I'm a little late to the party but....
1. Akismet is the best auto spam detect and delete service out there
for Wordpress and they have a plugin for phpBB, although since I haven't
checked out phpBB in a stone age, I don't know how well that plugin
works.
2. Mollom is another auto detect and delete spam service but the free
version only allows for 100 analysis of forms per day. The primary CMS
was Drupal, although I believe they have plugins/PHP code/modules for
other CMS.
3. reCaptcha has been hacked but server based CAPTCHA plugins which
use the PHP GD libs can get a good 80% of it. Cons are increased CPU
and memory use on your server. Pretty much with all CAPTCHAs some
script bots have managed to get past the check. reCaptcha offloads the
CPU/memory to Google servers, but you must whitelist them if behind a
firewall. I saw a few CAPTCHA plugins for phpBB, but again, I didn't
check any of them out.
4. Firewall. http://www.configserver.com/cp/csf.html Most shared/VPS
packages have it already instantiated. One can config to automatically
ban IP addresses (IP deny) or add a manual list, additionally ban based
on GET requests and so on. This is a top level ban of spammers, they
will not be able to access the site, period. Add IP addresses
permanently ban list, if not spoofed, from spam uploads logs (variety
of places here you can find the IP address of the offender). Googlebot
is spoofed heavily so one needs to be careful here.
5. Disable anonymous uploads in server ftp. FTP/uploads should be
only allowed through registered users, who went through a series of
security checks, i.e. Captcha, firewall, even manual approval, Akismet,
Mollom. phpBB only should manage uploads and directory
permissions/ownership/groups should be set so only phpBB through
registered users can upload, not anonymous users through phpBB or
general users through the main ftp server. If using WHM/Cpanel, this
would be "pure-ftp" config.
6. Add hidden forms in registration and the upload forms. These are
additional forms and fields not visable, but in the code and one should
also change the form IDs periodically too. If those hidden forms and
fields are filled out, it's a spam bot and should be discarded.
8. Add delay in page response. Bots only stay on a page a certain
amount of time. Adding delay on a form often exceeds the spam script
time out.
9. Update all of your code and look for security holes.
10. Config phpBB where uploads are only allowed to registered users,
if you have levels of permissions, consider creating an trusted
registered user profile and giving ftp upload permission to that group,
manually approved. You should not allow anonymous users or recent
registered users to upload as well as limit their posts to say 5 in a
day. Put a 48 hr timeout on new accounts for certain permissions.
Even consider additional "respond to this email or answer this question"
manual approval of new accounts.
There is much more one can do but these are a few things.
Maintaining a complex site that musicdsp.org appears to be is a real
job, migrating to Drupal plus config, design, sys. admin, and all the
rest of it, is probably a paid job (done right). mySQL migration from
one CMS to another, well, there's what's advertized in some of these
scripts and their migration steps versus what really happens. In other
words, a little PHPmyAdmin plus knowing how to write mySQL queries goes
a long way. ;)
Hope this helps.
On 11.04.2012 02:18, Bram de Jong wrote:
so.... anyone?
- bram
On Fri, Apr 6, 2012 at 12:42 PM, Bram de Jong <bram.dej...@gmail.com>
wrote:
guys guys guys don't get ahead of yourselves! :-)
musicdsp.org is pretty simple in terms of code. Rewriting in drupal
(or similar) would take way too long and would -this is much more
important- require someone who is dedicated to musicdsp.org for the
next few years (as I myself have very little experience with Drupal,
except the nightmare that is called "security updates").
I'm just looking for someone who has a bit more time than me and
feels
like hacking (not coding) a few extra things like a captcha
(recaptcha?) and what not into musicdsp's current code base - which
is
PHP.
And anyway, if I would rewrite it, I would rewrite it in django as I
have a vast amount of experience with django. ;-))
- Bram
On Fri, Apr 6, 2012 at 8:12 AM, <david.lowenf...@gmail.com> wrote:
adding recaptcha to an existing site would not be too difficult,
and would get the job done.
if you decide to overhaul... I'm partial to Rails, it's pretty
awesome.
(disclosure I'm a ruby/rails developer as my day job)
there are a handful of CMS solutions for rails 3, here are two
options that look decent... I could help customize
http://refinerycms.com/
http://www.browsercms.org/
-D
On Apr 5, 2012, at 5:57 PM, Kevin Dixon wrote:
I would vote for a CAPTCHA... specifically recaptcha
http://www.google.com/recaptcha/whyrecaptcha
-Kevin
On Thu, Apr 5, 2012 at 1:03 PM, Bastian Schnuerle
<bastian.schnue...@silberstein.de> wrote:
just did wordpress for a friend .. looks nice .. +1 ..
Am 05.04.2012 um 21:50 schrieb douglas repetto:
I think even Wordpress would work very well for the content on
musicdsp.org. I agree a full drupal site seems like overkill!
douglas
On 4/5/12 10:05 AM, Bjorn Roche wrote:
On Apr 5, 2012, at 4:53 AM, Ross Bencina wrote:
Hey Bjorn,
On 5/04/2012 1:52 AM, Bjorn Roche wrote:
Any thoughts about modernizing the whole thing with a fresh
CMS?
I think it would be easier to maintain, have built-in spam
filters, and it would be easier to have multiple people do
the
work. Plus it would look more attractive. I don't think it
would
take much effort to redo the whole thing in, say, drupal.
Have you ever set up a Drupal site? I have. It is not for
small-time, non-commercial, low-maintenance overhead projects
imho.
Yes. Quite a few.
Imho it would be a huge job to port the current site to Drupal
and
there is a lot of ongoing maintenance required to keep
security
patches up to date etc etc.
Yes. The biggest problem is security updates. You are right:
major
PITA factor. This can be mitigated by a hosted solution, or a
multi-site install where someone is already monitoring the site
for
security updates. But, at the end of the day, that might not be
realistic.
Doing the theme port alone would be a lot of work.
I would not dream of porting the existing theme, but rather use
a
new, or built-in theme.
Unless I'm completely out of touch it is really non-trivial to
set
up something like musicdsp.org in Drupal with adequate spam
filtering. The standard Drupal capcha solution (Mollom) is not
great -- in my experience it flags a lot of false positives
(spam
that isn't spam).
Mollom sucks. Captchas alone catch the vast majority of spam.
The
rest can be handled with moderation.
Anyway, this is really just a vote against Drupal for
musicdsp.org,
not against using a CMS.
I actually think the current ad-hoc php solution is not so bad
--
but Bram knows more about these things than me.
Recaptcha could be added to the existing site with fairly
little
effort, but there are other advantages to a CMS: they are
easier to
team-manage, organize, and they have a number of potentially
useful
features like taxonomies (giving the ability to tag and
categorize
algos by language and purpose for example.)
bjorn
----------------------------- Bjorn Roche http://www.xonami.com
Audio
Collaboration http://blog.bjornroche.com
-- dupswapdrop -- the music-dsp mailing list and website:
subscription info, FAQ, source code archive, list archive, book
reviews, dsp links http://music.columbia.edu/cmc/music-dsp
http://music.columbia.edu/mailman/listinfo/music-dsp
--
...............................................
http://artbots.org
.....douglas.....irving........................
http://dorkbot.org
..........................
http://music.columbia.edu/cmc/music-dsp
...........repetto.............
http://music.columbia.edu/organism
...............................
http://music.columbia.edu/~douglas
--
dupswapdrop -- the music-dsp mailing list and website:
subscription info, FAQ, source code archive, list archive, book
reviews,
dsp links
http://music.columbia.edu/cmc/music-dsp
http://music.columbia.edu/mailman/listinfo/music-dsp
--
dupswapdrop -- the music-dsp mailing list and website:
subscription info, FAQ, source code archive, list archive, book
reviews, dsp
links
http://music.columbia.edu/cmc/music-dsp
http://music.columbia.edu/mailman/listinfo/music-dsp
--
dupswapdrop -- the music-dsp mailing list and website:
subscription info, FAQ, source code archive, list archive, book
reviews, dsp links
http://music.columbia.edu/cmc/music-dsp
http://music.columbia.edu/mailman/listinfo/music-dsp
--
dupswapdrop -- the music-dsp mailing list and website:
subscription info, FAQ, source code archive, list archive, book
reviews, dsp links
http://music.columbia.edu/cmc/music-dsp
http://music.columbia.edu/mailman/listinfo/music-dsp
--
http://www.samplesumo.com
http://www.freesound.org
http://www.smartelectronix.com
http://www.musicdsp.org
office: +32 (0) 9 335 59 25
mobile: +32 (0) 484 154 730
--
dupswapdrop -- the music-dsp mailing list and website:
subscription info, FAQ, source code archive, list archive, book reviews, dsp
links
http://music.columbia.edu/cmc/music-dsp
http://music.columbia.edu/mailman/listinfo/music-dsp
