[Tracker-discuss] [issue105] Dealing with spam
Doug Napoleone
Doug.Napoleone at nuance.com
Tue Mar 20 23:26:30 CET 2007
FYI:
Thanks to google and yahoo API's, more and more spam bots are
automatically getting around the e-mail confirmation (when the
confirmation e-mail includes a url or clickable link).
There are a few ways of dealing with this:
1. have the confirmation e-mail have the activation code separate, and
make the person enter the data in a form.
2. Use captcha everywhere (yuck).
3. Use spambot detections on your forms.
The third is the most work and is broken into two parts:
Passive:
--------
Have fields on your form which are hidden using CSS. This CSS should be
on wrapping <div>'s and not on the form inputs them selves. Cascading
works the best. A text input and a text area together are best. Make
sure the inputs have names like "description" or "info", something
attractive to a bot.
If you see any data submitted in these fields, reject the post.
Aggressive:
-----------
Add a hidden field (in the classic type="hidden" sense) which has an
encoded value for the page rendering time, or a unique id which can be
connected back to a rendering time. If the post occurs within 4 seconds,
reject the post.
Integrate with a spam detection service like akismet:
http://akismet.com/
Sample python code (django specific):
http://www.djangosnippets.org/snippets/107/
I have used the 3rd solution on a high google ranked site to allow for
anonymous posting. In the past year, only 1 spam post got through.
-Doug
-----Original Message-----
From: tracker-discuss-bounces at python.org
[mailto:tracker-discuss-bounces at python.org] On Behalf Of Paul Dubois
Sent: Tuesday, March 20, 2007 6:04 PM
To: tracker-discuss at python.org
Subject: [Tracker-discuss] [issue105] Dealing with spam
Paul Dubois added the comment:
I did a 'retire' on the user and this issue. While it doesn't take the
issue out of the database, it does make it not show up in searches and
displays of issues. It appears you can still see it if you ask for it
by number, at least I could but I was logged as administrator. I defer
to someone more knowing as to how one could obliterate any traces of
it, if one can.
Somebody had to go to some trouble to do this, registering and then
confirming by email.
On 3/20/07, A.M. Kuchling <metatracker at psf.upfronthosting.co.za> wrote:
>
> New submission from A.M. Kuchling:
>
> The first spammy issue report has arrived in the Python tracker.
Issue 1002
> attaches an HTML file with spam links. It looks to me like the
spammer
> registered for a user ID (or are IDs created automatically on receipt
of an e-mail)?
>
> Admins should have the ability to delete issues and files completely;
just
> closing them isn't sufficient.
>
> ----------
> messages: 503
> nosy: amk
> priority: feature
> status: unread
> title: Dealing with spam
>
> _______________________________________________________
> Meta Tracker <metatracker at psf.upfronthosting.co.za>
> <http://psf.upfronthosting.co.za/roundup/meta/issue105>
> _______________________________________________________
> _______________________________________________
> Tracker-discuss mailing list
> Tracker-discuss at python.org
> http://mail.python.org/mailman/listinfo/tracker-discuss
>
_______________________________________________________
Meta Tracker <metatracker at psf.upfronthosting.co.za>
<http://psf.upfronthosting.co.za/roundup/meta/issue105>
_______________________________________________________
_______________________________________________
Tracker-discuss mailing list
Tracker-discuss at python.org
http://mail.python.org/mailman/listinfo/tracker-discuss
More information about the Tracker-discuss
mailing list