[geeklog-devtalk] geeklog-devel digest, Vol 1 #507 - 8 msgs

[geeklog-devel-request at lists.geeklog.net]

Send geeklog-devel mailing list submissions to
	geeklog-devel at lists.geeklog.net

To subscribe or unsubscribe via the World Wide Web, visit
	http://lists.geeklog.net/listinfo/geeklog-devel
or, via email, send a message with subject or body 'help' to
	geeklog-devel-request at lists.geeklog.net

You can reach the person managing the list at
	geeklog-devel-admin at lists.geeklog.net

When replying, please edit your Subject line so it is more specific
than "Re: Contents of geeklog-devel digest..."


Today's Topics:

   1. Re: Spam, spam, bacon, eggs, and spam (Tony Bibbs)
   2. Re: Spam, spam, bacon, eggs, and spam (Dirk Haun)
   3. Re: Spam, spam, bacon, eggs, and spam (Tony Bibbs)
   4. Re: Spam, spam, bacon, eggs, and spam (Dirk Haun)
   5. Proposal for Plugin API extension (Tony Bibbs)
   6. Home-made problems with forum spam (Dirk Haun)
   7. Re: Proposal for Plugin API extension (Dirk Haun)
   8. Re: Home-made problems with forum spam (Tom Willett)

--__--__--

Message: 1
Date: Thu, 10 Feb 2005 13:19:06 -0600
From: Tony Bibbs <tony at tonybibbs.com>
To: geeklog-devel at lists.geeklog.net
Subject: Re: [geeklog-devel] Spam, spam, bacon, eggs, and spam
Reply-To: geeklog-devel at lists.geeklog.net

Just harder to get at.  In one case we clearly state our intentions for 
all to see.  The other way we force these yahoo's to lift the hood and 
figure it out on their own.

--Tony

Tom Willett wrote:


> On 2/10/2005 9:30 AM, Tony Bibbs wrote:

>

>> Makes me wonder if we shouldn't have a mailing list for 

>> developer-only spam discussions where strategy and stuff can be 

>> discuss less openly. Just a thought.

>>

>> --Tony

>>

>> Tom Willett wrote:

>>

>>> On 2/9/2005 4:14 PM, Dirk Haun wrote:

>>>

>>>> Our special "friend" continues to flood geeklog.info with trackback 

>>>> spam.

>>>> A few of them went through since he now also seems to start using HTML

>>>> entities to obfuscate his posts:

>>>>

>>>>  

>>>>

>>>>> &amp;#111;nl&amp;#105;n&amp;#101; p&amp;#111;k&amp;#101;r</a> von 

>>>>> &amp;

>>>>> #111;nl&amp;#105;n&amp;#101; p&amp;#111;k&amp;#101;r<br>

>>>>> Please visit some information in the field of &#111;nl&#105;n&#101;

>>>>> p&#111;k&#101;r p&#111;k&#101;r p&#97;rty p&#111;k&#101;r

>>>>>   

>>>>

>>>>

>>>>

>>>> Tom, would you consider this a feature request? ;-)

>>>>

>>>>  

>>>>

>>> Its actually pretty easy to get around this.  A minor change will 

>>> need to be made in three files:

>>>

>>> All current cvs:

>>>

>>> Blacklist.Examine.class.php

>>> Change line 44 from

>>> if (preg_match("#$val#", $comment)) {

>>> to

>>> if (preg_match("#$val#", html_entity_decode($comment))) {

>>>

>>> IPofUrl.Examine.class.php

>>> change line 41 from

>>> $num = preg_match_all("#{$regx}#",$comment,$urls);

>>> to

>>> $num = preg_match_all("#{$regx}#",html_entity_decode($comment),$urls);

>>>

>>> MTBlackList.Examine.class.php

>>> change line 47 from

>>> if (@preg_match("#$val#", $comment)) {

>>> to

>>> if (@preg_match("#$val#", html_entity_decode($comment))) {

>>>

>>> -- 

>>>

>>> Tom Willett

>>> tomw at pigstye.net

>>>  

>>>

>>

>> _______________________________________________

>> geeklog-devel mailing list

>> geeklog-devel at lists.geeklog.net

>> http://lists.geeklog.net/listinfo/geeklog-devel

>

>

> Would it make any difference if cvs is publically available?

>



--__--__--

Message: 2
From: "Dirk Haun" <dirk at haun-online.de>
To: <geeklog-devel at lists.geeklog.net>
Subject: Re: [geeklog-devel] Spam, spam, bacon, eggs, and spam
Date: Thu, 10 Feb 2005 21:27:32 +0100
Organization: Terra Software Systems
Reply-To: geeklog-devel at lists.geeklog.net

Tony Bibbs wrote:


>Makes me wonder if we shouldn't have a mailing list for developer-only 

>spam discussions where strategy and stuff can be discuss less openly. 

>Just a thought.


Since what that guy is currently doing borders on a DDoS attack, I'm all
for it ...

Up to 10 spam posts per minute! And here I was wondering why geeklog.net
was going so slowly. Someone's clearly out of their mind ...

bye, Dirk


-- 
http://www.haun-online.de/
http://www.haun.info/


--__--__--

Message: 3
Date: Thu, 10 Feb 2005 14:33:45 -0600
From: Tony Bibbs <tony at tonybibbs.com>
To: geeklog-devel at lists.geeklog.net
Subject: Re: [geeklog-devel] Spam, spam, bacon, eggs, and spam
Reply-To: geeklog-devel at lists.geeklog.net

I'll add this to my to-do list.  I've got Mailman on the colo server and 
all I need to do is figure out how the hell to get the archive messages 
moved over.  I'm guessing it is as easy as scp'ing them from one place 
to another but I need to double check that.

--Tony

Dirk Haun wrote:


>Tony Bibbs wrote:

>

>  

>

>>Makes me wonder if we shouldn't have a mailing list for developer-only 

>>spam discussions where strategy and stuff can be discuss less openly. 

>>Just a thought.

>>    

>>

>

>Since what that guy is currently doing borders on a DDoS attack, I'm all

>for it ...

>

>Up to 10 spam posts per minute! And here I was wondering why geeklog.net

>was going so slowly. Someone's clearly out of their mind ...

>

>bye, Dirk

>

>

>  

>




--__--__--

Message: 4
From: "Dirk Haun" <dirk at haun-online.de>
To: <geeklog-devel at lists.geeklog.net>, "Tony Bibbs" <tony at tonybibbs.com>
Subject: Re: [geeklog-devel] Spam, spam, bacon, eggs, and spam
Date: Thu, 10 Feb 2005 22:01:13 +0100
Organization: Terra Software Systems
Reply-To: geeklog-devel at lists.geeklog.net

Tony,


>I've got Mailman on the colo server and 

>all I need to do is figure out how the hell to get the archive messages 

>moved over.


One more reason to upgrade Mailman:
<http://lists.netsys.com/pipermail/full-disclosure/2005-February/031562.html>

So make sure you either patch 2.1.5 or upgrade to a new version, if it's
out yet.

bye, Dirk


-- 
http://www.haun-online.de/
http://geeklog.info/


--__--__--

Message: 5
Date: Fri, 11 Feb 2005 09:30:00 -0600
From: Tony Bibbs <tony at tonybibbs.com>
To: Geeklog-Devel <geeklog-devel at lists.geeklog.net>
Subject: [geeklog-devel] Proposal for Plugin API extension
Reply-To: geeklog-devel at lists.geeklog.net

I have a custom way of banning users.  I simply have an array of user 
ID's in my config file and if a user is in there I give them a 'your are 
banned' message.  Unfortunately, the nightly digest of topics doesn't 
know anything about my dirty little hack.  This got me to thinking we 
need an plugin API change for the following:

1) plugins should be able to include themselves in the nightly digest.  
I think controlling whether a plugin is allowed to do this by the site 
admin should be done in it's own config file or, better yet, the plugin 
admin page.
2) a way for a plugin to prevent a specific user from being able to 
receive the digest because of being banned.

I'm not saying this is how it should be but merely making suggestions.  
I'd like to open this up for discussion and decision so that I can 
implement this for us all (assuming we agree there is a need)...I really 
need this.

--Tony

--__--__--

Message: 6
From: "Dirk Haun" <dirk at haun-online.de>
To: Geeklog-Devel <geeklog-devel at lists.geeklog.net>
Date: Fri, 11 Feb 2005 18:45:06 +0100
Organization: Terra Software Systems
Subject: [geeklog-devel] Home-made problems with forum spam
Reply-To: geeklog-devel at lists.geeklog.net

Okay, part of yesterday's spam DDoS problem was home-made:

Exhibit #1:

Thu Feb 10 15:11:52 2005 - Found Spam Comment [...] posted by user  from
IP 218.89.189.241
Thu Feb 10 15:11:55 2005 - Found Spam Comment [...] posted by user  from
IP 218.89.189.241

2 Posts from the same IP address within 3 seconds? This shouldn't happen.

Reason: The forum's speed limit defaults to 1(!) second.

Suggested fix: In public_html/forum/include/config.php replace

    $forumSpeedLimit = 1;

with

    $forumSpeedLimit = $_CONF['commentspeedlimit'];


Exhibit #2:

218.89.189.241 - - [10/Feb/2005:15:11:55 -0500] "POST /forum/
createtopic.php HTTP/1.0" 200 15328 "http://www.geeklog.net/forum/
createtopic.php?method=postreply&forum=9&id=20921" "Mozilla/4.0
(compatible; MSIE 6.0; Windows NT 5.2; .NET CLR 1.1.4322)"
218.89.189.241 - - [10/Feb/2005:15:11:56 -0500] "GET /index.php?
msg=8&plugin=spamx HTTP/1.0" 200 47376 "-" "Mozilla/4.0 (compatible; MSIE
6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"

So our friend's spamming scripts have started following the redirect to
display the "Spam detected" message, causing additional load.

Not sure what the best solution would be for this. On the one hand, I
think we should display a message in case a regular user accidentally
posted something that is considered spam (and be it only excerpts from
his logfiles containing blocked URLs). On the other hand, there's no need
to display the entire Geeklog framework page. So maybe just display a
plain-text message and let the script exit?

So instead of

    if ($result > 0) {
        echo COM_refresh($_CONF['site_url'] . '/index.php?
msg='.$result.'&amp;plugin=spamx');
        exit;
    }

do something like
    
    if ($result > 0) {
        $var = 'PLG_spamx_MESSAGE' . $result;
        global $$var, $MESSAGE;
        if (isset ($$var)) {
            $message = $$var;
        } else {
            $message = sprintf ($MESSAGE[61], 'spamx');
        }
        header ('Content-Type: text/plain');
        echo $message;
        exit;
    }

... which is pretty much what COM_showMessage would do as a result of the
above redirect, but without all the surrounding framework. Maybe hiding
that ugly bit of $$var code and echo'ing out in a new COM_ function ...

Thoughts?

bye, Dirk


-- 
http://www.haun-online.de/
http://www.handful-of-sparks.de/


--__--__--

Message: 7
From: "Dirk Haun" <dirk at haun-online.de>
To: <geeklog-devel at lists.geeklog.net>
Subject: Re: [geeklog-devel] Proposal for Plugin API extension
Date: Fri, 11 Feb 2005 18:49:55 +0100
Organization: Terra Software Systems
Reply-To: geeklog-devel at lists.geeklog.net

Tony,


>1) plugins should be able to include themselves in the nightly digest.


A good idea in theory. However, the daily digest is already timing out
for a lot of people (because of script limits on shared hosting) and
adding more stuff to it would make it fail more often for those users.

I wrote up this task on the issue:
<http://project.geeklog.net/pm/task.php?
func=detailtask&project_task_id=20&group_id=6&group_project_id=10>



>2) a way for a plugin to prevent a specific user from being able to 

>receive the digest because of being banned.


This sounds backward to me. Instead, we should properly implement banning
finally (this was also briefly mentioned in the discussions about remote
login over in geeklog-devtalk). Which means that all built-in
functionality, including the daily digest, would know about banned users
and not service them

bye, Dirk


-- 
http://www.haun-online.de/
http://mypod.de/


--__--__--

Message: 8
Date: Fri, 11 Feb 2005 12:55:42 -0500
From: Tom Willett <tomw at pigstye.net>
To: geeklog-devel at lists.geeklog.net
Subject: Re: [geeklog-devel] Home-made problems with forum spam
Reply-To: geeklog-devel at lists.geeklog.net

On 2/11/2005 12:45 PM, Dirk Haun wrote:


>Okay, part of yesterday's spam DDoS problem was home-made:

>

>Exhibit #1:

>

>Thu Feb 10 15:11:52 2005 - Found Spam Comment [...] posted by user  from

>IP 218.89.189.241

>Thu Feb 10 15:11:55 2005 - Found Spam Comment [...] posted by user  from

>IP 218.89.189.241

>

>2 Posts from the same IP address within 3 seconds? This shouldn't happen.

>

>Reason: The forum's speed limit defaults to 1(!) second.

>

>Suggested fix: In public_html/forum/include/config.php replace

>

>    $forumSpeedLimit = 1;

>

>with

>

>    $forumSpeedLimit = $_CONF['commentspeedlimit'];

>

>

>Exhibit #2:

>

>218.89.189.241 - - [10/Feb/2005:15:11:55 -0500] "POST /forum/

>createtopic.php HTTP/1.0" 200 15328 "http://www.geeklog.net/forum/

>createtopic.php?method=postreply&forum=9&id=20921" "Mozilla/4.0

>(compatible; MSIE 6.0; Windows NT 5.2; .NET CLR 1.1.4322)"

>218.89.189.241 - - [10/Feb/2005:15:11:56 -0500] "GET /index.php?

>msg=8&plugin=spamx HTTP/1.0" 200 47376 "-" "Mozilla/4.0 (compatible; MSIE

>6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"

>

>So our friend's spamming scripts have started following the redirect to

>display the "Spam detected" message, causing additional load.

>

>Not sure what the best solution would be for this. On the one hand, I

>think we should display a message in case a regular user accidentally

>posted something that is considered spam (and be it only excerpts from

>his logfiles containing blocked URLs). On the other hand, there's no need

>to display the entire Geeklog framework page. So maybe just display a

>plain-text message and let the script exit?

>

>So instead of

>

>    if ($result > 0) {

>        echo COM_refresh($_CONF['site_url'] . '/index.php?

>msg='.$result.'&amp;plugin=spamx');

>        exit;

>    }

>

>do something like

>    

>    if ($result > 0) {

>        $var = 'PLG_spamx_MESSAGE' . $result;

>        global $$var, $MESSAGE;

>        if (isset ($$var)) {

>            $message = $$var;

>        } else {

>            $message = sprintf ($MESSAGE[61], 'spamx');

>        }

>        header ('Content-Type: text/plain');

>        echo $message;

>        exit;

>    }

>

>... which is pretty much what COM_showMessage would do as a result of the

>above redirect, but without all the surrounding framework. Maybe hiding

>that ugly bit of $$var code and echo'ing out in a new COM_ function ...

>

>Thoughts?

>

>bye, Dirk

>

>

>  

>

It seems to me by the time you get here you have already done most of 
the processing (when lib-common is included), about all you would save 
is the template processing and a small portion of the bandwidth.

-- 

Tom Willett
tomw at pigstye.net



--__--__--

_______________________________________________
geeklog-devel mailing list
geeklog-devel at lists.geeklog.net
http://lists.geeklog.net/listinfo/geeklog-devel


End of geeklog-devel Digest