Serendipity Forums

Hi!

I've just updated the spamblock plugin in our repository (which will be contained in the next snapshots). [1]

It now has an option to automatigally ban IP adresses from your blog via .htaccess rules that are considered as 'true' spammers. A 'true' spammer is identified if his comment was:

- rejected by Akismet
- rejected by blogg.de blacklist
- rejected because of a wordmatch on blocked emails
- rejected because they entered a comment that already is stored in the database

Those users will be completely shut off the blog, and then causing no traffic and no DB traffic because serendipity does no longer need to be fully run.

Of course this method has the huge drawback that if a person is blocked, he will stay blocked for 3 days (hardcoded into the script right now). So this method might easily yield false positives if Akismet is failing.

I have enabled this method on my own personal blog and will see how it affects users in the next days. If you want to try it out for yourself, I would appreciate the feedback.

Best regards,
Garvin

[1] http://svn.berlios.de/viewcvs/serendipi ... 3&view=rev

Generally a good idea.

garvinhicking wrote:Those users will be completely shut off the blog, and then causing no traffic and no DB traffic because serendipity does no longer need to be fully run.

You could block them only from comment.php, couldn't you? In case you shut out somebody by accident he'll still be able to browse the blog, but not comment. If someone is shut out, he'll only get the 403-Page and doesn't know whats happening.
EDIT: I just saw, that only trackbacks seem to use the comment.php, right?

Aren't there drawbacks from writing .htaccess on every new spam? (meaning: race conditions when a user hits the page in the exact moment the file is cleaned and rewritten). It'd be great if .htaccess would support includes.

Hi!

After an hour, my blog had a list of 200 banned IPs which was affecting the response times of Apache. It seems that apache takes a long time to parse the DENY FROM rule, so I had to shut it off again. :-/

I could block them from comment.php, that's true - but trackbacks and comments can also be sent to the "pretty URLs" and would then be forwarded to index.php - so I believe that would not take all traffic...

Aren't there drawbacks from writing .htaccess on every new spam? (meaning: race conditions when a user hits the page in the exact moment the file is cleaned and rewritten). It'd be great if .htaccess would support includes.

That's a good hint. I believe this can be solved with file locking...

Best regards,
Garvin

Hi!

At least the .htaccess method didn't really put good use on my blog, so I disabled it. I currently have blocked trackbacks completely in comments.php.

Regards,
Garvin