From 1830b94017312df340928f1a13b0f59860977ccb Mon Sep 17 00:00:00 2001 From: Vitalii Koshura Date: Sun, 2 Apr 2023 05:20:39 +0200 Subject: [PATCH] Update ProtectionFromSpam.md file Signed-off-by: Vitalii Koshura --- ProtectionFromSpam.md | 182 ++++++++++++++++++++++++++---------------- 1 file changed, 115 insertions(+), 67 deletions(-) diff --git a/ProtectionFromSpam.md b/ProtectionFromSpam.md index c6153cc..2e05699 100644 --- a/ProtectionFromSpam.md +++ b/ProtectionFromSpam.md @@ -1,90 +1,62 @@ -[[PageOutline]] +# Dealing with spam + Spammers may attack your project's web site in various ways: * Creating spam profiles. * Posting spam on the message boards. +* Creating accounts with spam URLs. * Create teams whose descriptions are spam. The spam typically contains links to commercial web sites -(for advertising, or to increase Google page rank). +(to increase their Google page rank). +Spammers typically use automated scripts. -Spammers will use automated scripts to do these if they can, -but they will also do them manually. +BOINC provides tools for preventing spam, +and for removing existing spam. -# Cleaning up spam +## Preventing spam -The script *html/ops/delete_spammers.php* can be used to clean up spam. -It deletes selected user accounts, including their profile and forum posts. -The usage is - - delete_spammers.php [N](--days) [--test] command - -*--days N*: if present, only items created in the last N days are deleted. +### Spam teams -*--test*: if present, print the items that would be deleted, but don't delete them. +If you put +``` +define("TEAM_CREATE_NEED_CREDIT", true); +``` +in your html/project/project.inc, +users won't be able to create teams unless they have credit. +This is recommended. -*command* is one of: - -*--profiles*: delete accounts that - * have a profile containing a link - * have no forum posts - * have no hosts - -*--forums*: delete accounts that - * have no hosts - * have forum posts - * don't belong to a team (don't delete BOINC-wide team founders) - -*--user_url*: delete accounts that - * have no hosts - * have no forum posts - * have a nonempty URL - -*--list filename*: - The given file contains a list of user IDs, one per line. - Delete these accounts. - Use this only for accounts with no hosts. - -*--id_range N M*: delete users with database IDs N to M inclusive. -Use this only for accounts with no hosts. - -*--teams*: delete teams that - * have 0 or 1 members - * have 0 total credit - * are not BOINC-Wide teams - * have descriptions containing a link - -# Preventing automated profile creation -## Using reCAPTCHA -To prevent automated profile creation, [reCAPTCHA](http://recaptcha.net/) system can be used. +### Spam user profiles +#### Using reCAPTCHA +To prevent spam profile creation, [reCAPTCHA](http://recaptcha.net/) system can be used. For every profile modification it displays an image containing text, which is recognizable to humans but not computers. -In order to use reCAPTCHA, to register your web site on [http://recaptcha.net/] and acquire a set of keys. -Once the web site is registered, add your keys to config.xml: - - Alphanumeric string - Alphanumeric string - +In order to use reCAPTCHA, to register your web site on [http://www.google.com/recaptcha] and get a pair of keys. +Add these keys to config.xml: +``` +Site key +Secret key +``` -## Minimum credit +#### Minimum credit You may also require a minimum amount of credit to create or edit a profile. -To do so, put a `` element in your [config.xml](ProjectOptions) file +To do so, put a `````` element in your [config.xml](ProjectOptions) file -# Using stopforumspam.com +### Spam user accounts using stopforumspam.com http://www.stopforumspam.com is a service that maintains a database of spammer email addresses and IP addresses. If you include - - define("USE_STOPFORUMSPAM", true); - +``` +define("USE_STOPFORUMSPAM", true); +``` in your html/project/project.inc, this database will be checked before creating new accounts. -# Protecting message boards from spam +### Spam message board posts -## Akismet +#### Akismet BOINC message boards may be attacked by spammers. The anti-spam system from [akismet.com](http://www.akismet.com/) can be used to deal with this. @@ -96,25 +68,101 @@ To use Akismet, you have to acquire a free API key (12 character alphanumeric st You can get the key by registering for a [WordPress.com](http://www.wordpress.com/) user account. The API key will be emailed to you after you register. -''Note: If you are a commercial entity or if you are making more than $500 from your website, -please get a commercial key instead.'' +*Note: If you are a commercial entity or if you are making more than $500 from your website, +please get a commercial key instead.* Once you have the key, you have to add a new tag to your [config.xml](ProjectOptions) to enable the system: `1234567890ab` -To test if the system is working, create a user with name "_viagra-test-123_" +To test if the system is working, create a user with name "*viagra-test-123*" (this is an official test string) and try creating a new thread. Akismet should block the message. -## Minimum credit to post +#### Minimum credit to post You can require that users have a minimum amount of credit to post on a forum using the following database fields: -*forum.post_min_expavg_credit*:: users must have this amount of average credit to post on the forum -*forum.post_min_total_credit*:: users must have this amount of total credit to post on the forum +### **forum.post_min_expavg_credit** +users must have this amount of average credit to post on the forum +### **forum.post_min_total_credit** +users must have this amount of total credit to post on the forum There is currently no web interface for these; you have to set them manually using mysql or phpMyAdmin. These fields are at the forum level so that, for example, you can protect some forums while leaving a "Help" forum open. + +#### Require validated email address to post + +To require email address validation in order to post to the forums, send PMs, or create a profile, put +``` +define('VALIDATE_EMAIL_TO_POST', '1'); +``` +in your html/project/project.inc. + +## Cleaning up spam + +The script **html/ops/delete_spammers.php** can be used to clean up existing spam. +It deletes selected user accounts, including their profile and forum posts. +The usage is +``` +delete_spammers.php [N](--min_days) [N](--max_days) [--test] command +``` +**--min_days N**: Only delete items created at least N days ago. + +**--max_days N**: Only delete items created at most N days ago. + +**--test**: Print the items that would be deleted, but don't delete them. + +**command** is one of: + +**--profiles**: delete accounts that +* have a profile containing a link +* have no forum posts +* have no hosts +Use this for spammers who create profiles with commercial links. + +**--user_url**: delete accounts that +* have no hosts +* have no forum posts +* have a nonempty URL +Use for spammers who create accounts with commercial URLs. + +**--user_null**: delete accounts that +* have no hosts +* have no forum posts +* don't belong to a team +Spammers may create accounts and attempt to create a profile but fail; +this cleans up those accounts. +Use with --min_days 1 or 2 to avoid deleting new legit accounts. + +**--forums**: delete accounts that +* have no hosts +* have forum posts +* don't belong to a team (don't delete BOINC-wide team founders) +Use with --min_days 1 or 2 to avoid deleting new legit accounts. + +**--teams**: delete teams (and their owners and members) where the team +* has no total credit +* has description containing a link, or a URL +* is not a BOINC-Wide team +and the owner and members +* have no posts +* have no hosts + + +**--list filename**: + The given file contains a list of user IDs, one per line. + Delete these accounts. + Use this only for accounts with no hosts. + +**--id_range N M**: delete users with database IDs N to M inclusive. +Use this only for accounts with no hosts. + +**--teams**: delete teams that +* have 0 or 1 members +* have 0 total credit +* are not BOINC-Wide teams +* have descriptions containing a link +* the owner has no hosts and no posts