Spam in comments Spam in comments
 

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Main Menu

Spam in comments

Started by Graham66, April 28, 2009, 12:02:33 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Graham66

My site has only been up a month and already it has had several spam attacks.  Restricting comments to registered users helps, coupled with approval of new applications for registration.  I have also added the bad-behaviour plug-in.

I have, however, been trying to think of ways of preventing (or at least reducing) spam, without involving me in approvals.  The attacks I have had so far involve a load of irrelevant text, followed by a link to a site selling some kind of dodgy product.

One solution I have come up with is to add to the bad word list in the language file.  I have added:

'*<a*', 'href*', '.co*', '"<"', '">"', '*"&#60"*', '*"&#62"*', '"&lt"', '*"&lt"*', '&lt', '*&lt*', '"&gt"', '&gt', '*"&gt"*', '*&gt*', 'http*', '*www.*',

to the list of banned words.  This prevents links to websites using www. or http:\\ as well as the .com extension (it would be easy to add other troublesome extensions).  It also prevents the non-alphanumeric characters "<" and ">", which means that HTML tags cannot be included.

Presumably if spam is coming from registered users, they are having to copy the spam text over manually.  Hopefully they will see that what they get does not come out as a useable link, and maybe they will move on.  Even if it does not stop them, there will be some satisfaction that their efforts to create links to their sites will have been in vain.

You will not want all of this, if you want your users to be able to insert links to other websites - choose however much of this you want.

Having only implemented this a few minutes ago, I have yet to see whether it really does deter manual spammers, but it seemed worth a try.  I will report back in a while to indicate whether or not it seems to have been successful.  I have seen other comments that there is no point trying to use the bad word list to predict words spammers may use, but I have not found another thread which suggests making use of this list to make the spam content worthless to the spammer:  I will be interested to know if anyone else has tried this, and if so, whether it has decreased spam.

Incidentally, although if you are in England, the english.php file is used for email content, it seems that for the bad word list, the english_gb.php file (my default) is used.  I have put the list in both, to be on the safe side!

Graham

Joe Carver

Good idea, I wish you luck with it. However one thing you wrote made me curious
Quotefollowed by a link to a site

Are you getting clickable, live links as spam? The version:  Coppermine Photo Gallery 1.4.21 seems to strip all
of that out on my site, at least for comments. Try it here gallery.josephcarver.com/natural/  please delete any test comments and please let know if you can leave a live link. I could not.
Just curious.....

Graham66

Yes, I just tried on your site, and I can leave a live link as a comment.  All I did was type www.google.com as my comment, and this was converted into a live link (I deleted the comment as requested).

Graham

phill104

Try installing the capcha plugin.

http://forum.coppermine-gallery.net/index.php/topic,36319.0.html

It should reduce your spam to an acceptable level or 0
It is a mistake to think you can solve any major problems just with potatoes.

Joe Carver

Thanks Graham66!
And yes, Phil Luckhurst's recommendation is the best advice to slow down/stop spam. For me spam has gone to virtually
zero with captcha.

Fabricio Ferrero

[off topic:]
Quote from: i-imagine on April 28, 2009, 02:32:27 PM
Coppermine Photo Gallery 1.4.21 seems to strip all of that out on my site, at least for comments.
That's due to:
Quote from: Joachim Müller on March 02, 2009, 09:08:40 AM
Why was cpg1.4.21 released?
The release covers a recently discovered vulnerability...//...The vulnerability is due to the processing of the bbcode tags [ i m g ] and [ u r l ]...//...So the solution is to remove the correct processing of the two bbcode tags, [ i m g ] and [ u r l ]...//...The Coppermine dev team is working on a way to handle these bbcode tags and will post here with more information.
[/off topic]
Read Docs and Search the Forum before posting. - Soporte en español
--*--
Fabricio Ferrero's Website

Catching up! :)

Graham66

QuoteTry installing the capcha plugin

I have now done this.  I was somewhat put off by the various reports of difficulties in getting this working, but it installed and worked "out-of-the-box" as advertised.  Thank you for another excellent plug-in.

I will leave in my bad words additions anyway, which will defeat anyone determined enough to insert the capcha each time from leaving live links (in fact, I turned the capcha down to 3 characters and 20 lines, because I was myself finding the default 5 characters and 70 lines difficult to read, and I do not want to make things too difficult for my site users) .  I made one omission from my additional bad word list, however:  in checking the capcha plug-in, I discovered that including ".co" in the bad word list caught all examples of "co", whether or not prefaced by a period.  The deletion of "www" or "http" does what is required already, so I can live with a site name inserted showing xyz.com, since it cannot now be a live link.

Graham

Joe Carver

[off topic] Thanks Fabricio. I was happy with those changes (and found it interesting to see the existing links disappear)[/off topic]

Thanks again Graham66

Joachim Müller

Quote from: i-imagine on April 28, 2009, 02:32:27 PM
Try it here gallery.josephcarver.com/natural/ 
Site is broken - I get
QuoteParse error: syntax error, unexpected T_STRING, expecting ')' in /home/a300d29/public_html/photo/natural/lang/english.php on line 63
, so you're probably running maintenace works there...

Quote from: Graham66 on April 28, 2009, 12:02:33 PM
One solution I have come up with is to add to the bad word list in the language file.
A very time-consuming method and not a very effective one. Checking spam patterns and blocking potentially spammified comments is what Akismet does. Instead of fiddling with the language file I suggest looking into the corresponding Akismet mod that can be found on this board.

Joe Carver

Thank You - the error was false confidence in my ability to correctly edit all of the language files without 
checking the default. (so it was dangerous to edit the language files...)