Using the blacklist in admin


#1

(I really should put something like this on the wiki as well)

How many actually use the Blacklist page in admin? I’d sort of left
it alone because I knew it uses the black art of regex. But I’ve had
a little look at it today and it does use string expressions as well.

So if you are seeing spammy comments along the usual lines of ‘poker’
or ‘pills’ … hmm that’s probably going to get trapped in peoples
filters … anyway, you can create a new pattern and just put the
term you want blocked in the body of the post. As long as you set
the type to string. You can see it working in logs:

[SP] Scanning for StringPattern poker
[SP] Hit: String ‘poker’ matched

Comments matching any patterns will not be posted.

Be aware though there isn’t any form of moderation on this … so if
your friends are wanting to organise a poker night then you won’t
hear about it on your site :slight_smile:

**

While testing I did run across some of those damn NoMethodError log
entries again … I’m going to have to find out what they are and are
they linked to the Rails errors that I slam into sometimes? Do they
make any sense to developers? Is it a Rails thing, a Typo thing or a
mixture of both?

NoMethodError (undefined method look_for_needed_db_updates' for #<Admin::BlacklistController:0x4097a83c>): /vendor/rails/actionpack/lib/action_controller/filters.rb:399:insend’
/vendor/rails/actionpack/lib/action_controller/filters.rb:399:in
call_filters' /vendor/rails/actionpack/lib/action_controller/filters.rb:394:ineach’
/vendor/rails/actionpack/lib/action_controller/filters.rb:394:in
call_filters' /vendor/rails/actionpack/lib/action_controller/filters.rb:383:inbefore_action’
/vendor/rails/actionpack/lib/action_controller/filters.rb:365:in
… blah, blah, blah

Gary


#2

To be honest, I only allow Ajax comments and have not received ANY spam
at all.

Haven’t touched the blacklist…


#3

On 9 May 2006, at 15:20, Jake G. wrote:

To be honest, I only allow Ajax comments and have not received ANY
spam
at all.

Haven’t touched the blacklist…

Very true. Neither did I which is why I wanted to look at it. If
you want a quiet life then don’t allow non-ajax commenting because it
works really well. I’ve still had a few spam comments (3 total), but
they’ve been entered manually.

I don’t know if everybody would be the same though. Some might want
to allow non AJAX commenting for an example - so people can comment
from handheld devices (PocketPC, mobile phones and the like). No big
deal to me, but others might want that. You could also use the
blacklist to block any trolls if you pick them up. Saves messing with
htaccess every time.

Still it just shows that there is another level of protection with
Typo that can be used.

Gary


#4

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 10/05/2006, at 00:20 AM, Jake G. wrote:

To be honest, I only allow Ajax comments and have not received ANY
spam
at all.

I only allow AJAX comments myself, and I’ve definitely had spam since
disabling it. I ended up just blocking comments past N days, to
reduce the number of articles I need to remove comments from if it
happens.

TX

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (Darwin)

iD8DBQFEYUohuMe8iwN+6nMRAhJyAJ40NtGwgq1WRjmZPtwDsr/p2gCVsQCgjRfA
iVEkfx5pdqh0FYcML9ndWhY=
=Z2dU
-----END PGP SIGNATURE-----


#5

I also don’t allow non ajax comments and for the comments that works
fine, but occasionally I do get trackback spam.

The other day I had to remove 190+ trackbacks from one post. - which
reminds me: some sort of “delete-all” button (for comments or
trackbacks) in the admin panel would be nice :slight_smile:

On 5/9/06, Gary S. removed_email_address@domain.invalid wrote:

Very true. Neither did I which is why I wanted to look at it. If

Still it just shows that there is another level of protection with
Typo that can be used.

Gary


Typo-list mailing list
removed_email_address@domain.invalid
http://rubyforge.org/mailman/listinfo/typo-list


Koen.


#6

On 9 May 2006, at 15:54, Koen Van der Auwera wrote:

I also don’t allow non ajax comments and for the comments that works
fine, but occasionally I do get trackback spam.

The other day I had to remove 190+ trackbacks from one post. - which
reminds me: some sort of “delete-all” button (for comments or
trackbacks) in the admin panel would be nice :slight_smile:

Trackbacks are an issue. Personally I don’t see the use for them and
think it’s dead as a function - no matter what the blog engine.
There are enough blog search services to keep an eye on what people
are saying about your site and if people want to get some link lurve
then commenting is available. For spammers it’s a great service
which is why I have trackbacks disabled as a matter of course.

You have reminded me that it does need to be easier to navigate
articles and comments. If you get a notification of a comment it’s
actually quite difficult to get to the comment in admin as you are
informed of the permalink (site/day/month/year/this-is-a-comment) and
not the admin comment link - which would be admin/article/
1234comments. A few times I’ve had to search the database for the
corresponding article number so I can manually enter the admin url to
nuke the comment. You can of course nuke it directly from the site
if you’re logged in as admin - but sometimes I might just want to
edit the comment (trolls or whatever) or gather the IP information
for it.

Gary


#7

On 10 May 2006, at 06:56, Josh S. wrote:

The annoying limit on blacklists is that they only match against the
body of the comment, not the url or email address. I get a lot of
blog spam that is using the url to generate some blog mana by linking
off mine. Would be great if the blacklist worked on the url field
too. Yes, it’s an easy patch to make (I think) but I’m not running
trunk yet so I’m not set up to do it myself just now.

Spam protection does check against the domain on blacklists. But I’m
seeing that in trunk.

Gary


#8

The annoying limit on blacklists is that they only match against the
body of the comment, not the url or email address. I get a lot of
blog spam that is using the url to generate some blog mana by linking
off mine. Would be great if the blacklist worked on the url field
too. Yes, it’s an easy patch to make (I think) but I’m not running
trunk yet so I’m not set up to do it myself just now.


Josh S.
http://blog.hasmanythrough.com