Displaying articles with tag

Fighting Spam on Typo with Logic

Posted by hardwarehank, Mon Feb 05 14:29:00 UTC 2007

I realized that spam bots are stupid, and spammers are generally not the best programmers, so a while back I made a system to fight the intolerable spam plaguing us. I noted today that Robby on Rails was having this same problem, and I figured I might as well share what has worked for me.

First, I added this line to my views/articles/_comment_box.rhtml:

#     <td><p><label for="comment_body">Your message</label></p></td>
#     <td valign="top" colspan="2">
#       <%= text_area "comment", "body" %>
#     </td>
#  </tr>
    <tr>
      <td>
        <p>
          <% spammer_array = [["two","9","twelve","2"][rand(4)],["1","15","4","eight"][rand(4)]] %>
<% question = "What's #{spammer_array[0]} times #{spammer_array[1]} ? (numerical)" %>
          <label for="spammers_suck"><%= question %></label>
        </p>
      </td>
      <td> <%= text_field_tag "spammers_suck" %><%= hidden_field_tag "spammers_question", question %></td>
    </tr>
#   <tr>
#     <td colspan="2" id="frm-btns">

So far, it’s simply a new table row with some junk in it. But, the interesting thing is that every time the page is created and cached, it contains a new random equation for the user to guess. This is then sent along with the request to post a comment (not the preview, mind you) to the comment action.

# Again: Commented parts are unchanged from Typo codebase
#  def comment
#    unless @request.xhr? || this_blog.sp_allow_non_ajax_comments
#      render_error("non-ajax commenting is disabled")
#    return
#   end

    #AntiSpam
    b = params[:spammers_question].split(" ")
    c = [[2, 9, 12, 2], [1, 15, 4, 8]]
    d = [["two","9","twelve","2"], ["1","15","4","eight"]]
    num_one = 0
    num_two = 0
    c[0].each_with_index{|t,i| if(b[1].index(d[0][i])); num_one = t; end}
    c[1].each_with_index{|t,i| if(b[3].index(d[1][i])); num_two = t; end}

    if not params[:spammers_suck].to_i == num_one * num_two
      render_text "You're either a spammer, or you can't do math."

#    elsif request.post?
#      begin
#      @article = this_blog.published_articles.find(params[:id])
# ...

This very simple hack has caused a complete cease of comment spam on my blog. I also globally disabled trackbacks (which took a manual database query in the end), and so far the only spam-like comment I’ve gotten was a hate comment ;). So, the moral of the story is that you don’t have to put up with spam in Typo, and you don’t have to use Askimet or some other external service to fight it. Just some simple math is all it takes to pwn the noob-bots.

Tags:

PhishTank pwns Phishing Phools

Posted by hardwarehank, Sat Oct 07 12:31:00 UTC 2006

PhishTank is an awesome website that keeps a database of phishing websites that are user submitted and verified. It integrates with OpenDNS, so when a site is verified by the community as a phishing site, OpenDNS users will see a phishing warning instead of the original website. There are also other perks like spelling correction and faster DNS resolves, but the phishing this is revolutionary. I joined PhishTank today, and I’m currently in second place on number of phishing sites submitted. I submitted 167 of them from Google’s blacklist after filtering it with a short perl script.

#!/usr/bin/perl
use strict;
use LWP;
die("Specify a link file.") unless $ARGV[0];
open IN, "<", $ARGV[0];
open OUT, ">>", "results.".$ARGV[0];
while(<IN>) {
  if(/<a href="(.*?)"/) {
    my $browser = LWP::UserAgent->new;
    $browser->timeout(3);
    my $response = $browser->get($1);
    if($response->is_success) {
      print OUT "$_\n";
      print "Success: $1\n";
    } else { print "Failed: $1\n"; }
  }
}

:) I’m so happy when I find sites that are already marked as phishers. If only the process of submission could be automated completely…I’ll play with the API on PhishNet and maybe it will become reality.

Tags:

About Me

I'm a computer programmer from Ellicott City, MD. I go to OSCON often, write random code, and blag about it here. I enjoy cooking, reviewing beer, hiking, kayaking, and watching movies and television shows. I am a licensed HAM Radio operator (KB3RXM), and am on my way to becoming a licensed private pilot.

Email me: ralree@gmail.com
Blog Posts
Recent Beerings

GoodReads

Twitterings

    Links

    Tags

    airplanes america annoyances apache apple art bash beer blog books c camping college comcast computers conference crime dns election 2008 encryption england finance firefox fix flash flying food fun funny games google government gpg greasemonkey guide guns gutsy hack hacking hardware history hosting howto humor images internet irc irssi javascript lame laptop life linux LOLCODE mephisto money mongrel music mysql networking news open source oscon osx pain perl pictures pilot plugins politics programming python radio rails religion ron paul rss ruby school scripting security shopping site5 solution sql ssh stocks subversion sysadmin taxes theme tutorial typo ubuntu video vim voting wallpaper web design wibbish windows wireless xorg _why

    Shameless Advertising

    Hosted By Site5.com The Few, The Proud, The Pradipta 416