Contact form + Spamblock bayes

Creating and modifying plugins.
User avatar
Timbalu
Regular
Posts: 4598
Joined: Sun May 02, 2004 3:04 pm

Re: Contact form + Spamblock bayes

Post by Timbalu » Fri Feb 05, 2016 7:04 pm

Don Chambers wrote:Yeah. That's me. A real spammer. I think I sent out a whole 10 emails in the past week!! :lol: :lol: :lol:
Maybe you personally did send 10 only, but you Computer or Server send spam, while being infected?
Its not that easy to get listed to a RBL...
Regards,
Ian

Serendipity Styx Edition and additional_plugins @ https://ophian.github.io/ @ https://github.com/ophian

User avatar
Timbalu
Regular
Posts: 4598
Joined: Sun May 02, 2004 3:04 pm

Re: Contact form + Spamblock bayes

Post by Timbalu » Fri Feb 05, 2016 7:11 pm

yellowled wrote:I don't use the SpamBee plugin anymore, it didn't really help much. I know it works well for others, but it did not for me after a certain amount of time.
Could you define what this means in detail? Sounds very strange to me, since that could only mean you have real people spamming, or spambots were being able to surround the bee settings. (Which makes me wonder, since none of my or known blogs has the same.)
yellowled wrote:I use bayes, than spamblock, but only very few features of spamblock.
Which ones?
Regards,
Ian

Serendipity Styx Edition and additional_plugins @ https://ophian.github.io/ @ https://github.com/ophian

User avatar
yellowled
Regular
Posts: 7007
Joined: Fri Jan 13, 2006 12:46 pm
Location: Eutin, Germany
Contact:

Re: Contact form + Spamblock bayes

Post by yellowled » Fri Feb 05, 2016 8:56 pm

Timbalu wrote:Could you define what this means in detail?
I can not. I disabled the Bee a long time ago.

What I remember is that it used to be my first spamblock plugin before Bayes, but according to the size of the logs (and the number of log entries, yes, I know that the file size of the log alone does not say anything), Bayes was doing most of the work, meaning a lot of spam was passing Bee. I know it sounds strange because many people reported back that it works really well for them, but not for me.
Timbalu wrote:Which ones?
* Trackback/Pingback IP validation [moderate]
* check TB/PB URLs
* deactivate spamblock for authors [all]
* do not allow duplicate comments
* 3 links for moderation, 10 links for rejection
* check email [proper syntax only]
* required fields [name,email,comment]

That's it. No content filter, no akismet. Basically, the only thing outside of Bayes that should lead to a comment being rejected would be 10 links. Everything else is not used at all or set to moderation.

YL
amazon Wishlist - Serendipity-Podcast (German only, sorry)

User avatar
Don Chambers
Regular
Posts: 3633
Joined: Mon Feb 13, 2006 3:40 am
Location: Chicago, IL, USA
Contact:

Re: Contact form + Spamblock bayes

Post by Don Chambers » Fri Feb 05, 2016 9:54 pm

Timbalu wrote:
Don Chambers wrote:Yeah. That's me. A real spammer. I think I sent out a whole 10 emails in the past week!! :lol: :lol: :lol:
Maybe you personally did send 10 only, but you Computer or Server send spam, while being infected?
Its not that easy to get listed to a RBL...
My computer is clean - no viruses, no trojans, nothing that I know of. I will contact my ISP and see what they have to say.

User avatar
Timbalu
Regular
Posts: 4598
Joined: Sun May 02, 2004 3:04 pm

Re: Contact form + Spamblock bayes

Post by Timbalu » Sat Feb 06, 2016 12:12 pm

Hmm, Ok.
yellowled wrote: Everything else is not used at all or set to moderation.
Which does not mean you can disable the use of spamblock plugin at all, since it is internally used by other plugins. (I know you know! This is just a general note!)

My Spamfighters work totally unmaintained for years with these first three plugins:
BEE, SpamBlock, Bayes, and in this order! Which makes bayes be in a more or less idle mode! (This helps a lot to not learn SPAM in masses and to concentrate on comments that gets through this first line of defense, learning only valid HAM, and some spare SPAM words.)
Bee options additional to default: JSON, Honeypot YES and hidden Captchas to REJECT.
So Bee rejects go to spamblock first and do not touch Bayes at all! I think that is the main difference why it work here and not there.
Regards,
Ian

Serendipity Styx Edition and additional_plugins @ https://ophian.github.io/ @ https://github.com/ophian

User avatar
yellowled
Regular
Posts: 7007
Joined: Fri Jan 13, 2006 12:46 pm
Location: Eutin, Germany
Contact:

Re: Contact form + Spamblock bayes

Post by yellowled » Sat Feb 06, 2016 3:59 pm

Don Chambers wrote:My computer is clean - no viruses, no trojans, nothing that I know of. I will contact my ISP and see what they have to say.
I don't think this is about your computer, this is about the mail server on the server your domain is hosted on, which has a static IP (your computer – probably – does not) that can actually be blacklisted. And since you probably share this server (and thus, the IP) with dozens or even hundreds of other accounts (it's shared hosting, right?), you don't even have to be responsible for the black listing. It could be anyone on the same server.

If I were you, I would contact you web hoster about it first.

YL
amazon Wishlist - Serendipity-Podcast (German only, sorry)

User avatar
yellowled
Regular
Posts: 7007
Joined: Fri Jan 13, 2006 12:46 pm
Location: Eutin, Germany
Contact:

Re: Contact form + Spamblock bayes

Post by yellowled » Sat Feb 06, 2016 4:02 pm

Timbalu wrote:BEE, SpamBlock, Bayes, and in this order!
I used Bee before Bayes before Block, and it did work for a while – and I also know that almost everybody using s9y did and does use them in that order, but at some point (that I can not pinpoint any longer) it just stopped working for me. It's not even that I miss it, most of the time, Bayes works fine.
Timbalu wrote:So Bee rejects go to spamblock first and do not touch Bayes at all! I think that is the main difference why it work here and not there.
Most of the people that I know of use Bee, Bayes, Block, and it works for them. ¯\_(ツ)_/¯

YL
amazon Wishlist - Serendipity-Podcast (German only, sorry)

User avatar
Timbalu
Regular
Posts: 4598
Joined: Sun May 02, 2004 3:04 pm

Re: Contact form + Spamblock bayes

Post by Timbalu » Sat Feb 06, 2016 4:45 pm

Well yes, but this is like shooting with two rifles on the first front, having nothing left behind.
Why should you want to bother Bayes (which is expensive), when the spam is already marked to reject by Bee, and which will be done by Spamblock? That is more than logical, I think.
Regards,
Ian

Serendipity Styx Edition and additional_plugins @ https://ophian.github.io/ @ https://github.com/ophian

User avatar
yellowled
Regular
Posts: 7007
Joined: Fri Jan 13, 2006 12:46 pm
Location: Eutin, Germany
Contact:

Re: Contact form + Spamblock bayes

Post by yellowled » Sat Feb 06, 2016 5:22 pm

Timbalu wrote:Why should you want to bother Bayes (which is expensive), when the spam is already marked to reject by Bee, and which will be done by Spamblock? That is more than logical, I think.
I don't remember who recommended that order on the InfoCamp podcast, quite frankly, I don't want to point fingers either.

Since I'm currently doing a live relaunch of my blog theme, why not do an experiment on spam blocking as well while we're at it? I just now re-installed Bee and reconfigured Block and Bayes, so now it looks like this (that's in German, I was too lazy to translate that or switch the blog to English).

I have also turned on logging for all three plugins right now and deleted older logs, so for future reference, I started the Spam experiment on Saturday, 2016/02/06 around 16:00 my time. We'll see.

YL
amazon Wishlist - Serendipity-Podcast (German only, sorry)

User avatar
Timbalu
Regular
Posts: 4598
Joined: Sun May 02, 2004 3:04 pm

Re: Contact form + Spamblock bayes

Post by Timbalu » Sat Feb 06, 2016 5:27 pm

This
Versteckte Captchas: moderieren
makes no sense.
To moderate means "let them in", even if not set valid to show up.
You should reject them, IMHO.
Regards,
Ian

Serendipity Styx Edition and additional_plugins @ https://ophian.github.io/ @ https://github.com/ophian

User avatar
yellowled
Regular
Posts: 7007
Joined: Fri Jan 13, 2006 12:46 pm
Location: Eutin, Germany
Contact:

Re: Contact form + Spamblock bayes

Post by yellowled » Sat Feb 06, 2016 5:38 pm

Timbalu wrote:You should reject them, IMHO.
Started rejecting them around 16:35 my time. Thanks for the input.

YL
amazon Wishlist - Serendipity-Podcast (German only, sorry)

User avatar
yellowled
Regular
Posts: 7007
Joined: Fri Jan 13, 2006 12:46 pm
Location: Eutin, Germany
Contact:

Re: Contact form + Spamblock bayes

Post by yellowled » Sun Feb 07, 2016 2:40 pm

So. It has not been 24 hours yet, but at that time, the second half of todays match of my favorite football team will start. Will all due diligence because it has only been a day, this looks like a success already. (spam-std.log is the logfile for Spamblock.)
  • spam-bee.log: 16K filesize, 18 lines; 13 Honeypot (72%), 5 Hidden Captcha (28%)
  • spam-std.log: 3,9K filesize, 16 lines; 8 IP Validation, 8 Blog URL not found
  • spam-bay.log: has not been created yet :shock:
That's 53% caught by the Bee, 47% by Spamblock, 0% by Bayes. (Pretty sure that's not an accurate statistical expression of the numbers, but you know what I mean.)

There are no comments in the Bayes trashcan, and no comments have made it past the three spamblock plugins. The numbers show that the Bee is in fact still working, but not as effective as it used to (at least I remember it catching way more than 53%; might be due to the fact that it's only been 24 hours). They also show (again, for a very short window of time) that Ian's suggested order works pretty well.

I will report back probably after about a week next, just wanted to give you a first impression. Again, don't overrate this, it's only been a day.

YL
amazon Wishlist - Serendipity-Podcast (German only, sorry)

User avatar
onli
Regular
Posts: 2222
Joined: Tue Sep 09, 2008 10:04 pm
Contact:

Re: Contact form + Spamblock bayes

Post by onli » Sun Feb 07, 2016 7:36 pm

Be careful with the JS hidden captcha. I had to deactivate it because it catched vaild comments.

User avatar
Don Chambers
Regular
Posts: 3633
Joined: Mon Feb 13, 2006 3:40 am
Location: Chicago, IL, USA
Contact:

Re: Contact form + Spamblock bayes

Post by Don Chambers » Tue Feb 09, 2016 12:09 am

yellowled wrote:I don't think this is about your computer, this is about the mail server on the server your domain is hosted on, which has a static IP (your computer – probably – does not) that can actually be blacklisted. And since you probably share this server (and thus, the IP) with dozens or even hundreds of other accounts (it's shared hosting, right?), you don't even have to be responsible for the black listing. It could be anyone on the same server.

If I were you, I would contact you web hoster about it first.

YL
Yeah - I just have to find a few spare moments to contact GoDaddy, the ISP for this particular account.

User avatar
yellowled
Regular
Posts: 7007
Joined: Fri Jan 13, 2006 12:46 pm
Location: Eutin, Germany
Contact:

Re: Contact form + Spamblock bayes

Post by yellowled » Thu Feb 11, 2016 6:15 pm

So it took me five days to actually get a comment that passed Bee and Block and went to Bayes, but now I have an improvement to Bayes to suggest as well as an observation about our message system (which I'm not sure we can do anything about).

First, this is the comment, and it's pretty obvious why Bayes thinks this is 88% spam. It quotes an English error message. However, the usability issue at hand here is that Bayes states (see Don's screenshot earlier in this thread for an example):

Code: Select all

Rejected as spam
and that is not completely true in my case because I use the Bayes thrashcan. So while it may technically be a rejection that is kept in the thrashcan, it is actually (in my opinion) a moderation, and I think Bayes should reflect that somehow in the message text (“classified as spam” comes to mind, but it should at least reflect that the comment needs to be revised by a human and is not lost altogether). I think the problem is that Bayes tries to re-use old lang constants instead of using new, more specific ones?

[First-hand experience, this usually leads to two things (I have experienced this before, but I did not know how to react to it then): a) the commentator immediately tries to comment again because he thinks there is some error in the system (“My comment can't be spam!”) and b) I get (because I know the commentator) an angry DM on Twitter “Why does your stupid blog think my comment is spam?”]

And the second thing is the color of the message, which is not related to Bayes but to the core. As far as I can see, the core historically only knows (and styles) two types of messages:
  • serendipity_msg_notice – success, positive, green
  • serendipity_msg_important – error, negative, red
In older themes, everything that is not clearly either one of those is styles as serendipity_msg_important, which I did not do here (technically, I use a third class serendipity_msg_info). However, the issue is that as a theme author, I can not always tell which type of message will be emitted.

This example from entries.tpl illustrates it well:

Code: Select all

{if $is_comment_added}
    <p class="serendipity_msg_notice">{$CONST.COMMENT_ADDED}</p>
{elseif $is_comment_moderate}
    <p class="serendipity_msg_info">{$CONST.COMMENT_ADDED}{$CONST.THIS_COMMENT_NEEDS_REVIEW}</p>
{elseif not $entry.allow_comments}
    <p class="serendipity_msg_important">{$CONST.COMMENTS_CLOSED}</p>
…
The first one is clearly “success”, the last one is clearly “error”, but the middle one is … hm … I would say somewhere in between. It's not an error, but not a confirmation, it's more of an information or a hint, and in some cases (like here), I can actually tell that fact and use a third class (like I did). But what about (from old default template)

Code: Select all

{foreach from=$comments_messagestack item="message"}
<div class="serendipity_center serendipity_msg_important">{$message}</div>
{/foreach}
I literally have no idea what kind of messages this could emit, especially with plugins being able to hook into these.

I know this is not easy, and I'm sure it's not something we can just change, but I feel we should at some point think about our messaging system and maybe revise as well as extend it …

YL
amazon Wishlist - Serendipity-Podcast (German only, sorry)

Post Reply