From mjervis at gmail.com Sun May 6 04:03:45 2007 From: mjervis at gmail.com (Michael Jervis) Date: Sun, 6 May 2007 09:03:45 +0100 Subject: [geeklog-spam] FYI: Project Honey Pot's http:BL In-Reply-To: <20070428112356.689757547@smtp.haun-online.de> References: <20070428112356.689757547@smtp.haun-online.de> Message-ID: <7b42e7470705060103t1c56ddf1h80fe27967ecf45ca@mail.gmail.com> > Anyone want to try and write a Spam-X module for this? I'm just doing an update and commit cycle of a module. To use this module, you will need: 1) To install PEAR::Net_DNS (http://pear.php.net/package/Net_DNS) 2) To register with Project Honeypot 3) To install a Honeypot or Quick Link 4) To agree to the http:BL T&C's and get an access key You will probably need to: 1) Find out the Nameserver ip addresses you can use from your web host. It's a pretty neat system actually. I like it a lot. But, it's going to be very hard to get it working if you are a novice. The issue I had was that the simple case of Net_DNS doesn't work (UDP query). Until I specified to force TCP and hand-configured the two DNS server IP addresses from my ISP I got nothing out of it. I can't see many users doing that. Plus there's the multitude of hoops to jump through to get access to the http:BL as it is. I'll see what I can do about getting a Geeklog Honeypot generator sorted. Mike From dirk at haun-online.de Mon May 7 15:44:20 2007 From: dirk at haun-online.de (Dirk Haun) Date: Mon, 7 May 2007 21:44:20 +0200 Subject: [geeklog-spam] FYI: Project Honey Pot's http:BL In-Reply-To: <7b42e7470705060103t1c56ddf1h80fe27967ecf45ca@mail.gmail.com> References: <20070428112356.689757547@smtp.haun-online.de> <7b42e7470705060103t1c56ddf1h80fe27967ecf45ca@mail.gmail.com> Message-ID: <20070507194420.5246440@smtp.haun-online.de> Michael Jervis wrote: >To use this module, you will need: > >1) To install PEAR::Net_DNS (http://pear.php.net/package/Net_DNS) Plus "mhash" installed and compiled into PHP, which at least my test box here doesn't seem to have. I guess in the final release, we should ship Spam-X with $_SPX_CONF['http_bl_enable'] = false; bye, Dirk -- http://www.geeklog.net/ http://geeklog.info/ From mjervis at gmail.com Tue May 8 02:35:35 2007 From: mjervis at gmail.com (Michael Jervis) Date: Tue, 8 May 2007 07:35:35 +0100 Subject: [geeklog-spam] FYI: Project Honey Pot's http:BL In-Reply-To: <20070507194420.5246440@smtp.haun-online.de> References: <20070428112356.689757547@smtp.haun-online.de> <7b42e7470705060103t1c56ddf1h80fe27967ecf45ca@mail.gmail.com> <20070507194420.5246440@smtp.haun-online.de> Message-ID: <7b42e7470705072335t635be21dt78750a8d78063312@mail.gmail.com> > Plus "mhash" installed and compiled into PHP, which at least my test box > here doesn't seem to have. Hmm is that a pre-req of PEAR::Net_DNS? > I guess in the final release, we should ship Spam-X with > > $_SPX_CONF['http_bl_enable'] = false; Have to, because to enable it, you need an http:BL access key of your own. Can't ship it with that, so can't ship it enabled. Mike From dirk at haun-online.de Tue May 8 14:12:16 2007 From: dirk at haun-online.de (Dirk Haun) Date: Tue, 8 May 2007 20:12:16 +0200 Subject: [geeklog-spam] FYI: Project Honey Pot's http:BL In-Reply-To: <7b42e7470705072335t635be21dt78750a8d78063312@mail.gmail.com> References: <20070428112356.689757547@smtp.haun-online.de> <7b42e7470705060103t1c56ddf1h80fe27967ecf45ca@mail.gmail.com> <20070507194420.5246440@smtp.haun-online.de> <7b42e7470705072335t635be21dt78750a8d78063312@mail.gmail.com> Message-ID: <20070508181216.2106604753@smtp.haun-online.de> Michael Jervis wrote: >> Plus "mhash" installed and compiled into PHP, which at least my test box >> here doesn't seem to have. > >Hmm is that a pre-req of PEAR::Net_DNS? Yep, . First, PEAR::Net_DNS complained that it wasn't compiled in and then PHP complained that it wasn't installed when I tried to recompile it with --with-mhash. Seems to be a standard component, though. It's compiled into the PHP on geeklog.net and into the one my hosting service installed on their servers. bye, Dirk -- http://spam.tinyweb.net/ From mjervis at gmail.com Tue May 8 14:20:01 2007 From: mjervis at gmail.com (Michael Jervis) Date: Tue, 8 May 2007 19:20:01 +0100 Subject: [geeklog-spam] FYI: Project Honey Pot's http:BL In-Reply-To: <20070508181216.2106604753@smtp.haun-online.de> References: <20070428112356.689757547@smtp.haun-online.de> <7b42e7470705060103t1c56ddf1h80fe27967ecf45ca@mail.gmail.com> <20070507194420.5246440@smtp.haun-online.de> <7b42e7470705072335t635be21dt78750a8d78063312@mail.gmail.com> <20070508181216.2106604753@smtp.haun-online.de> Message-ID: <7b42e7470705081120h2c9434d8t7f10d63703aa8ca6@mail.gmail.com> Hmm and it moves to PECL as of 5.3 http://us3.php.net/mhash From dirk at haun-online.de Fri May 18 13:35:01 2007 From: dirk at haun-online.de (Dirk Haun) Date: Fri, 18 May 2007 19:35:01 +0200 Subject: [geeklog-spam] Congratulations, OpenID Spam has Arrived Message-ID: <20070518173501.1414133842@smtp.haun-online.de> Of course we all knew it wouldn't take long: (via Planet OpenID): --- snip --- iwantmyopenid.org has been pretty much brain dead. Other than being the home of the infamous OpenID Bounty, which managed to discourage most OpenID enthusiasts (Heck, I nearly abandoned phpbb-openid when I realized I wasn't going to get it!), it produced virtually no interest until the other day. Enter h*tp://iwantmyopenid#org/node/19. "The community marketing home of OpenID" is now home to the world's first OpenID spam comment. Please refrain from linking to that page directly. Don't feed the spammers. --- snip --- (URL mangled) -- http://spam.tinyweb.net/ From dirk at haun-online.de Tue May 22 14:37:05 2007 From: dirk at haun-online.de (Dirk Haun) Date: Tue, 22 May 2007 20:37:05 +0200 Subject: [geeklog-spam] Wikispam blacklist Message-ID: <20070522183705.1499132333@smtp.haun-online.de> I was at the "Webinale" today (a mildly interesting Web 2.0 conference) where I had a chat with the guys from MoinMoin wiki about what they do against spam. Turns out there's a manually updated spam blacklist that is shared between three wiki engines (MoinMoin, TWiki, MediaWiki). This is more or less a continuation of the MT-Blacklist (RIP) - minus the RDF feed for the updates. So I've just reinstalled the MT-Blacklist modules for Spam-X on geeklog.info and imported that list. Of course, it's not clear if the spammers they see are the same ones we see. But, like MT-Blacklist, it also contains generic rules, e.g. for all those pill names. We'll see if it catches anything ... bye, Dirk -- http://spam.tinyweb.net/ From dirk at haun-online.de Wed May 23 13:54:16 2007 From: dirk at haun-online.de (Dirk Haun) Date: Wed, 23 May 2007 19:54:16 +0200 Subject: [geeklog-spam] Wikispam blacklist In-Reply-To: <20070522183705.1499132333@smtp.haun-online.de> References: <20070522183705.1499132333@smtp.haun-online.de> Message-ID: <20070523175416.138038454@smtp.haun-online.de> Dirk Haun wrote: >We'll see if it catches anything ... It did: It caught the first legit post that was made after the installation: Found Spam Post matching

posted by user 1 from IP ... Looks like there was a hiccup during the import and it did import a server error as a couple of regular expressions: INSERT INTO `gli_spamx` VALUES ('MTBlacklist',''); (...) INSERT INTO `gli_spamx` VALUES ('MTBlacklist','

The requested URL could not be retrieved

'); (...) INSERT INTO `gli_spamx` VALUES ('MTBlacklist','

'); INSERT INTO `gli_spamx` VALUES ('MTBlacklist','

Your cache administrator is nobody.'); Bad luck, I guess, but things like that really shouldn't happen. That was in the middle of the list, btw, as it's apparently merged live from the individual blacklists of the wikis. bye, Dirk -- http://spam.tinyweb.net/ From dirk at haun-online.de Mon May 28 07:30:17 2007 From: dirk at haun-online.de (Dirk Haun) Date: Mon, 28 May 2007 13:30:17 +0200 Subject: [geeklog-spam] Wikispam blacklist In-Reply-To: <20070522183705.1499132333@smtp.haun-online.de> References: <20070522183705.1499132333@smtp.haun-online.de> Message-ID: <20070528113017.1080801151@smtp.haun-online.de> Dirk Haun wrote: >Turns out there's a manually updated spam blacklist that is shared >between three wiki engines (MoinMoin, TWiki, MediaWiki). This is more or >less a continuation of the MT-Blacklist (RIP) - minus the RDF feed for >the updates. Okay, so the problem with the faulty entries in that list has been resolved. The maintainer, Thomas Waldmann from MoinMoin wiki, also kindly gave me the Python script they use for the syndication. Since there is no RDF feed for the updates, I've hacked something together myself. So, if you want to try this out, you can re-install the old MT-Blacklist modules and use these settings in your Spam-X config.php (URLs mangled as I don't want them to be picked up by the search engines just yet): $_SPX_CONF['mtblacklist_url'] = 'http://www#geeklog#net/backend/spam- merge.txt'; $_SPX_CONF['rss_url'] = 'http://www#geeklog#net/backend/spam-merge- changes.rdf'; Please note that this is experimental and I may have to take it down without prior notice in case there's a problem (but I would announce that here, of course). Also, the list currently only includes entries provided by the MoinMoin and TWiki communities since, according to Thomas, the MediaWiki entries often contained faulty regexps or phrases that were too generic. Still, it's a list of over 3000 entries, including some generic rules. A note on the MT-Blacklist modules: You'll need both MTBlackList.Examine.class.php and Import.Admin.class.php as well as the magpierss directory. You can take those from a Geeklog 1.4.0 tarball. If you get them from CVS, make sure to take them from the geeklog_1_4_1_1 branch, as the modules from the trunk may depend on other changes in CVS. bye, Dirk -- http://spam.tinyweb.net/