On Wednesday, September 01, 2010 08:21:15 pm Matthew Gamble wrote: > 1) Authenticated email address. Not hard to get, but it does stop > random signups > 2) Reports from new accounts are not added to the global list for X > days to monitor the quality of the data they are submitting. > > Further to the above, I'm adding a "score" feature to the output, so > when you request a list of "bad" hosts you would get a file with IP, > last reported date, and "score". The score would be a function of a > few things:
An important part of score would be not accepting data from new members until other members have confirmed the attacks at their systems (i.e. System New reports a.b.c.d, it is not actually used until System Old1, Old2 and Old3 also report the same address. Once that happens, System New's score is incremented a bit. Once System New's score reaches $VALUE, they're more or less trusted the same as Systems Old1, Old2 and Old3. > 1) How well do you trust the reporter(s)? Age of accounts, never > flagged for reporting bad data, etc > 2) How many people reported this IP? 1? It wouldn't be in the > database until a few different sites reported it, etc > 3) Other criteria I'm still writing. The scoring system like above would be pretty effective at blocking attempts to maliciously block people while staying pretty much automatic. Negative scoring could also occur but I'd make it very difficult to have a trusted system fall into untrusted status automatically. -A. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
