wiki:ProtectionFromSpam

Version 18 (modified by davea, 8 years ago) (diff)

--

Dealing with spam

Spammers may attack your project's web site in various ways:

  • Creating spam profiles.
  • Posting spam on the message boards.
  • Creating accounts with spam URLs.
  • Create teams whose descriptions are spam.

The spam typically contains links to commercial web sites (to increase their Google page rank).

Spammers typically use automated scripts.

Cleaning up spam

The script html/ops/delete_spammers.php can be used to clean up spam. It deletes selected user accounts, including their profile and forum posts. The usage is

delete_spammers.php [--min_days N] [--max_days N] [--test] command

--min_days N: Only delete items created at least N days ago.

--max_days N: Only delete items created at most N days ago.

--test: Print the items that would be deleted, but don't delete them.

command is one of:

--profiles: delete accounts that

  • have a profile containing a link
  • have no forum posts
  • have no hosts

Use this for spammers who create profiles with commercial links.

--user_url: delete accounts that

  • have no hosts
  • have no forum posts
  • have a nonempty URL

Use for spammers who create accounts with commercial URLs.

--user_null: delete accounts that

  • have no hosts
  • have no forum posts
  • don't belong to a team

Spammers may create accounts and attempt to create a profile but fail; this cleans up those accounts. Use with --min_days 1 or 2 to avoid deleting new legit accounts.

--forums: delete accounts that

  • have no hosts
  • have forum posts
  • don't belong to a team (don't delete BOINC-wide team founders)

Use with --min_days 1 or 2 to avoid deleting new legit accounts.

--list filename:

The given file contains a list of user IDs, one per line. Delete these accounts. Use this only for accounts with no hosts.

--id_range N M: delete users with database IDs N to M inclusive. Use this only for accounts with no hosts.

--teams: delete teams that

  • have 0 or 1 members
  • have 0 total credit
  • are not BOINC-Wide teams
  • have descriptions containing a link
  • the owner has no hosts and no posts

Preventing automated profile creation

Using reCAPTCHA

To prevent automated profile creation, reCAPTCHA system can be used. For every profile modification it displays an image containing text, which is recognizable to humans but not computers.

In order to use reCAPTCHA, to register your web site on http://www.google.com/recaptcha and get a pair of keys. Add these keys to config.xml:

<recaptcha_public_key>Site key</recaptcha_public_key>
<recaptcha_private_key>Secret key</recaptcha_private_key>

Minimum credit

You may also require a minimum amount of credit to create or edit a profile. To do so, put a <profile_min_credit> element in your config.xml file

Using stopforumspam.com

http://www.stopforumspam.com is a service that maintains a database of spammer email addresses and IP addresses. If you include

define("USE_STOPFORUMSPAM", true);

in your html/project/project.inc, this database will be checked before creating new accounts.

Protecting message boards from spam

Akismet

BOINC message boards may be attacked by spammers. The anti-spam system from akismet.com can be used to deal with this.

It is disabled by default; when enabled, every time a forum post is made a remote database at akismet.com is checked to see if the message is spam. If Akismet reports that the message is spam, it is blocked, notifying the user on screen.

To use Akismet, you have to acquire a free API key (12 character alphanumeric string). You can get the key by registering for a WordPress.com user account. The API key will be emailed to you after you register.

Note: If you are a commercial entity or if you are making more than $500 from your website, please get a commercial key instead.

Once you have the key, you have to add a new tag to your config.xml to enable the system:

<akismet_key>1234567890ab</akismet_key>

To test if the system is working, create a user with name "viagra-test-123" (this is an official test string) and try creating a new thread. Akismet should block the message.

Minimum credit to post

You can require that users have a minimum amount of credit to post on a forum using the following database fields:

forum.post_min_expavg_credit
users must have this amount of average credit to post on the forum
forum.post_min_total_credit
users must have this amount of total credit to post on the forum

There is currently no web interface for these; you have to set them manually using mysql or phpMyAdmin. These fields are at the forum level so that, for example, you can protect some forums while leaving a "Help" forum open.