The MU forums have moved to WordPress.org

Spam and Splogs defeated ( Montyspam looking for testers) (257 posts)

  1. macgruder
    Member
    Posted 16 years ago #

    Just adds 25 tables of his own total (wp_monty_*). (NOT for each blog).
    Essentially, 5 tables for each type (comment, signup, splog, trackback) plus 5 global tables)

    Remember Monty is a site wide system run by the admin, not by the individual users.

    The query

    SHOW TABLES like '%monty%';

    will list the tables.

  2. honewatson
    Member
    Posted 16 years ago #

    Sounds great I'll test it out.

  3. macgruder
    Member
    Posted 16 years ago #

    Cool. Please let me know how it goes. My mail is in the Admin area. Also, keep an eye on http://montyspam.net/ because I'll be posting updates there. Especially, in the first week I may come across obvious problems or things that Monty isn't catching, and I'll update as I come across them. These will most likely be caused by the packaging/download system (the code is actual python DNA converted to PHP :-) rather than problems with system itself and so should be easy fixes.

    Bear in mind especially that Monty needs to seed his token database before he becomes very accurate. Because I have a 'pre-seed' list this should now be quicker than before but it does mean that for a couple of days you'll have to keep an eye on your mail, and go to the admin area to mark unknown hams/spams. Monty tends to know when he does know, and asks for your help.

  4. honewatson
    Member
    Posted 16 years ago #

    Fatal error: Call to undefined function curl_init() in .../mu-plugins/montyspam/classes/curl.php on line 1

  5. suleiman
    Member
    Posted 16 years ago #

    you probably don't have curl installed

  6. honewatson
    Member
    Posted 16 years ago #

    I have curl and php5-curl installed.

    Still the error.

  7. honewatson
    Member
    Posted 16 years ago #

    Duh! Wasn't in php.ini.

  8. macgruder
    Member
    Posted 16 years ago #

    Hey :-)

    Could you send me a mail directly when you find a bug (or what you think is a bug!) to the mail in the install files. That way I'll fix it quicker!

    It's also helpful if you can send the file where the error occurs so I can take a look on your particular install.

    m****pamnet @ gmail.com

    replacing the **** with the obvious

    One person has come across a packaging bug which I'm not sure if other people have. Since this is the first round of stuff outside my own server, this will happen for a little bit. But the fixes will generally be easy and minor.

    Honewatson,
    Thanks for drawing attention to that. I need to do a check for whether this function is installed!

  9. lunabyte
    Member
    Posted 16 years ago #

    I'll ask the obvious question. Why is access to curl needed? Where's it phoning to?

  10. demonicume
    Member
    Posted 16 years ago #

    i'm seeing a blank screen after posting comments and this error in my logs

    "[17-May-2008 07:27:02] WordPress database error Table 'site_database.wp_monty_data' doesn't exist for query SELECT value_int FROM wp_monty_data WHERE variable = 'exp' LIMIT 1 made by f8868f054"

  11. Ovidiu
    Member
    Posted 16 years ago #

    @lunabyte

    just found this in the readme: Monty will contact montyspam.net occasionally to check for updates. The only data sent will be that in the wp_monty_data table.

  12. macgruder
    Member
    Posted 16 years ago #

    @lunabyte,

    Monty needs to check the text of trackback pages. When someone sends a trackback, Monty checks the text of that trackback, and assesses it. This is a very simple assessment and so is fast - but it seems when combined with header data to be extremely effective. My test server stopped 23,000 trackbacks in 2 months - and now they seem to have given up :-)

    Yes, during installation the Read Me (which I guess no one reads :-) says that Monty will contact montyspam.net to check for updates occasionally. At the moment, the mechanism is just in place to inform you if you need to update. I might update it so that trusted users can send in IP's that they have blocked and these can be shared.

    @demonicume
    Don't forget to mail me rather than posting bugs here which I might not notice. Yours is a weird error as it seems to indicate that the wp_monty_data table wasn't installed properly. Anyway, let's discuss this through email.

  13. honewatson
    Member
    Posted 16 years ago #

    There should be an option to remove the backlink at the bottom. We are after all only testing this so far.

    Also if there is going to be a paid option I'd rather have the link removed.

  14. macgruder
    Member
    Posted 16 years ago #

    To hide the stats:

    Make a PHP file called hidemontystats.php or something, and upload it to mu-plugins. I deliberately gave the stats an id of 'montystats' so people could style as they wished. Or keep in on certain pages etc.

    <?php
    add_action('wp_head', 'monty_hide_footer');

    function monty_hide_footer() {

    ?>
    <style type="text/css" title="text/css" media="all">
    p#montystats{
    display:none;
    }
    </style>
    <?php

    }
    ?>

  15. honewatson
    Member
    Posted 16 years ago #

    That does not remove the html.

    The problem with putting the link there at this stage is that you're requiring us to endorse your product when so far I have not even been able to get it to work.

    The product seems to be still in the early testing stage. Don't get me wrong your product sounds great and I would love for it to work the way you have described it. And I'd be happy to pay if it eventually works the way you describe.

    But at this stage I'm not prepared to use the plugin if it means I must have a site wide link to your website. Maybe later on if I can get it to prove itself.

  16. c2h5oh
    Member
    Posted 16 years ago #

    Um.. there seems to be a licensing problem with Montyspam..

    from /readme.txt:
    [quote]
    Terms and Conditions
    * You may not distribute this code
    * You may not attempt to reverse engineer the code.
    [/quote]

    from /montyspam/mu-plugins/captcha/output.php

    [quote]
    THE CAPTCHA routines in MontySpam are from the following excellent plugin by Valery Dachev

    Plugin Name: WPMU-Signup-Captcha
    Plugin URI: http://valery.bgit.net/
    Description: Adds a captcha image to WordPress MU signup.
    Author: Valery Dachev
    Version: 1.2
    Author URI: http://valery.bgit.net/

    Copyright 2007 Valery Dachev (email : valery@zonebg.com)

    Thanks to Chris W. for the fixes and suggestions made at WPMUDEV.ORG.
    Thanks to Alexander Bishop for testing plugin bugfixes.

    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
    the Free Software Foundation; either version 2 of the License, or
    (at your option) any later version.
    This program is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
    GNU General Public License for more details.
    You should have received a copy of the GNU General Public License
    along with this program; if not, write to the Free Software
    Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
    */
    [/quote]

    first part is not compatible with the second one :/

  17. lunabyte
    Member
    Posted 16 years ago #

    "Monty needs to check the text of trackback pages. When someone sends a trackback, Monty checks the text of that trackback, and assesses it. This is a very simple assessment and so is fast - but it seems when combined with header data to be extremely effective. My test server stopped 23,000 trackbacks in 2 months - and now they seem to have given up :-)"

    So monty calls back to your site to judge trackbacks?

    I read the readme, which says updates, but the discussion made it seem like it was communicating for more than that. If not, cool. If so, cool. Just needs complete clarification so people know what they are getting into.

    One thing that I guess disturbs me is that the source is a bit, cryptic, for lack of a better term which makes it a little less friendly for developers to read through. In turn if there is something that needs fixed, it makes it more difficult to track it down, find out what/where the problem lies, and send a recommended fix back to the plugin developer.

    The text/html issue also bothers me a bit as well, similar to watson's concerns above.

  18. macgruder
    Member
    Posted 16 years ago #

    honewatson
    Fair point. I've added an option in the config.php file. If you re-download , you can turn it off now.

    It's certainly not in the early testing phase:-) Myself and Ovidiu, who has done a lot of testing, have had the system working pretty flawlessly for a few months now, and it has blocked over 100,000 spams on just one of my domains.

    A bug that seems to have arisen is a function that is called on systems that don't support is_callable(). I have an alternative function to deal with that issue, but I missed out a "$this->"
    and since my server and Ovidiu's do support is_callable that error was missed.

    Of course, this will produce a fatal error giving the appearance of 'early testing' but in fact is just a trivial error through a typo :-). Precisely, for this reason doing the final testing.

    You did send me a mail with the problem, and I replied but I haven't heard back. If you can send me that file, I'll take a look and see if the problem is the same one. Or if you wish, go back to montyspam.net and redownload.

    For the moment, Monty won't tell you to do so automatically - that will be added in a few days.

  19. macgruder
    Member
    Posted 16 years ago #

    c2h5oh,
    Thanks for pointing that out. My feeling was that the licensing in the captcha files 'over-ride' those in my files. I've seen this before where a script like Wordpress, say, has its own license, but files within have theirs. I could very well be wrong :-) I've added a note in the Read Me.txt file. Monty doesn't really need the captcha, although it's helpful on occasion. If there's a licensing problem, I'm happy to change things.

  20. c2h5oh
    Member
    Posted 16 years ago #

    Basically anything based on code released with GNU General Public License has to be released with the very same licence or any other compatible.
    If you want to limit redistribution/modification I think you'll be forced to remove that captcha code.

    btw if you need new captcha code I have some released with 'Should we ever meet you owe me a beer' licence ;-)

  21. macgruder
    Member
    Posted 16 years ago #

    @lunabyte,

    "So monty calls back to your site to judge trackbacks?"
    No:-)
    Sorry, I wasn't clear. To clarify:
    1) Monty calls back to montyspam.net to get updates. That's it.
    2) If you get a trackback from
    example.com/foo/bar.html
    then monty will contact
    example.com/foo/bar.html [NOT montyspam]
    So in other words, Monty judges the trackback page itself. I will add an option to turn this off.

    I've fixed the html/text issue.

    Regarding, the cryptic code. I wanted to open it in the first round of testing, but it ended up only me and Ovidiu. I want really just one version out there, and I feel that if people are tweaking things then in fact it might be harder work because I'll never know whether someone has changed something. Obviously, spammers are going to try to reverse engineer it, and I'll get a certain satisfaction when they discover it's a waste of time because Bayesian has no rules :-)

    @c2h5oh
    Thanks for the heads up. I'll remove the captcha soon then. It would be great if I could use yours instead, and I'd be happy to share a crate :-) I never really understood the GNU General Public License in cases of what 'based on' means. It would I guess be acceptable for people to install the captcha code themselves though.

  22. lunabyte
    Member
    Posted 16 years ago #

    Thanks for the clarification.

    That makes much more sense, and is in line with what other trackback validation plugins do as well.

    In terms of the GPL, it can be as anal as you want it to be. If you go with what the FSF thinks, then at no time can you have GPL code touch/interact directly with code under an non-GPL compatible license.

    I'd make specific references, but I've already beat that horse to death on them joom-BLAH idiots.

    Note that this refers to releasing things, so you could leave the hooks in place, and point to the location to get the captcha plugin from. Then the end user can drop it in place, and it's all good.

  23. macgruder
    Member
    Posted 16 years ago #

    "so you could leave the hooks in place, ..."
    Yes, I think I'll do that for now. I'll do that in a couple of days.
    Thanks.

  24. honewatson
    Member
    Posted 16 years ago #

    If you're looking to replace the captcha, recaptcha seems quite good. Facebook uses it and they seem to have relatively low spam issues.

    http://recaptcha.net/learnmore.html

  25. macgruder
    Member
    Posted 16 years ago #

    @honewatson,

    Just a quick note - running to work!

    The captcha issue is a bit of a red herring. A major point of Monty is to actually replace captcha so most users don't see it rather than forcing every user to do it. Monty generally only uses the captcha on users who he has already assesses as likely spammers to 'give them a second chance'. But even then their comments are held for moderation. Thus a very simple captcha system is all that's needed. I've left the 'blanket captcha' option there in the signup phase - mainly because signups are somewhat more difficult to assess.

    Macgruder

  26. honewatson
    Member
    Posted 16 years ago #

    Thanks for the update.

  27. macgruder
    Member
    Posted 16 years ago #

    Cool. I hope it works fine for you now.

    One issue is that Monty reclassifies something from non-spam / unknown to spam, he is adding it to his token database but the message is still left in place (for the blog owner to decide further action). Since this occurrence is fairly rare it's not a major issue, but it's not really the best way. I'll do an update in a few days so that it gets moved to user moderation and if the user doesn't moderate it in a few days, say, it gets canned.

    Canning it immediately is not good because your users would get upset if you accidently marked something as spam that wasn't, and then realized your mistake!

    Bear in mind that any post over 90% is captcha'd and thus probably blocked totally anyway so they never appear on the site. Even passing a captcha means it's held for moderation. Thus a post over 90% essentially never appears because the blogger won't approve it.

  28. honewatson
    Member
    Posted 16 years ago #

    Does monty spam work on a multi site mu install across domains?

  29. macgruder
    Member
    Posted 16 years ago #

    Do you mean with a single database and using the id column of the wp_site table?

    I tried something similar myself about 18 - 24 months ago, and the site_id (i.e. wp_site id) didn't work at all (MU was in alpha in those days), and I haven't tried since. Does site_id work nowadays? (It would be useful to know :-)

    If you set up multiple sites, I assume each of them are using their own file system but sharing the database. Could you let me know your actual set up, then I can answer better. In fact, it would make sense for a group of single installs to share the same monty files because a spammer on one site would get blocked on all of them, and the tokens would probably be fine to share.

    Monty points out to me though that if you had a site run by doctors dealing with sexual disfunction, and a site about pottery they might interfere :-)

  30. boonika
    Member
    Posted 16 years ago #

    @macgruder - Is Monthy-MU working now? All reported bugs fixed?

About this Topic

  • Started 16 years ago by macgruder
  • Latest reply from anointed