12 Jun
2012
12 Jun
'12
12:16 p.m.
Hi,
Here's a little proof of concept which should do the right general thing.
If you put the groovy script at the top of your registration page, you can
edit the content of the page to behave differently if the user fails an RBL check.
It would make sense to allow them in but lock the account and explain to them that
they will be checked by an admin.
Ofc I know the feeling of just wanting to use the big hammer myself.
Caleb
{{groovy}}
import java.net.InetAddress;
def rbls = ['.dnsbl.tornevall.org'];
String[] bytes = request.getRemoteAddr().split("\\.");
// Test
//String[] bytes = ['111','243','227','227'];
String reversed = bytes[3] + "." + bytes[2] + "." + bytes[1] +
"." + bytes[0];
def failedRbls = [];
for (String rbl : rbls) {
try {
InetAddress.getByName(reversed + rbl);
failedRbls.add(rbl);
} catch (UnknownHostException e) {
// expected
}
}
xcontext.get("vcontext").put("failedRbls", failedRbls);
{{/groovy}}
{{velocity}}
$failedRbls
{{/velocity}}
On 06/09/2012 05:16 PM, Niels Mayer wrote:
This is either a feature request or a request for
discussing
solutions to the issue of known comment spammers against XWiki
installs.
There's known spammers like davycrokkett(a)hotmail.com (see
http://www.nielsmayer.com/bin/view/XWiki/DavyCrokkett ) which have to
be managed and curtailed for any XWiki install enabling comments.
During registration, it would it be nice to check sites like
http://www.stopforumspam.com/ and prevent registration emails from
going out to known comment spammers.
For example, the aforementioned spammer is listed at
http://www.stopforumspam.com/ipcheck/111.243.227.227
suggesting Current country of origin: Taiwan, Province of China
Date IP Address Username Email
1-Jul-11 07:31 111.243.227.227 coseteene davycrokkett(a)hotmail.com
30-Jun-11 18:29 111.243.227.227 Assusypesound davycrokkett(a)hotmail.com
30-Jun-11 13:43 111.243.227.227 Impuppota davycrokkett(a)hotmail.com
30-Jun-11 11:22 111.243.227.227 Biordaccoma davycrokkett(a)hotmail.com
30-Jun-11 07:01 111.243.227.227 rooviskitte davycrokkett(a)hotmail.com
29-Jun-11 23:59 109.230.222.175 Beethyemegree davycrokkett(a)hotmail.com
29-Jun-11 22:49 111.243.227.227 Kneefshes davycrokkett(a)hotmail.com
29-Jun-11 13:59 111.243.227.227 seltencarne davycrokkett(a)hotmail.com
29-Jun-11 13:31 111.243.227.227 inigneedync davycrokkett(a)hotmail.com
29-Jun-11 11:50 174.142.132.203 Beethyemegree davycrokkett(a)hotmail.com
29-Jun-11 11:50 174.142.132.203 phorilmiplism davycrokkett(a)hotmail.com
29-Jun-11 07:53 111.243.227.227 Agergeevame davycrokkett(a)hotmail.com
29-Jun-11 05:56 111.243.227.227 Atomnegmess davycrokkett(a)hotmail.com
29-Jun-11 05:50 111.243.227.227 Impuppota davycrokkett(a)hotmail.com
It would also be interesting for such flagged users to return a list
of associated IP's (such as above) which could be blacklisted as well.
I guess the correct solution would be to use
http://extensions.xwiki.org/xwiki/bin/view/Extension/Social+Login but
then the spammers would just end up getting twitter, facebook or
foursquare logins and use those instead of hotmail accounts.
-- Niels
http://www.nielsmayer.com
_______________________________________________
users mailing list
users(a)xwiki.org
http://lists.xwiki.org/mailman/listinfo/users