login
Header Space

 
 

Why No register ?

December 13, 2007 - 5:51pm
Submitted by Anonymous on December 13, 2007 - 5:51pm.
KernelTrap

spam

December 14, 2007 - 10:37am

I have temporarily disabled user creation due to a recent deluge of abuse by spammers. I am working on a solution. Things are slower going than normal, as I'm currently on vacation through the end of the year.

Sorry for the inconvenience.

re-enabled

April 30, 2008 - 6:49pm

User accounts are finally re-enabled.

what was changed to get rid of "abuse by spammers"?

May 5, 2008 - 4:28am
Tomasz Chmielewski (not verified)

What was changed to get rid of "abuse by spammers"?

Still, some things need to be changed, at least in forums (captcha? report as spam button?) - see this spam: kerneltrap.org/node/16105

new spam filter

May 5, 2008 - 9:01am

I've upgraded to the alpha version of my 3.x Drupal spam module. I modified the Bayesian filter a little, so I'm currently re-training it, and a few are still slipping through. The new filter is working well, and is easy to improve as spammers change their tactics.

3.x Drupal spam module

May 5, 2008 - 6:56pm

I've got spam in blog. I'm happy that at least spam bots are "reading" that stuff, but there's no "mark as spam" button any more.

> 3.x Drupal spam module

I see request for support there. While, i'm not a php or other web coder, let me share an idea.

Near [submit] button you are generating N random strings, which are visually alternated with CSS, and user is asked to include <!-- visible string --> in post.

This random "ticket" works only once, thus as many strings are placed and CSS-ed away (by fgcolor=bgcolor, display:none, etc), less chances to get spam posted.

When spam will become smarter, then we will have other nice CSS-supporting web browser :)
____

smtp

May 5, 2008 - 7:02pm

i've had other ideas about SMTP and spam in LKML and debian lists, but was flamed. A bit more order and culture for users/posters isn't the right way(tm) there.

All that CPU-sucking Bayesian and spamassasin stuff still sucks on the job, letting spam there (everywhere).
____

the most simple example

May 6, 2008 - 4:21am

The most simple example of using usual and somewhat useless after few previews content of web page:
http://kerneltrap.org/node/16107#comment-302738
____

spam

May 6, 2008 - 8:49am

Send me links to the spam in your blog if I've somehow missed them. At this time there's no "report as spam" link available, as I've not had time to implement it. I hope to find the time soon.

Regarding Captcha's, I seriously do not like them, and as such I don't use them on this website.

I'm still training my new filters -- overall (including training) they've had over 98.7% accuracy, and in the past few days they've been up to about 99.5% accuracy. What spam does slip through I try and clean up within 12 hours, further training the filters.

It's alright, there was just

May 6, 2008 - 11:39am

It's alright, there was just one.

As of captcha, i think [mark as spam] button is kind doing the same thing, but after the fact: struggling consequences, not causes.

Maybe there's a way to visually disable with CSS multiple [Post comment] buttons, so hitting/using just one available (with random option or something) will automatically send correct form, which will be checked?

If javascript is available, then simple check of keyboard or mouse activity is look good also. (but i use `lynx` and disable otherwise useless javascript quite frequently.)

"/files/css/e07d16f75ead26d32750f40a613edb4d.css"

i see, that some kind of "random" CSS is already included.
____

spam filtering

May 6, 2008 - 2:01pm

"As of captcha, i think [mark as spam] button is kind doing the same thing, but after the fact: struggling consequences, not causes."

The intention of the "report as spam" buttons is to allow KernelTrap readers to report if spam slips through my spam filters. My filters then learn from this spam, and hopefully block similar posts in the future.

These links are nothing like captchas, as they are opt-in -- you choose if you want to participate in the spam prevention effort. If you don't care about spam, you don't have to participate -- you simply enter your comments and/or forum posts, and away you go.

I know that my filters will never be 100% accurate, and that some spam will always slip through, but they do they heavy lifting for me, and make it possible for me to allow anonymous posting w/o captchas.

Alright then. I've put (in

May 6, 2008 - 2:46pm

Alright then.

I've put (in blog) all CSS-possible ways, i can see to do it in non-captcha way. I'd glad to help with developent of design and testing, if it is usable (i don't do php and such).
____

captcha

May 6, 2008 - 10:36pm

The ideas you're describing in your blog are just captchas in disguise as far as I see -- I don't want to have to solve a puzzle just to post a comment, and I don't want to require this from anyone else, either. I want to type out my comment and hit submit, nice and simple. That is what my spam module is all about.

> The ideas you're

May 7, 2008 - 11:19am

> The ideas you're describing in your blog are just captchas

Well, if hiding all but one correct button is a captcha, so be it.

But this thing is non usable only without CSS support. Why having more input buttons that are hidden in various ways isn't a good front-end for filters to learn, for example?

The output of hidden buttons can be a loophole for automatic bots with neverending requests for input or just big writing delays.

(sidenote: sometimes i feel myself too stupid with web; not when i'm being asked to fill captcha when in `lynx`, but when i'm being told to download flash player to see some news videos.

Player is there, but javascript is switched off. Anyway i just hit: ctrl+u, ctrl+f "flv", select+copy filename, run mplayer. Even with a player things are too inflexible. So i just go to browser's cache and run mplayer on cached copy of file, thus i have all volume/speed/other tunning buttons right there.

If somebody don't know: make file read-only and you will have it for your own. It will sometimes save you another login/registration time for "download" capability, will prevent from installing useless download software, will enable you to have a "backup" copy if content have no official "download". Sometimes design flaws of new tech are quite useful.:)
____

Yet another spam

May 8, 2008 - 6:04am
Tomasz Chmielewski (not verified)

Yet another spam -> kerneltrap.org/node/5515

I've had two in blog right

May 8, 2008 - 11:50am

I've had two in blog right after i've posted "why they have such simple life without visually hidden random input buttons in preview, post stage etc." :)

I can go further with imagination

May 8, 2008 - 9:08pm

I'm opted as non-spammer and i take this with very big responsibility. So, let me propose this for funny start:

provide stdin/stdout-only (jail) facility for `sed`, configured via user settings, where i can:

* set number of `sed`s in the pipe:
comment_web ==> | sed "$S1" | sed "$S2" | sed "$S3" | ... | ==> web_output
* set individual scripts for each

jail must have no open() and exec*() (and all other security-breaking) calls, because `sed` can read and write files and `chroot` is available only for root (for some crazy reason).

What i will do, is inserting style tags and wrap as more space with <input css=hidden> traps as possible. One but: there must be random string and/or number to peek somewhere in html, so script have no static, easy-to-avoid output. This info is used and stripped in output, of course.

And then let's see which blog is spammed more. If somebody don't like my captchas or CSS games, they will not post comments (never saw human replies there, but anyway). Don't say site runs on msft products or you have no standard `sed` which in turn can be statically linked for easy in-jail run. This is real fun with web!

:D

Who is the hacker after that? xml-php-java*-web2.0 or what?
--
sed 'sed && sh + olecom = love' << ''
-o--=O`C
 #oo'L O
<___=E M

restricted sed

May 8, 2008 - 9:46pm

BTW, technically restricted `sed` can be organized easily: you strip out all open+exec functionality form sources (by same `sed`), build it statically and call it `rsed`.

:)

next question if you can trust to all that over-complicated RE codebase to do not do stupid stack overflows and other explointing "fun". Oh, gee...

ou, this one must be called rsed.bash or rsed.sh at least.
http://freshmeat.net/projects/rsed/

simple wrapper is the whole project...
____

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.
speck-geostationary