Rooba
/
boinc
mirror of https://github.com/BOINC/boinc.git
1
0
Fork 0
Code Issues 1 Packages Projects Releases Wiki Activity

Update ProtectionFromSpam.md file 

Signed-off-by: Vitalii Koshura <lestat.de.lionkur@gmail.com>
Vitalii Koshura 2023-04-02 05:20:39 +02:00
parent 220fac3184
commit 1830b94017
No known key found for this signature in database
GPG Key ID: CE0DB1726070A5A3
1 changed files with 115 additions and 67 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

182
ProtectionFromSpam.md

@ -1,90 +1,62 @@
[[PageOutline]]
# Dealing with spam
Spammers may attack your project's web site in various ways:
* Creating spam profiles.
* Posting spam on the message boards.
* Creating accounts with spam URLs.
* Create teams whose descriptions are spam.
The spam typically contains links to commercial web sites
(for advertising, or to increase Google page rank).
(to increase their Google page rank).
Spammers typically use automated scripts.
Spammers will use automated scripts to do these if they can,
but they will also do them manually.
BOINC provides tools for preventing spam,
and for removing existing spam.
# Cleaning up spam
## Preventing spam
The script *html/ops/delete_spammers.php* can be used to clean up spam.
It deletes selected user accounts, including their profile and forum posts.
The usage is
delete_spammers.php [N](--days) [--test] command
*--days N*: if present, only items created in the last N days are deleted.
### Spam teams
*--test*: if present, print the items that would be deleted, but don't delete them.
If you put
```
define("TEAM_CREATE_NEED_CREDIT", true);
```
in your html/project/project.inc,
users won't be able to create teams unless they have credit.
This is recommended.
*command* is one of:
*--profiles*: delete accounts that
* have a profile containing a link
* have no forum posts
* have no hosts
*--forums*: delete accounts that
* have no hosts
* have forum posts
* don't belong to a team (don't delete BOINC-wide team founders)
*--user_url*: delete accounts that
* have no hosts
* have no forum posts
* have a nonempty URL
*--list filename*:
The given file contains a list of user IDs, one per line.
Delete these accounts.
Use this only for accounts with no hosts.
*--id_range N M*: delete users with database IDs N to M inclusive.
Use this only for accounts with no hosts.
*--teams*: delete teams that
* have 0 or 1 members
* have 0 total credit
* are not BOINC-Wide teams
* have descriptions containing a link
# Preventing automated profile creation
## Using reCAPTCHA
To prevent automated profile creation, [reCAPTCHA](http://recaptcha.net/) system can be used.
### Spam user profiles
#### Using reCAPTCHA
To prevent spam profile creation, [reCAPTCHA](http://recaptcha.net/) system can be used.
For every profile modification it displays an image containing text,
which is recognizable to humans but not computers.
In order to use reCAPTCHA, to register your web site on [http://recaptcha.net/] and acquire a set of keys.
Once the web site is registered, add your keys to config.xml:
<recaptcha_public_key>Alphanumeric string</recaptcha_public_key>
<recaptcha_private_key>Alphanumeric string</recaptcha_private_key>
In order to use reCAPTCHA, to register your web site on [http://www.google.com/recaptcha] and get a pair of keys.
Add these keys to config.xml:
```
<recaptcha_public_key>Site key</recaptcha_public_key>
<recaptcha_private_key>Secret key</recaptcha_private_key>
```
## Minimum credit
#### Minimum credit
You may also require a minimum amount of credit to create or edit a profile.
To do so, put a `<profile_min_credit>` element in your [config.xml](ProjectOptions) file
To do so, put a ```<profile_min_credit>``` element in your [config.xml](ProjectOptions) file
# Using stopforumspam.com
### Spam user accounts using stopforumspam.com
http://www.stopforumspam.com is a service that maintains a database of spammer
email addresses and IP addresses.
If you include
define("USE_STOPFORUMSPAM", true);
```
define("USE_STOPFORUMSPAM", true);
```
in your html/project/project.inc, this database will be checked before
creating new accounts.
# Protecting message boards from spam
### Spam message board posts
## Akismet
#### Akismet
BOINC message boards may be attacked by spammers.
The anti-spam system from [akismet.com](http://www.akismet.com/) can be used to deal with this.
@ -96,25 +68,101 @@ To use Akismet, you have to acquire a free API key (12 character alphanumeric st
You can get the key by registering for a [WordPress.com](http://www.wordpress.com/) user account.
The API key will be emailed to you after you register.
''Note: If you are a commercial entity or if you are making more than $500 from your website,
please get a commercial key instead.''
*Note: If you are a commercial entity or if you are making more than $500 from your website,
please get a commercial key instead.*
Once you have the key, you have to add a new tag to your [config.xml](ProjectOptions) to enable the system:
`<akismet_key>1234567890ab</akismet_key>`
To test if the system is working, create a user with name "_viagra-test-123_"
To test if the system is working, create a user with name "*viagra-test-123*"
(this is an official test string) and try creating a new thread.
Akismet should block the message.
## Minimum credit to post
#### Minimum credit to post
You can require that users have a minimum amount of credit to post
on a forum using the following database fields:
*forum.post_min_expavg_credit*:: users must have this amount of average credit to post on the forum
*forum.post_min_total_credit*:: users must have this amount of total credit to post on the forum
### **forum.post_min_expavg_credit**
users must have this amount of average credit to post on the forum
### **forum.post_min_total_credit**
users must have this amount of total credit to post on the forum
There is currently no web interface for these; you have to set them manually
using mysql or phpMyAdmin.
These fields are at the forum level so that, for example, you
can protect some forums while leaving a "Help" forum open.
#### Require validated email address to post
To require email address validation in order to post to the forums, send PMs, or create a profile, put
```
define('VALIDATE_EMAIL_TO_POST', '1');
```
in your html/project/project.inc.
## Cleaning up spam
The script **html/ops/delete_spammers.php** can be used to clean up existing spam.
It deletes selected user accounts, including their profile and forum posts.
The usage is
```
delete_spammers.php [N](--min_days) [N](--max_days) [--test] command
```
**--min_days N**: Only delete items created at least N days ago.
**--max_days N**: Only delete items created at most N days ago.
**--test**: Print the items that would be deleted, but don't delete them.
**command** is one of:
**--profiles**: delete accounts that
* have a profile containing a link
* have no forum posts
* have no hosts
Use this for spammers who create profiles with commercial links.
**--user_url**: delete accounts that
* have no hosts
* have no forum posts
* have a nonempty URL
Use for spammers who create accounts with commercial URLs.
**--user_null**: delete accounts that
* have no hosts
* have no forum posts
* don't belong to a team
Spammers may create accounts and attempt to create a profile but fail;
this cleans up those accounts.
Use with --min_days 1 or 2 to avoid deleting new legit accounts.
**--forums**: delete accounts that
* have no hosts
* have forum posts
* don't belong to a team (don't delete BOINC-wide team founders)
Use with --min_days 1 or 2 to avoid deleting new legit accounts.
**--teams**: delete teams (and their owners and members) where the team
* has no total credit
* has description containing a link, or a URL
* is not a BOINC-Wide team
and the owner and members
* have no posts
* have no hosts
**--list filename**:
The given file contains a list of user IDs, one per line.
Delete these accounts.
Use this only for accounts with no hosts.
**--id_range N M**: delete users with database IDs N to M inclusive.
Use this only for accounts with no hosts.
**--teams**: delete teams that
* have 0 or 1 members
* have 0 total credit
* are not BOINC-Wide teams
* have descriptions containing a link
* the owner has no hosts and no posts