[pLog-svn] spam

Alexander Kaiser alex at poolie.de
Sun Dec 17 10:56:59 GMT 2006


I'm using bb since some months now (i include it directly within the php
code and not smarty/js) and the number of false positives is very, very
small.

it blocks about 25k+ bad requests in a week.

so far, i'm nothing but happy with it. i should update to the latest version
tho ;)

regards,

alex

On 12/17/06, Paul Westbrook <paul at westbrooks.org> wrote:
>
> Hello,
>     I commented out the dns blacklist test, as those are also done in
> the dnsblacklist plugin.
>
> --Paul
>
>
> On Dec 16, 2006, at 4:40 PM, Jon Daley wrote:
>
> >       We first should fix the two (I commented one, and I think someone
> > else commented the other - I am not sure what the first one does)
> > things we commented out in the bad behavior plugin.
> >       The one I commented out was due to javascript being cached in the
> > smarty template, causing it to report incorrect errors.
> >
> >       The site I was looking at today does use bad behavior already.  I
> > use the renice trick on their entire blog, not just the resources.
> > The way the spammers seem to operate is have one computer that runs
> > through and gets all the articles.  Then that list is published out
> > around the world, and then ~12 hours later, a massive attack
> > happens, one comment from each ip.
> >       On my own blog, I was able to block the reader ip, and that
> > stopped all of the spam.  I am getting more now, so there is
> > probably a new reader, but I haven't analyzed it yet.
> >       The trouble is that even the reader can cause problems for
> > LifeType - generating a couple article views every second is enough
> > to make my server not very happy, though not enough to kill it.
> > The thousands of comments in the span of some number of minutes is
> > enough to kill it.
> >
> >       What I would like is some sort of rate-limiting thing,
> > particularly per ip, but even not per ip might be useful too.
> > Maybe something can be added to bad-behavior to include reads, and
> > not just posts.  I think it already tracks the timestamps of every
> > post, and even reads, so it might not be that hard to do.  Paul -
> > you have probably know the code the best.  Are you interested in
> > looking at that?
> >
> > On Sun, 17 Dec 2006, Oscar Renalias wrote:
> >> Yes, that's the one I was thinking about.
> >>
> >> Would it be feasible to integrate it with the core? Are we really
> >> sure that it loads less code than "standard" plugins?
> >>
> >> On 17 Dec 2006, at 00:07, Paul Westbrook wrote:
> >>
> >>> Hello,
> >>>   The plugin that I believe that you are thinking about is the
> >>> Bad Behavior plugin.  This plugin rejects the http connection,
> >>> essentially before any LifeType code sees the request.
> >>> --Paul
> >>> On Dec 16, 2006, at 1:59 PM, Oscar Renalias wrote:
> >>>> Isn't the akismet plugin working at a much lower level and in a
> >>>> more effective way than our current anti-spam systems? Could it
> >>>> be merged into the core and leverage its lower requirements?
> >>>> On 16 Dec 2006, at 20:34, Jon Daley wrote:
> >>>>
> >>>>>   My guess is that the main problem of people running large blog
> >>>>> hosting environments is the spammers.  They can hit the server
> >>>>> so fast, and use up the whole CPU and GBs of RAM very quickly.
> >>>>>   And once a blog has been abandoned, spammers can jump all over
> >>>>> it.
> >>>>> This also happens to a wordpress installation I have, so we
> >>>>> don't have to feel really bad about it, but it would be nice to
> >>>>> have a way to block spam with very little resources.
> >>>>> --
> >>>>> Jon Daley
> >>>>> http://jon.limedaley.com/
> >>>>> The human mind ordinarily operates at only ten percent of its
> >>>>> capacity - the rest is overhead for the operating system.
> >>>>> _______________________________________________
> >>>>> pLog-svn mailing list
> >>>>> pLog-svn at devel.lifetype.net
> >>>>> http://devel.lifetype.net/mailman/listinfo/plog-svn
> >>>> _______________________________________________
> >>>> pLog-svn mailing list
> >>>> pLog-svn at devel.lifetype.net
> >>>> http://devel.lifetype.net/mailman/listinfo/plog-svn
> >>> --
> >>> Paul Westbrook
> >>> paul at westbrooks.org
> >>> <http://www.westbrooks.org>
> >>> _______________________________________________
> >>> pLog-svn mailing list
> >>> pLog-svn at devel.lifetype.net
> >>> http://devel.lifetype.net/mailman/listinfo/plog-svn
> >>
> >> _______________________________________________
> >> pLog-svn mailing list
> >> pLog-svn at devel.lifetype.net
> >> http://devel.lifetype.net/mailman/listinfo/plog-svn
> >
> > --
> > Jon Daley
> > http://jon.limedaley.com/
> >
> > Inside every small problem is a large problem struggling to get out.
> > _______________________________________________
> > pLog-svn mailing list
> > pLog-svn at devel.lifetype.net
> > http://devel.lifetype.net/mailman/listinfo/plog-svn
>
> --
> Paul Westbrook
> paul at westbrooks.org
> <http://www.westbrooks.org>
>
>
> _______________________________________________
> pLog-svn mailing list
> pLog-svn at devel.lifetype.net
> http://devel.lifetype.net/mailman/listinfo/plog-svn
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http:// devel.lifetype.net/pipermail/plog-svn/attachments/20061217/dfbc8586/attachment.html


More information about the pLog-svn mailing list