[pmwiki-users] Core Spam Blcok Thoughts
Crisses
crisses at ofobscurity.com
Wed Apr 19 19:03:34 CDT 2006
On Apr 19, 2006, at 7:20 PM, Neil Herber wrote:
> At 2006-04-19 06:44 PM -0400, Crisses is rumored to have said:
>> I know of one PmWiki installation that died -- the owner believes the
>> blocklist was the reason. Indeed, getting the blocklist page to come
>> up was one of the major problems.
>
> Hagan Fox created a version of Blocklist2 which he called "cmsb-
> blocklist.php".
I don't see Hagan's recipe...wouldn't it be under the Security
section in the Cookbook?
I based mine on PM's recipe...quite some time ago now. It needs to
be gone over and freshened up.
> I have installed it and found it very (no, not very, extremely)
> effective. I don't see any need for the "steroids" approach, and I am
> one of those people with a tiny overworked server who is quite
> willing to use whatever works and nothing more.
>
> I found that the single most effective way of blocking wikispam was
> by adding URL fragments to the blocklist, and they were handled quite
> well by Blocklist2.
I would like to see the differences in how cmsb handles the
blocklisting. If his script is better (faster, stronger, more
powerful than a locomotive), then either I can refer people to it on
the Blocklist2 page, or incorporate changes back into Blocklist2.
URL fragments are by far the most powerful to block -- most wikispam
is 50 links for subdomain.domain.com where subdomain and the page
linked change, but "domain.com" can be relied on as being pretty
stable. However, I've caught MANY sites before I was blocking the
domain by blocking specific other phrases and word fragments -- the
best being a list of common drugs although that added over 1000
entries to my blocklist. My high scorers are blocked on 50 terms. I
see that one made it to 55. If I make it so that people are blocked
on the first match it will ease the server stress, but you won't get
a list of why in an email, and as a service to my writers I'd rather
they know what's wrong with their attempts so they can decide whether
to tell me there's a problem. I have to make sure that turning off
"why" (and thus scoring) blocks on the first match, though.
I'll add regex support as an option like the WhyBlocked option --
($EnableBlocklistRegex) default will be off and thus less of a burden
on the server. People can enable it "on" by choice which will add
the regex: blocklist markup -- and will behave with the rules of perl-
compatible-regex (PCRE) unless anyone has a good reason it should be
the PHP default regex. Note that this would be very advanced, and
will be noted as such with a link to PHP.org's PCRE documentation for
anyone who really wants to use it.
Crisses
More information about the pmwiki-users
mailing list