phpwebsite-developers

[Phpwebsite-developers] While we are talking about comments

[Matthew M. <ma...@tu...>]

I would like some suggestions of how we could prevent comment spam.

http://www.kuro5hin.org/story/2005/1/19/35627/2443

Adding the no-follow rel to a link is no problem. Of course the author
of the above link feels this will do little prevent spam.

So does anyone have other ideas? Off the top of my head without
considering the consequences - let users determine what is spam. If
enough different users vote on a user spamming, the comments module
could automatically disable their ability to post clickable links. This
decision could be reversed by the admin of course.

That is just one example. Any more ideas?

-- 
Matthew McNaney
Electronic Student Services
Appalachian State University
http://phpwebsite.appstate.edu

Re: [Phpwebsite-developers] While we are talking about comments

[Don S. <do...@se...>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Matthew McNaney wrote:
> Adding the no-follow rel to a link is no problem. Of course the author
> of the above link feels this will do little prevent spam.

This is what b2evolution does, seems to have worked alright for me.


- --
Don Seiler
do...@se...

Public Key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xFC87F041
Fingerprint: 0B56 50D5 E91E 4D4C 83B7  207C 76AC 5DA2 FC87 F041
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFDoCxddqxdovyH8EERApwfAKCbrBAtu7O+mbHJbd+cHfsd2nfhrQCcDHfP
4Fx5YIY4T+FDVB4gFU1mth0=
=fSD1
-----END PGP SIGNATURE-----

Re: [Phpwebsite-developers] While we are talking about comments

[Shaun M. <sh...@ae...>]

On 14 Dec 2005, at 14:29, Don Seiler wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Matthew McNaney wrote:
>> Adding the no-follow rel to a link is no problem. Of course the  
>> author
>> of the above link feels this will do little prevent spam.
>
> This is what b2evolution does, seems to have worked alright for me.

It didn't for me with an Advanced Guestbook install. I think that  
once your site is known, it doesn't make a difference. The trick is  
stopping yourself from being known and letting the spammer know what  
your site is running.

Googling for 'Powered by blah-blah vX.X' is how many of the spammers  
find a victim which is why I usually remove the attribution rather  
than any copyright thing. I've got mod_security rules on my servers  
to stop that for customers who use the more frequently spammed  
software without knowing what they are doing. phpBB is *THE* biggest  
culprit for spam and hackers and I really wish I could dissuade  
people from using it at all. YABBse gets close too and fixed less often.

The Advanced Guestbook install I had problems with now gets zero spam  
just because it now asks you to enter an extra field that the spambot  
doesn't know about, but that's not going to work for phpWebsite in  
general.


So, a captcha for registrations is a must.

A spam flood filter that stops new users from posting spam in quick  
succession?

Maybe have some kind of grace period / sin bin whereby new users go  
through approval and you can sin-bin existing ones if they abuse the  
site.

Engadget.com, TUAW.com and the other weblogs inc. sites let you post  
anonymously but every post has to be approved by clicking on an email  
sent to you. That seems to stop most spam.

Ensuring all posted form data comes from a browser and not a bot is  
another method used by some systems. Adding these into phpWebSite  
instead of into something like Apache's mod_security would be useful.


Shaun
aegis design - http://www.aegisdesign.co.uk
aegis hosting - http://www.aegishosting.co.uk

Re: [Phpwebsite-developers] While we are talking about comments

[Don S. <do...@se...>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Shaun Murray wrote:
> Ensuring all posted form data comes from a browser and not a bot is
> another method used by some systems. Adding these into phpWebSite
> instead of into something like Apache's mod_security would be useful.

b2evolution also does check the referrer when a comment is submitted.,
and it has to be the comment page itself.

- --
Don Seiler
do...@se...

Public Key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xFC87F041
Fingerprint: 0B56 50D5 E91E 4D4C 83B7  207C 76AC 5DA2 FC87 F041
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFDoHYKdqxdovyH8EERAm5LAJ4q1DyFHq7aWXW53Jn+SAxKSje7qACgpFh/
yPZ6aRhepzuCGn06QLOK08g=
=V0Qh
-----END PGP SIGNATURE-----

[Phpwebsite-developers] Users errors

[Matthew M. <ma...@tu...>]

Shaun,

Happy New Year!

I was fixing a bit of code in the Users module and I started getting
some errors after I updated.

show_link could not locate a help label 'approvals' for the 'users'
module.  

I reloaded the help file but it didn't fix it. Could you take a look
please?

thanks,
Matt



-- 
Matthew McNaney
Electronic Student Services
Appalachian State University
http://phpwebsite.appstate.edu

Re: [Phpwebsite-developers] Users errors

[Shaun M. <sh...@ae...>]

On 3 Jan 2006, at 13:19, Matthew McNaney wrote:

> Shaun,
>
> Happy New Year!
>
> I was fixing a bit of code in the Users module and I started getting
> some errors after I updated.
>
> show_link could not locate a help label 'approvals' for the 'users'
> module.
>
> I reloaded the help file but it didn't fix it. Could you take a look
> please?
>

Reloading works for me.

I've added in the extra code in boost/update.php to reload the help  
data.


Shaun
aegis design - http://www.aegisdesign.co.uk
aegis hosting - http://www.aegishosting.co.uk