Request for Spam-protection Feature


#1

Hello,
I have a request that the user engine and the wiki engines should
incorporate some sort of spam protection, ideally using images.

http://rails-engines.org/ is such a new site, and still today I fixed
pages
which were spammed and filled with junk.

Cheers.

Surendra S.
http://ssinghi.kreeti.com, http://www.kreeti.com
Read the latest news at: http://news.kreeti.com


#2

The best way to get this kind of functionality would be to submit
patches - I agree that it would certainly be useful, but I don’t have
a lot of time to dedicate to this time of feature.

james

On 2/14/06, removed_email_address@domain.invalid removed_email_address@domain.invalid wrote:

http://ssinghi.kreeti.com, http://www.kreeti.com
Read the latest news at: http://news.kreeti.com


engine-users mailing list
removed_email_address@domain.invalid
http://lists.rails-engines.org/listinfo.cgi/engine-users-rails-engines.org

  • J *
    ~

#3

On Tue, 14 Feb 2006 16:45:10 +0530,
removed_email_address@domain.invalid wrote:

I have a request that the user engine and the wiki engines should
incorporate some sort of spam protection, ideally using images.

You should know that CAPTCHAs, as they’re called, are controversial,
because (a) they’re very unfriendly to the disabled, and (b) they’re
actually easy to automate - assuming you can’t OCR them yourself, which
is
a bad assumption these days, you just put up a porn site, display any
CAPTCHAs your spambots see to the end users, and let THEM figure it out
for
you.

Jay L.


#4

Hi,

Jay L. wrote:

CAPTCHAs your spambots see to the end users, and let THEM figure it out for
you.

It’s not terribly difficult to parse domains out of posted URLs and
check them against SURBL (http://www.surbl.org.) I’ve written
proof-of-concept code to do this in perl, there’s Net_DNSBL for PHP - I
can’t imagine it’s that difficult to port either of these to Ruby.

– Bob

PS: I used the following to extract the TLD recognition regexes from
Mail::SpamAssassin. With a PCRE engine and a little adjustment (add
‘(^.*.)?’ at the front and ‘$’ at the back), the regexes are fairly
portable.

#!/usr/bin/perl
use strict;
use Mail::SpamAssassin::Util::RegistrarBoundaries;

print “##### 4LD regex #####\n”
.
$Mail::SpamAssassin::Util::RegistrarBoundaries::FOUR_LEVEL_DOMAINS,"\n";

print “##### 3LD regex #####\n”
.
$Mail::SpamAssassin::Util::RegistrarBoundaries::THREE_LEVEL_DOMAINS,"\n";

print “##### 2LD regex #####\n”
.
$Mail::SpamAssassin::Util::RegistrarBoundaries::TWO_LEVEL_DOMAINS,"\n";

print “##### TLD regex #####\n”
. $Mail::SpamAssassin::Util::RegistrarBoundaries::VALID_TLDS,"\n";


I found a bit of Ruby code at
http://www.spampalforums.org/phpBB2/viewtopic.php?t=5156 that queries
SURBL. It looks like all that’s needed is decent packaging and text ->
URL -> domain extraction (see above and
http://www.surbl.org/implementation.html for more info)

#!/usr/bin/ruby
require ‘resolv’

dns = Resolv::DNS.new
begin
dns.getresources("#{ARGV[0]}.sc.surbl.org",
Resolv::DNS::Resource::IN::A).collect do |r|
print r.address
# etc
end
rescue Resolv::ResolvError => e
puts “not found - address ‘#{e.message}’ not in list, thus hopefully
not spam”
end