[pmwiki-users] Core Spam Blcok Thoughts

Crisses crisses at ofobscurity.com
Wed Apr 19 19:03:34 CDT 2006 

On Apr 19, 2006, at 7:20 PM, Neil Herber wrote:
> At 2006-04-19  06:44 PM -0400, Crisses is rumored to have said:
>> I know of one PmWiki installation that died -- the owner believes the
>> blocklist was the reason.  Indeed, getting the blocklist page to come
>> up was one of the major problems.
>
> Hagan Fox created a version of Blocklist2 which he called "cmsb- 
> blocklist.php".

I don't see Hagan's recipe...wouldn't it be under the Security  
section in the Cookbook?

I based mine on PM's recipe...quite some time ago now.  It needs to  
be gone over and freshened up.

> I have installed it and found it very (no, not very, extremely)
> effective. I don't see any need for the "steroids" approach, and I am
> one of those people with a tiny overworked server who is quite
> willing to use whatever works and nothing more.
>
> I found that the single most effective way of blocking wikispam was
> by adding URL fragments to the blocklist, and they were handled quite
> well by Blocklist2.

I would like to see the differences in how cmsb handles the  
blocklisting.  If his script is better (faster, stronger, more  
powerful than a locomotive), then either I can refer people to it on  
the Blocklist2 page, or incorporate changes back into Blocklist2.

URL fragments are by far the most powerful to block  -- most wikispam  
is 50 links for subdomain.domain.com where subdomain and the page  
linked change, but "domain.com" can be relied on as being pretty  
stable.  However, I've caught MANY sites before I was blocking the  
domain by blocking specific other phrases and word fragments -- the  
best being a list of common drugs although that added over 1000  
entries to my blocklist.  My high scorers are blocked on 50 terms.  I  
see that one made it to 55.  If I make it so that people are blocked  
on the first match it will ease the server stress, but you won't get  
a list of why in an email, and as a service to my writers I'd rather  
they know what's wrong with their attempts so they can decide whether  
to tell me there's a problem.  I have to make sure that turning off  
"why" (and thus scoring) blocks on the first match, though.

I'll add regex support as an option like the WhyBlocked option --  
($EnableBlocklistRegex) default will be off and thus less of a burden  
on the server.  People can enable it "on" by choice which will add  
the regex: blocklist markup -- and will behave with the rules of perl- 
compatible-regex (PCRE) unless anyone has a good reason it should be  
the PHP default regex.  Note that this would be very advanced, and  
will be noted as such with a link to PHP.org's PCRE documentation for  
anyone who really wants to use it.

Crisses

More information about the pmwiki-users mailing list