wiki:ProtectionFromSpam

Version 10 (modified by davea, 4 years ago) (diff)

--

Protection from spam

Spammers may attack your project in two ways:

  • Creating profiles with links to commercial web sites (for advertising, or to increase Google page rank).
  • Posting spam on the message boards.

Spammers will use automated scripts to do these if they can, but they will also do them manually.

Preventing automated profile creation

Using reCAPTCHA

To prevent automated profile creation, reCAPTCHA system can be used. For every profile modification it displays an image containing two words that the user needs to input. While the image is quite easily solvable by human visitors, automated systems have problems solving the CAPTCHA image, and are therefore denied access.

In order to use reCAPTCHA, you have to register your web site on http://recaptcha.net/ and acquire a set of keys. Once the web site is registered, you need to add your keys to config.xml:

<recaptcha_public_key>Alphanumeric string</recaptcha_public_key>
<recaptcha_private_key>Alphanumeric string</recaptcha_private_key>

Minimum credit

You may also require a minimum amount of credit to create or edit a profile. To do so, put a <profile_min_credit> element in your config.xml file

Cleaning up spam profiles

You can use the script html/ops/delete_spammers.php to clean up spam profiles. This can be used in two ways:

delete_spammers.php --list list_file

The given file contains a list of user IDs, one per line. Delete the user accounts and associated profiles. Use this only for accounts with no hosts.

delete_spammers.php --auto

Delete account and profiles that have no hosts, no message boards posts, and for which the profile contains a link. Use this with caution. See the script source code.

Protecting message boards from spam

Akismet

BOINC message boards may occasionally be attacked by spammers. The anti-spam system from akismet.com can be used to deal with this.

It is disabled by default; when enabled, every time a forum post is made a remote database at akismet.com is checked to see if the message is spam. If Akismet reports that the message is spam, it is blocked, notifying the user on screen.

To use Akismet, you have to acquire a free API key (12 character alphanumeric string). You can get the key by registering for a WordPress.com user account. The API key will be emailed to you after you register.

Note: If you are a commercial entity or if you are making more than $500 from your website, please get a commercial key instead.

Once you have the key, you have to add a new tag to your config.xml to enable the system:

<akismet_key>1234567890ab</akismet_key>

To test if the system is working, create a user with name "viagra-test-123" (this is an official test string) and try creating a new thread. Akismet should block the message.

Minimum credit to post

You can require that users have a minimum amount of credit to post on a forum using the following database fields:

forum.post_min_expavg_credit
users must have this amount of average credit to post on the forum
forum.post_min_total_credit
users must have this amount of total credit to post on the forum

There is currently no web interface for these; you have to set them manually using mysql or phpMyAdmin. These fields are at the forum level so that, for example, you can protect some forums while leaving a "Help" forum open.