[web2py] Re: Spammers on web2pyslices.com
Hi, is a different solution but have you ever tried CloudFlare (cloudflare.com) service? It is a kind of proxy-cache online. I use it with my site that has very very low traffic :-) but open comments and spammers have disappeared. {the site is made with Plone but I have to upgrade to web2py as soon as possible ;-)} PB Il giorno sabato 15 giugno 2013 06:40:50 UTC+2, rochacbruno ha scritto: > > Hi, > > recently we are having too many spams posted on web2pyslices.com > > I am deleting one by one, but started to be difficult to track this. > > We need to implement a captcha system or any other kind of spam blocking. > > is there any volunter? to do this for user registration form and also for > article post form? > > I am in a rush between work and medical treatments, I tried but I really > have no time now to develop this. > > If anybody can take this, please email me ans I give you access to the > development version of the code on pythonanywhere. > > Thanks. > > []'s > > --- > > Bruno Rocha > http://github.com/rochacbruno > http://rochacbruno.com.br > http://terraqueos.org > -- --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [web2py] Re: Spammers on web2pyslices.com
>> I think that honeypot + timestamp + js execution are transparent to the end user and keep the vast majority of bots out. Yes that sounds very good. Re: Honeypot. As already mentioned, a display:none input box on its own does not seem to defeat spammers these days. However, there could be other innovative ways of styling it so that real users ignored it. -- --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [web2py] Re: Spammers on web2pyslices.com
@mcm: apart from explaining a user how to set his browser to provide client auth with ssl, I don't think that pyhonaywhere lets you use client-side ssl auth. @joe: talking about "annoy", a 24 hour stop would surely make me angry. The problem here is stop bots, with this you have to manually unregister them anyway @villas: js execution lets you execute some server-side code that needs to be executed by the client too. Let the bots figure out that they need to reverse a string and send only the half of it deciphering your js functionjust loading a js environment they loose roughly a 70% of processing power. I think that honeypot + timestamp + js execution are transparent to the end user and keep the vast majority of bots out. Every captcha solution needs to trim out a large percentage of unwanted behaviours. a 100% proof solution only comes with high-grade security, but let's face it, web2pyslices.com doesn't need to be a banking site. On Sunday, June 16, 2013 12:07:41 PM UTC+2, Michele Comitini wrote: > > As an alternative method there is a very robust solution: client auth > using a x509 client certificate. As a user installing the certificate is > simpler than answering questions or reading weird captchas and he can > forget about it, the browser does all the auth by itself using the SSL/TLS > protocol, but it all depends on usage scenarios. You need a PKI that > generates a pkcs12 certificate+private key archive and let the user install > it on its browser. For my needs I have written a simple PKI here for > web2py: > > https://code.google.com/p/simpatica/ > > The code is really simple. The advantage is that certificate generation > can be automated during registration process of any web2py app. There are > other and better PKI implementations around, much more complex to manage, > but it depends on how much security and features you need. To avoid > browser complaints about insecure certificates, just use your server > private key that you use in your PKI, to request a cheap or free server > certicate (startssl.com is a good one), install it on your web server > along with the private key and you are done. Web2py supports x509 auth out > of the box with rocket, but you can use most ssl enabled servers: apache, > nginx, cherokee and many others. > > mic > > > 2013/6/16 Joe Barnhart > > >> At least one site i use regularly implemented a 24-hour posting delay. >> Sign up today and your posting ability starts tomorrow. It was a little >> annoying to newbies but it really zeroed the spam! >> >> -- Joe >> >> >> On Saturday, June 15, 2013 12:40:50 PM UTC+8, rochacbruno wrote: >>> >>> Hi, >>> >>> recently we are having too many spams posted on web2pyslices.com >>> >>> I am deleting one by one, but started to be difficult to track this. >>> >>> We need to implement a captcha system or any other kind of spam blocking. >>> >>> is there any volunter? to do this for user registration form and also >>> for article post form? >>> >>> I am in a rush between work and medical treatments, I tried but I really >>> have no time now to develop this. >>> >>> If anybody can take this, please email me ans I give you access to the >>> development version of the code on pythonanywhere. >>> >>> Thanks. >>> >>> []'s >>> >>> --- >>> >>> Bruno Rocha >>> http://github.com/rochacbruno >>> http://rochacbruno.com.br >>> http://terraqueos.org >>> >> -- >> >> --- >> You received this message because you are subscribed to the Google Groups >> "web2py-users" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to web2py+un...@googlegroups.com . >> >> For more options, visit https://groups.google.com/groups/opt_out. >> >> >> > > -- --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [web2py] Re: Spammers on web2pyslices.com
As an alternative method there is a very robust solution: client auth using a x509 client certificate. As a user installing the certificate is simpler than answering questions or reading weird captchas and he can forget about it, the browser does all the auth by itself using the SSL/TLS protocol, but it all depends on usage scenarios. You need a PKI that generates a pkcs12 certificate+private key archive and let the user install it on its browser. For my needs I have written a simple PKI here for web2py: https://code.google.com/p/simpatica/ The code is really simple. The advantage is that certificate generation can be automated during registration process of any web2py app. There are other and better PKI implementations around, much more complex to manage, but it depends on how much security and features you need. To avoid browser complaints about insecure certificates, just use your server private key that you use in your PKI, to request a cheap or free server certicate (startssl.com is a good one), install it on your web server along with the private key and you are done. Web2py supports x509 auth out of the box with rocket, but you can use most ssl enabled servers: apache, nginx, cherokee and many others. mic 2013/6/16 Joe Barnhart > At least one site i use regularly implemented a 24-hour posting delay. > Sign up today and your posting ability starts tomorrow. It was a little > annoying to newbies but it really zeroed the spam! > > -- Joe > > > On Saturday, June 15, 2013 12:40:50 PM UTC+8, rochacbruno wrote: >> >> Hi, >> >> recently we are having too many spams posted on web2pyslices.com >> >> I am deleting one by one, but started to be difficult to track this. >> >> We need to implement a captcha system or any other kind of spam blocking. >> >> is there any volunter? to do this for user registration form and also for >> article post form? >> >> I am in a rush between work and medical treatments, I tried but I really >> have no time now to develop this. >> >> If anybody can take this, please email me ans I give you access to the >> development version of the code on pythonanywhere. >> >> Thanks. >> >> []'s >> >> --- >> >> Bruno Rocha >> http://github.com/rochacbruno >> http://rochacbruno.com.br >> http://terraqueos.org >> > -- > > --- > You received this message because you are subscribed to the Google Groups > "web2py-users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to web2py+unsubscr...@googlegroups.com. > > For more options, visit https://groups.google.com/groups/opt_out. > > > -- --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
[web2py] Re: Spammers on web2pyslices.com
At least one site i use regularly implemented a 24-hour posting delay. Sign up today and your posting ability starts tomorrow. It was a little annoying to newbies but it really zeroed the spam! -- Joe On Saturday, June 15, 2013 12:40:50 PM UTC+8, rochacbruno wrote: > > Hi, > > recently we are having too many spams posted on web2pyslices.com > > I am deleting one by one, but started to be difficult to track this. > > We need to implement a captcha system or any other kind of spam blocking. > > is there any volunter? to do this for user registration form and also for > article post form? > > I am in a rush between work and medical treatments, I tried but I really > have no time now to develop this. > > If anybody can take this, please email me ans I give you access to the > development version of the code on pythonanywhere. > > Thanks. > > []'s > > --- > > Bruno Rocha > http://github.com/rochacbruno > http://rochacbruno.com.br > http://terraqueos.org > -- --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
[web2py] Re: Spammers on web2pyslices.com
Personally I don't like captcha image, before delving into the implementation of whatever like that it is worth to try the honeypot mechanism namely a 'hidden field'. A field that if filled out allow you to distinguish between user and robots requests. The field it is hidden by css properties real users aren't able to fill it. More here: http://en.wikipedia.org/wiki/Honeypot_%28computing%29 Actually, I have never tested if that really works! we could think about implementing it as an option for web2py, it would be very welcome. Finally, it seems that web2pyslices.com registration has got a captcha, have you already implemented it? Paolo On Saturday, June 15, 2013 6:40:50 AM UTC+2, rochacbruno wrote: > > Hi, > > recently we are having too many spams posted on web2pyslices.com > > I am deleting one by one, but started to be difficult to track this. > > We need to implement a captcha system or any other kind of spam blocking. > > is there any volunter? to do this for user registration form and also for > article post form? > > I am in a rush between work and medical treatments, I tried but I really > have no time now to develop this. > > If anybody can take this, please email me ans I give you access to the > development version of the code on pythonanywhere. > > Thanks. > > []'s > > --- > > Bruno Rocha > http://github.com/rochacbruno > http://rochacbruno.com.br > http://terraqueos.org > -- --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.