I have temporarily disabled user creation due to a recent deluge of abuse by spammers. I am working on a solution. Things are slower going than normal, as I'm currently on vacation through the end of the year.
I've upgraded to the alpha version of my 3.x Drupal spam module. I modified the Bayesian filter a little, so I'm currently re-training it, and a few are still slipping through. The new filter is working well, and is easy to improve as spammers change their tactics.
I've got spam in blog. I'm happy that at least spam bots are "reading" that stuff, but there's no "mark as spam" button any more.
> 3.x Drupal spam module
I see request for support there. While, i'm not a php or other web coder, let me share an idea.
Near [submit] button you are generating N random strings, which are visually alternated with CSS, and user is asked to include <!-- visible string --> in post.
This random "ticket" works only once, thus as many strings are placed and CSS-ed away (by fgcolor=bgcolor, display:none, etc), less chances to get spam posted.
When spam will become smarter, then we will have other nice CSS-supporting web browser :)
____
i've had other ideas about SMTP and spam in LKML and debian lists, but was flamed. A bit more order and culture for users/posters isn't the right way(tm) there.
All that CPU-sucking Bayesian and spamassasin stuff still sucks on the job, letting spam there (everywhere).
____
Send me links to the spam in your blog if I've somehow missed them. At this time there's no "report as spam" link available, as I've not had time to implement it. I hope to find the time soon.
Regarding Captcha's, I seriously do not like them, and as such I don't use them on this website.
I'm still training my new filters -- overall (including training) they've had over 98.7% accuracy, and in the past few days they've been up to about 99.5% accuracy. What spam does slip through I try and clean up within 12 hours, further training the filters.
As of captcha, i think [mark as spam] button is kind doing the same thing, but after the fact: struggling consequences, not causes.
Maybe there's a way to visually disable with CSS multiple [Post comment] buttons, so hitting/using just one available (with random option or something) will automatically send correct form, which will be checked?
If javascript is available, then simple check of keyboard or mouse activity is look good also. (but i use `lynx` and disable otherwise useless javascript quite frequently.)
"/files/css/e07d16f75ead26d32750f40a613edb4d.css"
i see, that some kind of "random" CSS is already included.
____
"As of captcha, i think [mark as spam] button is kind doing the same thing, but after the fact: struggling consequences, not causes."
The intention of the "report as spam" buttons is to allow KernelTrap readers to report if spam slips through my spam filters. My filters then learn from this spam, and hopefully block similar posts in the future.
These links are nothing like captchas, as they are opt-in -- you choose if you want to participate in the spam prevention effort. If you don't care about spam, you don't have to participate -- you simply enter your comments and/or forum posts, and away you go.
I know that my filters will never be 100% accurate, and that some spam will always slip through, but they do they heavy lifting for me, and make it possible for me to allow anonymous posting w/o captchas.
I've put (in blog) all CSS-possible ways, i can see to do it in non-captcha way. I'd glad to help with developent of design and testing, if it is usable (i don't do php and such).
____
The ideas you're describing in your blog are just captchas in disguise as far as I see -- I don't want to have to solve a puzzle just to post a comment, and I don't want to require this from anyone else, either. I want to type out my comment and hit submit, nice and simple. That is what my spam module is all about.
> The ideas you're describing in your blog are just captchas
Well, if hiding all but one correct button is a captcha, so be it.
But this thing is non usable only without CSS support. Why having more input buttons that are hidden in various ways isn't a good front-end for filters to learn, for example?
The output of hidden buttons can be a loophole for automatic bots with neverending requests for input or just big writing delays.
(sidenote: sometimes i feel myself too stupid with web; not when i'm being asked to fill captcha when in `lynx`, but when i'm being told to download flash player to see some news videos.
Player is there, but javascript is switched off. Anyway i just hit: ctrl+u, ctrl+f "flv", select+copy filename, run mplayer. Even with a player things are too inflexible. So i just go to browser's cache and run mplayer on cached copy of file, thus i have all volume/speed/other tunning buttons right there.
If somebody don't know: make file read-only and you will have it for your own. It will sometimes save you another login/registration time for "download" capability, will prevent from installing useless download software, will enable you to have a "backup" copy if content have no official "download". Sometimes design flaws of new tech are quite useful.:)
____
I've had two in blog right after i've posted "why they have such simple life without visually hidden random input buttons in preview, post stage etc." :)
I'm opted as non-spammer and i take this with very big responsibility. So, let me propose this for funny start:
provide stdin/stdout-only (jail) facility for `sed`, configured via user settings, where i can:
* set number of `sed`s in the pipe: comment_web ==> | sed "$S1" | sed "$S2" | sed "$S3" | ... | ==> web_output
* set individual scripts for each
jail must have no open() and exec*() (and all other security-breaking) calls, because `sed` can read and write files and `chroot` is available only for root (for some crazy reason).
What i will do, is inserting style tags and wrap as more space with <input css=hidden> traps as possible. One but: there must be random string and/or number to peek somewhere in html, so script have no static, easy-to-avoid output. This info is used and stripped in output, of course.
And then let's see which blog is spammed more. If somebody don't like my captchas or CSS games, they will not post comments (never saw human replies there, but anyway). Don't say site runs on msft products or you have no standard `sed` which in turn can be statically linked for easy in-jail run. This is real fun with web!
:D
Who is the hacker after that? xml-php-java*-web2.0 or what? -- sed 'sed && sh + olecom = love' << '' -o--=O`C #oo'L O <___=E M
BTW, technically restricted`sed` can be organized easily: you strip out all open+exec functionality form sources (by same `sed`), build it statically and call it `rsed`.
:)
next question if you can trust to all that over-complicated RE codebase to do not do stupid stack overflows and other explointing "fun". Oh, gee...
spam
I have temporarily disabled user creation due to a recent deluge of abuse by spammers. I am working on a solution. Things are slower going than normal, as I'm currently on vacation through the end of the year.
Sorry for the inconvenience.
re-enabled
User accounts are finally re-enabled.
what was changed to get rid of "abuse by spammers"?
What was changed to get rid of "abuse by spammers"?
Still, some things need to be changed, at least in forums (captcha? report as spam button?) - see this spam: kerneltrap.org/node/16105
new spam filter
I've upgraded to the alpha version of my 3.x Drupal spam module. I modified the Bayesian filter a little, so I'm currently re-training it, and a few are still slipping through. The new filter is working well, and is easy to improve as spammers change their tactics.
3.x Drupal spam module
I've got spam in blog. I'm happy that at least spam bots are "reading" that stuff, but there's no "mark as spam" button any more.
> 3.x Drupal spam module
I see request for support there. While, i'm not a php or other web coder, let me share an idea.
Near [submit] button you are generating N random strings, which are visually alternated with CSS, and user is asked to include
<!-- visible string -->in post.This random "ticket" works only once, thus as many strings are placed and CSS-ed away (by fgcolor=bgcolor, display:none, etc), less chances to get spam posted.
When spam will become smarter, then we will have other nice CSS-supporting web browser :)
____
smtp
i've had other ideas about SMTP and spam in LKML and debian lists, but was flamed. A bit more order and culture for users/posters isn't the right way(tm) there.
All that CPU-sucking Bayesian and spamassasin stuff still sucks on the job, letting spam there (everywhere).
____
the most simple example
The most simple example of using usual and somewhat useless after few previews content of web page:
http://kerneltrap.org/node/16107#comment-302738
____
spam
Send me links to the spam in your blog if I've somehow missed them. At this time there's no "report as spam" link available, as I've not had time to implement it. I hope to find the time soon.
Regarding Captcha's, I seriously do not like them, and as such I don't use them on this website.
I'm still training my new filters -- overall (including training) they've had over 98.7% accuracy, and in the past few days they've been up to about 99.5% accuracy. What spam does slip through I try and clean up within 12 hours, further training the filters.
It's alright, there was just
It's alright, there was just one.
As of captcha, i think [mark as spam] button is kind doing the same thing, but after the fact: struggling consequences, not causes.
Maybe there's a way to visually disable with CSS multiple [Post comment] buttons, so hitting/using just one available (with random option or something) will automatically send correct form, which will be checked?
If javascript is available, then simple check of keyboard or mouse activity is look good also. (but i use `lynx` and disable otherwise useless javascript quite frequently.)
"/files/css/e07d16f75ead26d32750f40a613edb4d.css"
i see, that some kind of "random" CSS is already included.
____
spam filtering
The intention of the "report as spam" buttons is to allow KernelTrap readers to report if spam slips through my spam filters. My filters then learn from this spam, and hopefully block similar posts in the future.
These links are nothing like captchas, as they are opt-in -- you choose if you want to participate in the spam prevention effort. If you don't care about spam, you don't have to participate -- you simply enter your comments and/or forum posts, and away you go.
I know that my filters will never be 100% accurate, and that some spam will always slip through, but they do they heavy lifting for me, and make it possible for me to allow anonymous posting w/o captchas.
Alright then. I've put (in
Alright then.
I've put (in blog) all CSS-possible ways, i can see to do it in non-captcha way. I'd glad to help with developent of design and testing, if it is usable (i don't do php and such).
____
captcha
The ideas you're describing in your blog are just captchas in disguise as far as I see -- I don't want to have to solve a puzzle just to post a comment, and I don't want to require this from anyone else, either. I want to type out my comment and hit submit, nice and simple. That is what my spam module is all about.
> The ideas you're
> The ideas you're describing in your blog are just captchas
Well, if hiding all but one correct button is a captcha, so be it.
But this thing is non usable only without CSS support. Why having more input buttons that are hidden in various ways isn't a good front-end for filters to learn, for example?
The output of hidden buttons can be a loophole for automatic bots with neverending requests for input or just big writing delays.
(sidenote: sometimes i feel myself too stupid with web; not when i'm being asked to fill captcha when in `lynx`, but when i'm being told to download flash player to see some news videos.
Player is there, but javascript is switched off. Anyway i just hit: ctrl+u, ctrl+f "flv", select+copy filename, run mplayer. Even with a player things are too inflexible. So i just go to browser's cache and run mplayer on cached copy of file, thus i have all volume/speed/other tunning buttons right there.
If somebody don't know: make file read-only and you will have it for your own. It will sometimes save you another login/registration time for "download" capability, will prevent from installing useless download software, will enable you to have a "backup" copy if content have no official "download". Sometimes design flaws of new tech are quite useful.:)
____
Yet another spam
Yet another spam -> kerneltrap.org/node/5515
I've had two in blog right
I've had two in blog right after i've posted "why they have such simple life without visually hidden random input buttons in preview, post stage etc." :)
I can go further with imagination
I'm opted as non-spammer and i take this with very big responsibility. So, let me propose this for funny start:
provide stdin/stdout-only (jail) facility for `
sed`, configured via user settings, where i can:* set number of
`sed`s in the pipe:comment_web ==>
| sed "$S1" | sed "$S2" | sed "$S3" | ... |==> web_output* set individual scripts for each
jail must have no open() and exec*() (and all other security-breaking) calls, because
`sed`can read and write files and `chroot` is available only for root (for some crazy reason).What i will do, is inserting style tags and wrap as more space with <input css=hidden> traps as possible. One but: there must be random string and/or number to peek somewhere in html, so script have no static, easy-to-avoid output. This info is used and stripped in output, of course.
And then let's see which blog is spammed more. If somebody don't like my captchas or CSS games, they will not post comments (never saw human replies there, but anyway). Don't say site runs on msft products or you have no standard
`sed`which in turn can be statically linked for easy in-jail run. This is real fun with web!:D
Who is the hacker after that? xml-php-java*-web2.0 or what?
--sed 'sed && sh + olecom = love' << ''-o--=O`C#oo'L O<___=E Mrestricted sed
BTW, technically restricted
`sed`can be organized easily: you strip out all open+exec functionality form sources (by same`sed`), build it statically and call it`rsed`.:)
next question if you can trust to all that over-complicated RE codebase to do not do stupid stack overflows and other explointing "fun". Oh, gee...
ou, this one must be called rsed.bash or rsed.sh at least.
http://freshmeat.net/projects/rsed/
simple wrapper is the whole project...
____