Advanced search  

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Pages: [1]   Go Down

Author Topic: Spam in comments  (Read 7768 times)

0 Members and 1 Guest are viewing this topic.

Graham66

  • Coppermine newbie
  • Offline Offline
  • Posts: 10
Spam in comments
« on: April 28, 2009, 12:02:33 pm »

My site has only been up a month and already it has had several spam attacks.  Restricting comments to registered users helps, coupled with approval of new applications for registration.  I have also added the bad-behaviour plug-in.

I have, however, been trying to think of ways of preventing (or at least reducing) spam, without involving me in approvals.  The attacks I have had so far involve a load of irrelevant text, followed by a link to a site selling some kind of dodgy product.

One solution I have come up with is to add to the bad word list in the language file.  I have added:

Code: [Select]
'*<a*', 'href*', '.co*', '"<"', '">"', '*"&#60"*', '*"&#62"*', '"&lt"', '*"&lt"*', '&lt', '*&lt*', '"&gt"', '&gt', '*"&gt"*', '*&gt*', 'http*', '*www.*',

to the list of banned words.  This prevents links to websites using www. or http:\\ as well as the .com extension (it would be easy to add other troublesome extensions).  It also prevents the non-alphanumeric characters "<" and ">", which means that HTML tags cannot be included.

Presumably if spam is coming from registered users, they are having to copy the spam text over manually.  Hopefully they will see that what they get does not come out as a useable link, and maybe they will move on.  Even if it does not stop them, there will be some satisfaction that their efforts to create links to their sites will have been in vain.

You will not want all of this, if you want your users to be able to insert links to other websites - choose however much of this you want.

Having only implemented this a few minutes ago, I have yet to see whether it really does deter manual spammers, but it seemed worth a try.  I will report back in a while to indicate whether or not it seems to have been successful.  I have seen other comments that there is no point trying to use the bad word list to predict words spammers may use, but I have not found another thread which suggests making use of this list to make the spam content worthless to the spammer:  I will be interested to know if anyone else has tried this, and if so, whether it has decreased spam.

Incidentally, although if you are in England, the english.php file is used for email content, it seems that for the bad word list, the english_gb.php file (my default) is used.  I have put the list in both, to be on the safe side!

Graham
Logged

Joe Carver

  • Dev Team member
  • Coppermine addict
  • ****
  • Country: us
  • Offline Offline
  • Gender: Male
  • Posts: 1545
  • aka 'i-imagine'
    • Home Page
Re: Spam in comments
« Reply #1 on: April 28, 2009, 02:32:27 pm »

Good idea, I wish you luck with it. However one thing you wrote made me curious
Quote
followed by a link to a site

Are you getting clickable, live links as spam? The version:  Coppermine Photo Gallery 1.4.21 seems to strip all
of that out on my site, at least for comments. Try it here gallery.josephcarver.com/natural/  please delete any test comments and please let know if you can leave a live link. I could not.
Just curious.....

Graham66

  • Coppermine newbie
  • Offline Offline
  • Posts: 10
Re: Spam in comments
« Reply #2 on: April 28, 2009, 02:38:47 pm »

Yes, I just tried on your site, and I can leave a live link as a comment.  All I did was type www.google.com as my comment, and this was converted into a live link (I deleted the comment as requested).

Graham
Logged

phill104

  • Administrator
  • Coppermine addict
  • *****
  • Country: gb
  • Offline Offline
  • Gender: Male
  • Posts: 4885
    • Windsurf.me
Re: Spam in comments
« Reply #3 on: April 28, 2009, 02:44:49 pm »

Try installing the capcha plugin.

http://forum.coppermine-gallery.net/index.php/topic,36319.0.html

It should reduce your spam to an acceptable level or 0
Logged
It is a mistake to think you can solve any major problems just with potatoes.

Joe Carver

  • Dev Team member
  • Coppermine addict
  • ****
  • Country: us
  • Offline Offline
  • Gender: Male
  • Posts: 1545
  • aka 'i-imagine'
    • Home Page
Re: Spam in comments
« Reply #4 on: April 28, 2009, 02:55:56 pm »

Thanks Graham66!
And yes, Phil Luckhurst's recommendation is the best advice to slow down/stop spam. For me spam has gone to virtually
zero with captcha.

Fabricio Ferrero

  • Dev Team member
  • Coppermine addict
  • ****
  • Country: 00
  • Offline Offline
  • Gender: Male
  • Posts: 1996
  • From San Juan, Argentina, to the World!
    • http://fabricioferrero.com/
Re: Spam in comments
« Reply #5 on: April 28, 2009, 02:59:24 pm »

[off topic:]
Coppermine Photo Gallery 1.4.21 seems to strip all of that out on my site, at least for comments.
That's due to:
Why was cpg1.4.21 released?
The release covers a recently discovered vulnerability...//...The vulnerability is due to the processing of the bbcode tags [ i m g ] and [ u r l ]...//...So the solution is to remove the correct processing of the two bbcode tags, [ i m g ] and [ u r l ]...//...The Coppermine dev team is working on a way to handle these bbcode tags and will post here with more information.
[/off topic]
Logged
Read Docs and Search the Forum before posting. - Soporte en español
--*--
Fabricio Ferrero's Website

Catching up! :)

Graham66

  • Coppermine newbie
  • Offline Offline
  • Posts: 10
Re: Spam in comments
« Reply #6 on: April 28, 2009, 03:50:14 pm »

Quote
Try installing the capcha plugin

I have now done this.  I was somewhat put off by the various reports of difficulties in getting this working, but it installed and worked "out-of-the-box" as advertised.  Thank you for another excellent plug-in.

I will leave in my bad words additions anyway, which will defeat anyone determined enough to insert the capcha each time from leaving live links (in fact, I turned the capcha down to 3 characters and 20 lines, because I was myself finding the default 5 characters and 70 lines difficult to read, and I do not want to make things too difficult for my site users) .  I made one omission from my additional bad word list, however:  in checking the capcha plug-in, I discovered that including ".co" in the bad word list caught all examples of "co", whether or not prefaced by a period.  The deletion of "www" or "http" does what is required already, so I can live with a site name inserted showing xyz.com, since it cannot now be a live link.

Graham
Logged

Joe Carver

  • Dev Team member
  • Coppermine addict
  • ****
  • Country: us
  • Offline Offline
  • Gender: Male
  • Posts: 1545
  • aka 'i-imagine'
    • Home Page
Re: Spam in comments
« Reply #7 on: April 28, 2009, 04:19:47 pm »

[off topic] Thanks Fabricio. I was happy with those changes (and found it interesting to see the existing links disappear)[/off topic]

Thanks again Graham66

Joachim Müller

  • Dev Team member
  • Coppermine addict
  • ****
  • Offline Offline
  • Gender: Male
  • Posts: 47843
  • aka "GauGau"
    • gaugau.de
Re: Spam in comments
« Reply #8 on: April 28, 2009, 05:50:55 pm »

Try it here gallery.josephcarver.com/natural/ 
Site is broken - I get
Quote
Parse error: syntax error, unexpected T_STRING, expecting ')' in /home/a300d29/public_html/photo/natural/lang/english.php on line 63
, so you're probably running maintenace works there...

One solution I have come up with is to add to the bad word list in the language file.
A very time-consuming method and not a very effective one. Checking spam patterns and blocking potentially spammified comments is what Akismet does. Instead of fiddling with the language file I suggest looking into the corresponding Akismet mod that can be found on this board.
Logged

Joe Carver

  • Dev Team member
  • Coppermine addict
  • ****
  • Country: us
  • Offline Offline
  • Gender: Male
  • Posts: 1545
  • aka 'i-imagine'
    • Home Page
Re: Spam in comments
« Reply #9 on: April 28, 2009, 06:40:50 pm »

Thank You - the error was false confidence in my ability to correctly edit all of the language files without 
checking the default. (so it was dangerous to edit the language files...)
Pages: [1]   Go Up
 

Page created in 0.034 seconds with 19 queries.