. ;-)

One thing to consider when starting to play with images is to make a decision if one would like to depend on an image manipulation package like NetPBM or ImageMagick or if the solution would need to work without such third party package? Also, I would suggest taking a look at the CAPTCHA site for inspiration... Actually, the phpBB forum has code for doing such visual validation during the member registration, at first glance that code looks like it is possible to translate to Perl?
Yes, I am still around...
www.parahead.com/coranto/
User avatar
Parahead
 
Posts: 4837
Joined: Fri Jan 12, 2007 8:54 pm
Location: Stockholm - Sweden

Postby Pete » Sun Aug 14, 2005 9:30 pm

I checked out the CAPTCHA site -- very interesting stuff! I will look further into creating an image confirmation script (though I don't know if I'll be able to do it...I don't have that much experience in either Perl or PHP).

For now, I was wondering if there was a simple way to just block certain words from being submitted? For example, have Coranto reject any post that includes the term "Poker" or "Hold'Em" or certain link URLs. I think that would be a good *temporary* fix until I can come up with something more reliable. What do you think?

Anyhow, I've set the news backup script to backup the database every 48 hours (so hopefully that will help cut down on the loss of legitimate posts if this happens again).
Pete
 
Posts: 22
Joined: Tue Jun 22, 2004 6:30 pm
Location: New York

Postby Parahead » Mon Aug 15, 2005 12:50 pm

Pete wrote:I checked out the CAPTCHA site -- very interesting stuff! I will look further into creating an image confirmation script (though I don't know if I'll be able to do it...I don't have that much experience in either Perl or PHP).
Having a project to work with is the best way to learn. I agree that image manipulation scripts may not be the simplest thing to start with though... ;-)

Pete wrote:For now, I was wondering if there was a simple way to just block certain words from being submitted? For example, have Coranto reject any post that includes the term "Poker" or "Hold'Em" or certain link URLs. I think that would be a good *temporary* fix until I can come up with something more reliable. What do you think?
Well, there isn't any such thing included as default in Coranto, but it would be possible to add though. Personally I have created a Perl module that I use together with iSay that could be reused for this purpose. I am using a BlackList which can be found here.

The module I have created would basically be used like this:
Code: Select all
eval{ require Coranto::Blacklist };
if(!$@) {
 # OK, we can use Coranto::Blacklist, check the fields
 my ($notOK, $blacklist, $matched_pattern) = Coranto::Blacklist->search($Comment, $Email, $Username);
 push @Errors,qq~You have tried to use a blacklisted domain name ($matched_pattern) in the post!~ if($notOK);
}


Let me know if this is something you would like to work further on...
Yes, I am still around...
www.parahead.com/coranto/
User avatar
Parahead
 
Posts: 4837
Joined: Fri Jan 12, 2007 8:54 pm
Location: Stockholm - Sweden

Postby Parahead » Wed Aug 17, 2005 8:38 am

Pete wrote:I checked out the CAPTCHA site -- very interesting stuff! I will look further into creating an image confirmation script (though I don't know if I'll be able to do it...I don't have that much experience in either Perl or PHP).
Since this was an interesting question I played around a little and have now created an embryo for this type of CAPTCHA-script, you can find a working demo of it here. It is a general script and should be quite easy to convert to work with Coranto/GuestPost. Let me know if you want me to make a package of this. I haven't got a response from you regarding the Blacklist example I posted above so I will not hold my breath though...

Note: The script uses ImageMagick to produce the images, so that package is required to be installed on the webserver. Of course some fallback approach can be applied, but I haven't implemented anything like that...
Yes, I am still around...
www.parahead.com/coranto/
User avatar
Parahead
 
Posts: 4837
Joined: Fri Jan 12, 2007 8:54 pm
Location: Stockholm - Sweden

Postby CatLover » Tue Aug 23, 2005 8:34 pm

I would really be interested in something like this myself. Would this work with the guest commenting in iSay? I have been getting lots of spam posts in my isay comments (stuff like Viagra posts, etc....) I would hate to have to turn the guest commenting feature off but I'm starting to get so many of these spam posts that it's becoming too much to have to go in and manually delete all of them. So if this would work for iSay I would love to try it out.

Thanks...
CatLover
 
Posts: 26
Joined: Wed Jul 27, 2005 5:30 pm

Postby Parahead » Wed Aug 24, 2005 6:55 am

CatLover wrote:I would really be interested in something like this myself. Would this work with the guest commenting in iSay?
The Blacklist solution I presented above I use on own my site, and I have minimal problems with spam, so that works without a doubt. It would of course be possble to use the CAPTCHA solution as well, this would require a litte coding though, which you have to do yourself.

Which version of iSay are you using, I can provide a step by step solution for the Blacklist if you want that? It isn't much more than the small code above that needs to be added into iSay and having the Blacklist module on the server...
Yes, I am still around...
www.parahead.com/coranto/
User avatar
Parahead
 
Posts: 4837
Joined: Fri Jan 12, 2007 8:54 pm
Location: Stockholm - Sweden

Postby CatLover » Wed Aug 24, 2005 4:19 pm

Hi Parahead!

I am using iSay v0.16 alpha. It would be great if you could do the step by step solution for the Blacklist. At some point I wouldn't mind maybe trying the CAPTCHA solution out too but I'm just now starting to learn Perl and probably need to learn a little more before I start trying to code too much myself. :D

Thanks for all your help!
CatLover
 
Posts: 26
Joined: Wed Jul 27, 2005 5:30 pm

Postby Parahead » Thu Aug 25, 2005 7:32 pm

CatLover wrote:I am using iSay v0.16 alpha. It would be great if you could do the step by step solution for the Blacklist.
Sorry for not getting back to you sooner. I have realized that the Blacklist module I created before for my personal use has some pieces of code in it that isn't OpenSource so I have posted a question to the original coder if he feel it is OK for me to go public with this. I will await his answer...
Yes, I am still around...
www.parahead.com/coranto/
User avatar
Parahead
 
Posts: 4837
Joined: Fri Jan 12, 2007 8:54 pm
Location: Stockholm - Sweden

Postby CatLover » Fri Aug 26, 2005 3:10 pm

Parahead, thanks for taking the time to look into this. Whenever you get your answer is fine, I'm in no big rush. I just appreciate that you take the time out of your busy schedule to help so many of us out.

Thanks again!
CatLover
 
Posts: 26
Joined: Wed Jul 27, 2005 5:30 pm

Postby Parahead » Fri Aug 26, 2005 8:11 pm

CatLover wrote:Parahead, thanks for taking the time to look into this. Whenever you get your answer is fine, I'm in no big rush.
No problem... If you don't hear from me (or don't see a post in that other forum) for a week or two (or when you get too inpatient), please post a reminder in this thread, OK? ;-)
Yes, I am still around...
www.parahead.com/coranto/
User avatar
Parahead
 
Posts: 4837
Joined: Fri Jan 12, 2007 8:54 pm
Location: Stockholm - Sweden

Serious spamming issues...

Postby akarlska » Fri Aug 04, 2006 6:49 pm

I've got to come up with some method of preventing spam bot attacks, while still letting unregistered users post items through GuestPost. Do any of you have suggestions on how to achieve this? One of those image confirmation scripts seems like it would be just the ticket -- but does such a thing exist for Coranto? Any help you can provide would be greatly appreciated.


I have som serious spamming issues using the guestpost addon. I'm using the Guestpost addon for a gustbook and lately I have had several posts a day from various sites.

I've tried to find something on the Coranto site for this issue, and so far this is the only thread i have found, understandably it didn't get me to far. After reading this thread I have searched for other solutions to my problem. I've ended up with a solution from Junkeater wich seemed like a good idea, and so far it seems to work.

In adition to innstalling the Junkeater system i changed the password for my Guest account, and changed the filenames to my guestbook. So far I have had no spam attacks.

It's a solution, at least until we have another way of doing things internally.
We're just, two lost swimming in a fishbole...year after year.

Running Coranto 1.24, and every addon you can think of.
User avatar
akarlska
 
Posts: 18
Joined: Sat Jul 15, 2006 7:42 pm
Location: In front of my computer...

Postby AndyP » Sat Aug 05, 2006 12:46 pm

I would love to know whether anyone was able to implement that CAPTCHA idea into Coranto/ISay.
AndyP
 
Posts: 165
Joined: Wed Jan 10, 2007 10:10 pm

Postby Parahead » Fri Aug 11, 2006 6:52 pm

AndyP wrote:I would love to know whether anyone was able to implement that CAPTCHA idea into Coranto/ISay.
Here is a live example of my home made CAPTCHA module (using ImageMagick for the image manipulation) incorporated into iSay.

It should be rather easy to implement the CAPTCHA module into any Perl script, but since it requires changes to the original script it *do* requires you to know Perl...

Let me know if you would like me to follow up on this, I can post the script and a small info about what is needed. In iSay it was a matter of adding 3 lines of code.
Yes, I am still around...
www.parahead.com/coranto/
User avatar
Parahead
 
Posts: 4837
Joined: Fri Jan 12, 2007 8:54 pm
Location: Stockholm - Sweden

Postby Dale Ray » Fri Aug 18, 2006 5:58 pm

Parahead,

Can you make the CAPTCHA module you've written available for download? I find I have need of this and am looking for a solution.

Thanks,
Dale Ray
User avatar
Dale Ray
 
Posts: 1001
Joined: Sun Jan 19, 2003 6:02 pm
Location: NW Indiana

Next

Return to Troubleshooting

Who is online

Users browsing this forum: No registered users and 2 guests

cron