[geeklog-devtalk] geeklog-devel digest, Vol 1 #506 - 7 msgs

geeklog-devel-request at lists.geeklog.net geeklog-devel-request at lists.geeklog.net
Thu Feb 10 13:00:02 EST 2005

Send geeklog-devel mailing list submissions to
geeklog-devel at lists.geeklog.net

To subscribe or unsubscribe via the World Wide Web, visit
http://lists.geeklog.net/listinfo/geeklog-devel
or, via email, send a message with subject or body 'help' to
geeklog-devel-request at lists.geeklog.net

You can reach the person managing the list at
geeklog-devel-admin at lists.geeklog.net

When replying, please edit your Subject line so it is more specific
than "Re: Contents of geeklog-devel digest..."


Today's Topics:

1. Spam, spam, bacon, eggs, and spam (Dirk Haun)
2. Re: Spam, spam, bacon, eggs, and spam (Justin Carlson)
3. Re: Spam, spam, bacon, eggs, and spam (Justin Carlson)
4. Re: Spam, spam, bacon, eggs, and spam (Simon Lord)
5. Re: Spam, spam, bacon, eggs, and spam (Tom Willett)
6. Re: Spam, spam, bacon, eggs, and spam (Tony Bibbs)
7. Re: Spam, spam, bacon, eggs, and spam (Tom Willett)

--__--__--

Message: 1
From: "Dirk Haun" <dirk at haun-online.de>
To: <geeklog-devel at lists.geeklog.net>
Date: Wed, 9 Feb 2005 22:14:59 +0100
Organization: Terra Software Systems
Subject: [geeklog-devel] Spam, spam, bacon, eggs, and spam
Reply-To: geeklog-devel at lists.geeklog.net

Our special "friend" continues to flood geeklog.info with trackback spam.
A few of them went through since he now also seems to start using HTML
entities to obfuscate his posts:


>&amp;#111;nl&amp;#105;n&amp;#101; p&amp;#111;k&amp;#101;r</a> von &amp;

>#111;nl&amp;#105;n&amp;#101; p&amp;#111;k&amp;#101;r<br>

>Please visit some information in the field of &#111;nl&#105;n&#101;

>p&#111;k&#101;r p&#111;k&#101;r p&#97;rty p&#111;k&#101;r


Tom, would you consider this a feature request? ;-)

No forum spam (at all) on geeklog.info, btw. Maybe because the site's in
German?

I made a small modification to the forum submission forms on geeklog.net
to include a random number in a hidden field. This was just for testing
since I wanted to find out if he actually parses the forms or not. The
random number would have shown up in the SpamX notification emails if he
did, but it didn't.

There's a plugin for Wordpress that does this: It includes a randomly
named field with a random value into the submission form and if that
field and value are not included in the POST data, the post is discarded
right away.

They actually add the field with JavaScript to make it even more
difficult. But then I wouldn't be able to post using Lynx, so maybe
that's too extreme a measure (yet) ;-)

Anyway, the war is on and the enemy isn't sleeping ...

bye, Dirk


--
http://www.haun-online.de/
http://www.haun.info/


--__--__--

Message: 2
Date: Wed, 9 Feb 2005 16:06:16 -0600
From: Justin Carlson <justin.carlson at gmail.com>
To: geeklog-devel at lists.geeklog.net
Subject: Re: [geeklog-devel] Spam, spam, bacon, eggs, and spam
Reply-To: geeklog-devel at lists.geeklog.net

Perhaps you could add a bit of code to the SpamX plugin:

http://us4.php.net/manual/en/function.html-entity-decode.php






On Wed, 9 Feb 2005 22:14:59 +0100, Dirk Haun <dirk at haun-online.de> wrote:

> Our special "friend" continues to flood geeklog.info with trackback spam.

> A few of them went through since he now also seems to start using HTML

> entities to obfuscate his posts:

>

> >&amp;#111;nl&amp;#105;n&amp;#101; p&amp;#111;k&amp;#101;r</a> von &amp;

> >#111;nl&amp;#105;n&amp;#101; p&amp;#111;k&amp;#101;r<br>

> >Please visit some information in the field of &#111;nl&#105;n&#101;

> >p&#111;k&#101;r p&#111;k&#101;r p&#97;rty p&#111;k&#101;r

>

> Tom, would you consider this a feature request? ;-)

>

> No forum spam (at all) on geeklog.info, btw. Maybe because the site's in

> German?

>

> I made a small modification to the forum submission forms on geeklog.net

> to include a random number in a hidden field. This was just for testing

> since I wanted to find out if he actually parses the forms or not. The

> random number would have shown up in the SpamX notification emails if he

> did, but it didn't.

>

> There's a plugin for Wordpress that does this: It includes a randomly

> named field with a random value into the submission form and if that

> field and value are not included in the POST data, the post is discarded

> right away.

>

> They actually add the field with JavaScript to make it even more

> difficult. But then I wouldn't be able to post using Lynx, so maybe

> that's too extreme a measure (yet) ;-)

>

> Anyway, the war is on and the enemy isn't sleeping ...

>

> bye, Dirk

>

> --

> http://www.haun-online.de/

> http://www.haun.info/

>

> _______________________________________________

> geeklog-devel mailing list

> geeklog-devel at lists.geeklog.net

> http://lists.geeklog.net/listinfo/geeklog-devel

>


--__--__--

Message: 3
Date: Wed, 9 Feb 2005 16:14:53 -0600
From: Justin Carlson <justin.carlson at gmail.com>
To: geeklog-devel at lists.geeklog.net
Subject: Re: [geeklog-devel] Spam, spam, bacon, eggs, and spam
Reply-To: geeklog-devel at lists.geeklog.net

Also, as posted elsewhere, is this live now
?
http://www.google.com/googleblog/2005/01/preventing-comment-spam.html



On Wed, 9 Feb 2005 16:06:16 -0600, Justin Carlson
<justin.carlson at gmail.com> wrote:

> Perhaps you could add a bit of code to the SpamX plugin:

>

> http://us4.php.net/manual/en/function.html-entity-decode.php

>

>

> On Wed, 9 Feb 2005 22:14:59 +0100, Dirk Haun <dirk at haun-online.de> wrote:

> > Our special "friend" continues to flood geeklog.info with trackback spam.

> > A few of them went through since he now also seems to start using HTML

> > entities to obfuscate his posts:

> >

> > >&amp;#111;nl&amp;#105;n&amp;#101; p&amp;#111;k&amp;#101;r</a> von &amp;

> > >#111;nl&amp;#105;n&amp;#101; p&amp;#111;k&amp;#101;r<br>

> > >Please visit some information in the field of &#111;nl&#105;n&#101;

> > >p&#111;k&#101;r p&#111;k&#101;r p&#97;rty p&#111;k&#101;r

> >

> > Tom, would you consider this a feature request? ;-)

> >

> > No forum spam (at all) on geeklog.info, btw. Maybe because the site's in

> > German?

> >

> > I made a small modification to the forum submission forms on geeklog.net

> > to include a random number in a hidden field. This was just for testing

> > since I wanted to find out if he actually parses the forms or not. The

> > random number would have shown up in the SpamX notification emails if he

> > did, but it didn't.

> >

> > There's a plugin for Wordpress that does this: It includes a randomly

> > named field with a random value into the submission form and if that

> > field and value are not included in the POST data, the post is discarded

> > right away.

> >

> > They actually add the field with JavaScript to make it even more

> > difficult. But then I wouldn't be able to post using Lynx, so maybe

> > that's too extreme a measure (yet) ;-)

> >

> > Anyway, the war is on and the enemy isn't sleeping ...

> >

> > bye, Dirk

> >

> > --

> > http://www.haun-online.de/

> > http://www.haun.info/

> >

> > _______________________________________________

> > geeklog-devel mailing list

> > geeklog-devel at lists.geeklog.net

> > http://lists.geeklog.net/listinfo/geeklog-devel

> >

>


--__--__--

Message: 4
Date: Wed, 09 Feb 2005 23:44:34 -0500
From: Simon Lord <slord at marelina.com>
Subject: Re: [geeklog-devel] Spam, spam, bacon, eggs, and spam
To: geeklog-devel at lists.geeklog.net
Reply-To: geeklog-devel at lists.geeklog.net

I've noticed that many Flash developers that have blogs have simply
removed all the submission fields and replaced them with Flash editors.
Sample:

http://www.peldi.com/blog/archives/2005/01/pcc_recording_l.html#comments

... scroll to the submission area at the bottom. Could be a solution
we provide in a future version to allow users to either use the flash
submission as an extra layer of protection against spam.


On Feb 9, 2005, at 4:14 PM, Dirk Haun wrote:


> Our special "friend" continues to flood geeklog.info with trackback

> spam.

> A few of them went through since he now also seems to start using HTML

> entities to obfuscate his posts:

>

>> &amp;#111;nl&amp;#105;n&amp;#101; p&amp;#111;k&amp;#101;r</a> von

>> &amp;

>> #111;nl&amp;#105;n&amp;#101; p&amp;#111;k&amp;#101;r<br>

>> Please visit some information in the field of &#111;nl&#105;n&#101;

>> p&#111;k&#101;r p&#111;k&#101;r p&#97;rty p&#111;k&#101;r

>

> Tom, would you consider this a feature request? ;-)

>

> No forum spam (at all) on geeklog.info, btw. Maybe because the site's

> in

> German?

>

> I made a small modification to the forum submission forms on

> geeklog.net

> to include a random number in a hidden field. This was just for testing

> since I wanted to find out if he actually parses the forms or not. The

> random number would have shown up in the SpamX notification emails if

> he

> did, but it didn't.

>

> There's a plugin for Wordpress that does this: It includes a randomly

> named field with a random value into the submission form and if that

> field and value are not included in the POST data, the post is

> discarded

> right away.

>

> They actually add the field with JavaScript to make it even more

> difficult. But then I wouldn't be able to post using Lynx, so maybe

> that's too extreme a measure (yet) ;-)

>

> Anyway, the war is on and the enemy isn't sleeping ...

>

> bye, Dirk

>

>

> --

> http://www.haun-online.de/

> http://www.haun.info/

>

> _______________________________________________

> geeklog-devel mailing list

> geeklog-devel at lists.geeklog.net

> http://lists.geeklog.net/listinfo/geeklog-devel

>

>

Sincerely,
Simon


--__--__--

Message: 5
Date: Thu, 10 Feb 2005 08:51:14 -0500
From: Tom Willett <tomw at pigstye.net>
To: geeklog-devel at lists.geeklog.net
Subject: Re: [geeklog-devel] Spam, spam, bacon, eggs, and spam
Reply-To: geeklog-devel at lists.geeklog.net

This is a multi-part message in MIME format.
--------------000602030306080905020105
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit

On 2/9/2005 4:14 PM, Dirk Haun wrote:


>Our special "friend" continues to flood geeklog.info with trackback spam.

>A few of them went through since he now also seems to start using HTML

>entities to obfuscate his posts:

>

>

>

>>&amp;#111;nl&amp;#105;n&amp;#101; p&amp;#111;k&amp;#101;r</a> von &amp;

>>#111;nl&amp;#105;n&amp;#101; p&amp;#111;k&amp;#101;r<br>

>>Please visit some information in the field of &#111;nl&#105;n&#101;

>>p&#111;k&#101;r p&#111;k&#101;r p&#97;rty p&#111;k&#101;r

>>

>>

>

>Tom, would you consider this a feature request? ;-)

>

>

>

Its actually pretty easy to get around this. A minor change will need
to be made in three files:

All current cvs:

Blacklist.Examine.class.php
Change line 44 from
if (preg_match("#$val#", $comment)) {
to
if (preg_match("#$val#", html_entity_decode($comment))) {

IPofUrl.Examine.class.php
change line 41 from
$num = preg_match_all("#{$regx}#",$comment,$urls);
to
$num = preg_match_all("#{$regx}#",html_entity_decode($comment),$urls);

MTBlackList.Examine.class.php
change line 47 from
if (@preg_match("#$val#", $comment)) {
to
if (@preg_match("#$val#", html_entity_decode($comment))) {

--

Tom Willett
tomw at pigstye.net


--------------000602030306080905020105
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html;charset=ISO-8859-1" http-equiv="Content-Type">
<title></title>
</head>
<body bgcolor="#ffffff" text="#000000">
On 2/9/2005 4:14 PM, Dirk Haun wrote:
<blockquote cite="mid20050209211459.11662 at smtp.haun-online.de"
type="cite">
<pre wrap="">Our special "friend" continues to flood geeklog.info with trackback spam.
A few of them went through since he now also seems to start using HTML
entities to obfuscate his posts:

</pre>
<blockquote type="cite">
<pre wrap="">&amp;amp;#111;nl&amp;amp;#105;n&amp;amp;#101; p&amp;amp;#111;k&amp;amp;#101;r&lt;/a&gt; von &amp;amp;
#111;nl&amp;amp;#105;n&amp;amp;#101; p&amp;amp;#111;k&amp;amp;#101;r&lt;br&gt;
Please visit some information in the field of &amp;#111;nl&amp;#105;n&amp;#101;
p&amp;#111;k&amp;#101;r p&amp;#111;k&amp;#101;r p&amp;#97;rty p&amp;#111;k&amp;#101;r
</pre>
</blockquote>
<pre wrap=""><!---->
Tom, would you consider this a feature request? ;-)

</pre>
</blockquote>
Its actually pretty easy to get around this.&nbsp; A minor change will need
to be made in three files:<br>
<br>
All current cvs:<br>
<br>
Blacklist.Examine.class.php<br>
Change line 44 from<br>
if (preg_match("#$val#", $comment)) {<br>
to<br>
if (preg_match("#$val#", html_entity_decode($comment))) {<br>
<br>
IPofUrl.Examine.class.php<br>
change line 41 from<br>
$num = preg_match_all("#{$regx}#",$comment,$urls);<br>
to<br>
$num = preg_match_all("#{$regx}#",html_entity_decode($comment),$urls);<br>
<br>
MTBlackList.Examine.class.php<br>
change line 47 from<br>
if (@preg_match("#$val#", $comment)) {<br>
to<br>
if (@preg_match("#$val#", html_entity_decode($comment))) {<br>
<pre class="moz-signature" cols="72">--

Tom Willett
<a class="moz-txt-link-abbreviated" href="mailto:tomw at pigstye.net">tomw at pigstye.net</a>
</pre>
</body>
</html>

--------------000602030306080905020105--

--__--__--

Message: 6
Date: Thu, 10 Feb 2005 08:30:23 -0600
From: Tony Bibbs <tony at tonybibbs.com>
To: geeklog-devel at lists.geeklog.net
Subject: Re: [geeklog-devel] Spam, spam, bacon, eggs, and spam
Reply-To: geeklog-devel at lists.geeklog.net

Makes me wonder if we shouldn't have a mailing list for developer-only
spam discussions where strategy and stuff can be discuss less openly.
Just a thought.

--Tony

Tom Willett wrote:


> On 2/9/2005 4:14 PM, Dirk Haun wrote:

>

>>Our special "friend" continues to flood geeklog.info with trackback spam.

>>A few of them went through since he now also seems to start using HTML

>>entities to obfuscate his posts:

>>

>>

>>

>>>&amp;#111;nl&amp;#105;n&amp;#101; p&amp;#111;k&amp;#101;r</a> von &amp;

>>>#111;nl&amp;#105;n&amp;#101; p&amp;#111;k&amp;#101;r<br>

>>>Please visit some information in the field of &#111;nl&#105;n&#101;

>>>p&#111;k&#101;r p&#111;k&#101;r p&#97;rty p&#111;k&#101;r

>>>

>>>

>>

>>Tom, would you consider this a feature request? ;-)

>>

>>

>>

> Its actually pretty easy to get around this. A minor change will need

> to be made in three files:

>

> All current cvs:

>

> Blacklist.Examine.class.php

> Change line 44 from

> if (preg_match("#$val#", $comment)) {

> to

> if (preg_match("#$val#", html_entity_decode($comment))) {

>

> IPofUrl.Examine.class.php

> change line 41 from

> $num = preg_match_all("#{$regx}#",$comment,$urls);

> to

> $num = preg_match_all("#{$regx}#",html_entity_decode($comment),$urls);

>

> MTBlackList.Examine.class.php

> change line 47 from

> if (@preg_match("#$val#", $comment)) {

> to

> if (@preg_match("#$val#", html_entity_decode($comment))) {

>

>--

>

>Tom Willett

>tomw at pigstye.net

>

>



--__--__--

Message: 7
Date: Thu, 10 Feb 2005 09:57:43 -0500
From: Tom Willett <tomw at pigstye.net>
To: geeklog-devel at lists.geeklog.net
Subject: Re: [geeklog-devel] Spam, spam, bacon, eggs, and spam
Reply-To: geeklog-devel at lists.geeklog.net

On 2/10/2005 9:30 AM, Tony Bibbs wrote:


> Makes me wonder if we shouldn't have a mailing list for developer-only

> spam discussions where strategy and stuff can be discuss less openly.

> Just a thought.

>

> --Tony

>

> Tom Willett wrote:

>

>> On 2/9/2005 4:14 PM, Dirk Haun wrote:

>>

>>> Our special "friend" continues to flood geeklog.info with trackback

>>> spam.

>>> A few of them went through since he now also seems to start using HTML

>>> entities to obfuscate his posts:

>>>

>>>

>>>

>>>> &amp;#111;nl&amp;#105;n&amp;#101; p&amp;#111;k&amp;#101;r</a> von

>>>> &amp;

>>>> #111;nl&amp;#105;n&amp;#101; p&amp;#111;k&amp;#101;r<br>

>>>> Please visit some information in the field of &#111;nl&#105;n&#101;

>>>> p&#111;k&#101;r p&#111;k&#101;r p&#97;rty p&#111;k&#101;r

>>>>

>>>

>>>

>>> Tom, would you consider this a feature request? ;-)

>>>

>>>

>>>

>> Its actually pretty easy to get around this. A minor change will

>> need to be made in three files:

>>

>> All current cvs:

>>

>> Blacklist.Examine.class.php

>> Change line 44 from

>> if (preg_match("#$val#", $comment)) {

>> to

>> if (preg_match("#$val#", html_entity_decode($comment))) {

>>

>> IPofUrl.Examine.class.php

>> change line 41 from

>> $num = preg_match_all("#{$regx}#",$comment,$urls);

>> to

>> $num = preg_match_all("#{$regx}#",html_entity_decode($comment),$urls);

>>

>> MTBlackList.Examine.class.php

>> change line 47 from

>> if (@preg_match("#$val#", $comment)) {

>> to

>> if (@preg_match("#$val#", html_entity_decode($comment))) {

>>

>> --

>>

>> Tom Willett

>> tomw at pigstye.net

>>

>>

>

> _______________________________________________

> geeklog-devel mailing list

> geeklog-devel at lists.geeklog.net

> http://lists.geeklog.net/listinfo/geeklog-devel


Would it make any difference if cvs is publically available?

--

Tom Willett
tomw at pigstye.net



--__--__--

_______________________________________________
geeklog-devel mailing list
geeklog-devel at lists.geeklog.net
http://lists.geeklog.net/listinfo/geeklog-devel


End of geeklog-devel Digest

More information about the geeklog-devtalk mailing list