Hi,
Seems our beloved spammer is back. We've had mods keeping an eye out and deleting posts, but of course, it isn't a proper solution.
Q. I remember enabling stopforumspam - does it work?
I've filed an RFE for Akismet alternatives: http://askbot.org/en/question/12507/alternatives-to-akismet/
Mollom looks nice, and it's open source too. There's already a django-mollom module available: https://pypi.python.org/pypi/django-mollom/0.1
Would a django guru like to see if it can be used with our deployment already without requiring code changes to ask?
Thanks, Ankur
Hi
On Thu, Oct 30, 2014 at 12:13 PM, Ankur Sinha sanjay.ankur@gmail.com wrote:
Hi,
I've filed an RFE for Akismet alternatives: http://askbot.org/en/question/12507/alternatives-to-akismet/
Mollom looks nice, and it's open source too. There's already a django-mollom module available: https://pypi.python.org/pypi/django-mollom/0.1
Mollom has the same problem as Akismet. It is backed by a proprietary service.
Rahul
rmOn Thu, 2014-10-30 at 21:50 -0400, Rahul Sundaram wrote:
Mollom has the same problem as Akismet. It is backed by a proprietary service.
Hrm, yeah - the plugins are opensource, but the comments are sent to the "mothership" for checking and the mothership is closed source.
I haven't been able to find a completely open source spam prevention service - is there one?
Mollom does seem to have a good privacy policy: https://mollom.com/web-service-privacy-policy
but then, so does Akismet: http://automattic.com/privacy/
On Thu, 30 Oct 2014 16:13:24 +0000 Ankur Sinha sanjay.ankur@gmail.com wrote:
Hi,
Seems our beloved spammer is back. We've had mods keeping an eye out and deleting posts, but of course, it isn't a proper solution.
Q. I remember enabling stopforumspam - does it work?
I don't think we ever figured out if it did or not. ;)
Orig it was installed, but we saw that it was not able to handle the proxied connections (since all of them come from the same proxy ip's instead of the spammers ip). So, I think we had a patch in there to read the headers.
But then I am not sure if it was working or not... we should test it out in staging if possible.
kevin
On Fri, 2014-10-31 at 08:33 -0600, Kevin Fenzi wrote:
I don't think we ever figured out if it did or not. ;)
Orig it was installed, but we saw that it was not able to handle the proxied connections (since all of them come from the same proxy ip's instead of the spammers ip). So, I think we had a patch in there to read the headers.
I just checked, and the version of the package in EL contains the patch.
But then I am not sure if it was working or not... we should test it out in staging if possible.
Yeah. I'm going to try to see if it works.
On Sat, 2014-11-08 at 14:11 +0000, Ankur Sinha wrote:
Yeah. I'm going to try to see if it works.
The issue maybe that our spammers aren't listed at all in the stopforumspam database. It's a little difficult to check, though. The stopforumspam database lets you search either by IP or by e-mail, and I don't know how to extract either from Askbot. I've asked a question here[1].
Said it before, saying it again - I wish upstream had a proper issue tracker :/
[1] http://askbot.org/en/question/12850/how-do-i-get-user-information-from-the-d...
I have that strong feeling that if we remove Facebook and Yahoo from login/sign-up options, the things will be much better.
Can we do that, even as a test/trial and see how it goes?
On 11/08/2014 04:41 PM, Ankur Sinha wrote:
On Sat, 2014-11-08 at 14:11 +0000, Ankur Sinha wrote:
Yeah. I'm going to try to see if it works.
The issue maybe that our spammers aren't listed at all in the stopforumspam database. It's a little difficult to check, though. The stopforumspam database lets you search either by IP or by e-mail, and I don't know how to extract either from Askbot. I've asked a question here[1].
Said it before, saying it again - I wish upstream had a proper issue tracker :/
[1] http://askbot.org/en/question/12850/how-do-i-get-user-information-from-the-d...
infrastructure mailing list infrastructure@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/infrastructure
On Sat, 2014-11-08 at 17:09 +0200, NikTh wrote:
I have that strong feeling that if we remove Facebook and Yahoo from login/sign-up options, the things will be much better.
Can we do that, even as a test/trial and see how it goes?
How exactly would you test this? You don't know when the spammer is going to post. If you're advising that we just switch them off and wait for a month, I'm not sure if it's a very good idea - I'd expect quite a few users using these authentication methods. The issue is that we haven't info on our userbase - who is using what, how many are using what. If we can narrow down the methods that the spammer is using, we can work on something to limit them.
Hello, I'm not sure, just a suggestions, the authentication facilities should have some logs, maybe it's worth the effort to check how the spammer is authenticating. If there are no such logs maybe we should look to implement some. On Sat Nov 08 2014 at 6:07:27 PM Ankur Sinha sanjay.ankur@gmail.com wrote:
On Sat, 2014-11-08 at 17:09 +0200, NikTh wrote:
I have that strong feeling that if we remove Facebook and Yahoo from login/sign-up options, the things will be much better.
Can we do that, even as a test/trial and see how it goes?
How exactly would you test this? You don't know when the spammer is going to post. If you're advising that we just switch them off and wait for a month, I'm not sure if it's a very good idea - I'd expect quite a few users using these authentication methods. The issue is that we haven't info on our userbase - who is using what, how many are using what. If we can narrow down the methods that the spammer is using, we can work on something to limit them. -- Thanks, Regards, Ankur Sinha "FranciscoD"
http://fedoraproject.org/wiki/User:Ankursinha _______________________________________________ infrastructure mailing list infrastructure@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/infrastructure
On Nov 8, 2014 9:07 AM, "Ankur Sinha" sanjay.ankur@gmail.com wrote:
On Sat, 2014-11-08 at 17:09 +0200, NikTh wrote:
I have that strong feeling that if we remove Facebook and Yahoo from login/sign-up options, the things will be much better.
Can we do that, even as a test/trial and see how it goes?
How exactly would you test this? You don't know when the spammer is going to post. If you're advising that we just switch them off and wait for a month, I'm not sure if it's a very good idea - I'd expect quite a few users using these authentication methods. The issue is that we haven't info on our userbase - who is using what, how many are using what. If we can narrow down the methods that the spammer is using, we can work on something to limit them. -- Thanks, Regards, Ankur Sinha "FranciscoD"
Earlier today, Kevin was kind enough to sponsor me for sysadmin-ask and pkg commits on askbot. I'm going to try my hand at rebasing our patches to the latest upstream release, in a few hours or tomorrow. There will be a feature branch if you want to watch it unfold.
I plan to poke at the django admin views as well. there's a view for auth/user pairings, for example, but it isn't searchable. I don't see an immediate way to list blocked users. If you can think of other ways to look at the data that would help, speak up :)
--Pete
On Sat, 2014-11-08 at 15:39 -0700, Pete Travis wrote:
Earlier today, Kevin was kind enough to sponsor me for sysadmin-ask and pkg commits on askbot. I'm going to try my hand at rebasing our patches to the latest upstream release, in a few hours or tomorrow. There will be a feature branch if you want to watch it unfold.
Yay! :D
I plan to poke at the django admin views as well. there's a view for auth/user pairings, for example, but it isn't searchable. I don't see an immediate way to list blocked users. If you can think of other ways to look at the data that would help, speak up :)
I just noticed that an update is available: upstream just released 0.7.50[1] - hopefully this will improve the moderation code etc. Upstream also seems to have added new "modes", as per this question[2]
I'll try to update the package and then we can think about deploying a staging instance.
[1] https://github.com/ASKBOT/askbot-devel/releases/tag/0.7.50 [2] http://askbot.org/en/question/3065/how-to-block-spam/?answer=4063#post-id-40...
On Sat, 2014-11-08 at 15:39 -0700, Pete Travis wrote:
Earlier today, Kevin was kind enough to sponsor me for sysadmin-ask and pkg commits on askbot. I'm going to try my hand at rebasing our patches to the latest upstream release, in a few hours or tomorrow. There will be a feature branch if you want to watch it unfold.
Wait! You're already doing this! I'll let you go ahead :P
/me needs to pay more attention to his mails
On Sun, 2014-11-09 at 16:03 +0000, Ankur Sinha wrote:
Wait! You're already doing this! I'll let you go ahead :P
I updated the package - I haven't pushed an update yet - I want to test it out on staging before we do. If anyone else with infra perms has the cycles, you can go ahead and test it out on staging already:
https://ankursinha.fedorapeople.org/askbot/
On Sun, 09 Nov 2014 17:36:45 +0000 Ankur Sinha sanjay.ankur@gmail.com wrote:
On Sun, 2014-11-09 at 16:03 +0000, Ankur Sinha wrote:
Wait! You're already doing this! I'll let you go ahead :P
I updated the package - I haven't pushed an update yet - I want to test it out on staging before we do. If anyone else with infra perms has the cycles, you can go ahead and test it out on staging already:
Note that askbot is orphaned/retired in f21 and rawhide.
The el6 branch is the one we are using.
So, thats the one that needs to build/work. I tried building it as a simple version bump right when the new version came out but there were patches that needed to be rebased.
I'd love for us to get a epel7 version working, but I fear we are out of luck for now there because it doesn't support the new Django there.
kevin
Hi Kevin,
On Sun, 2014-11-09 at 10:48 -0700, Kevin Fenzi wrote:
Note that askbot is orphaned/retired in f21 and rawhide.
The el6 branch is the one we are using.
So, thats the one that needs to build/work. I tried building it as a simple version bump right when the new version came out but there were patches that needed to be rebased.
Aye. This srpm builds perfectly in an EL6 mockroot - I already redid the patches etc. I just uploaded the built rpms too.
https://ankursinha.fedorapeople.org/askbot/askbot-0.7.50-1.el6.noarch.rpm https://ankursinha.fedorapeople.org/askbot/askbot-0.7.50-1.el6.src.rpm
I'd love for us to get a epel7 version working, but I fear we are out of luck for now there because it doesn't support the new Django there.
Yeah. I've been meaning to speak to upstream about the django version - will try doing it soon.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 11/09/2014 11:22 AM, Ankur Sinha wrote:
Hi Kevin,
On Sun, 2014-11-09 at 10:48 -0700, Kevin Fenzi wrote:
Note that askbot is orphaned/retired in f21 and rawhide.
The el6 branch is the one we are using.
So, thats the one that needs to build/work. I tried building it as a simple version bump right when the new version came out but there were patches that needed to be rebased.
Aye. This srpm builds perfectly in an EL6 mockroot - I already redid the patches etc. I just uploaded the built rpms too.
https://ankursinha.fedorapeople.org/askbot/askbot-0.7.50-1.el6.noarch.rpm https://ankursinha.fedorapeople.org/askbot/askbot-0.7.50-1.el6.src.rpm
I'd love for us to get a epel7 version working, but I fear we are out of luck for now there because it doesn't support the new Django there.
Yeah. I've been meaning to speak to upstream about the django version - will try doing it soon.
infrastructure mailing list infrastructure@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/infrastructure
Okay, I'm up, sorry to leave this half finished... I think we landed in pretty much the same place.
I'm going to do a little testing locally. Upstream requirements now claim django < 1.6 should work, so python-django15 would be nice if we could get it working.
- -- - -- Pete Travis - Fedora Docs Project Leader - 'randomuser' on freenode - immanetize@fedoraproject.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Sun, Nov 09, 2014 at 11:49:52AM -0700, Pete Travis wrote:
I'm going to do a little testing locally. Upstream requirements now claim django < 1.6 should work, so python-django15 would be nice if we could get it working.
python-django15 is not supported any more by django upstream. Only "supported" version < django-1.6 Django14. Upstream will drop that probably around March next year. IMHO, there is no other version announced to become "long term supported".
On the other side, Django is quite excellent at announcing deprecation of features (about 9 months ahead):[1] for Django 1.7, this is published since this Summer.
[1] https://docs.djangoproject.com/en/1.7/internals/deprecation/
- -- Matthias Runge mrunge@matthias-runge.de
On Nov 15, 2014 3:36 AM, "Matthias Runge" mrunge@matthias-runge.de wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Sun, Nov 09, 2014 at 11:49:52AM -0700, Pete Travis wrote:
I'm going to do a little testing locally. Upstream requirements now claim django < 1.6 should work, so python-django15 would be nice if we could get it working.
python-django15 is not supported any more by django upstream. Only "supported" version < django-1.6 Django14. Upstream will drop that probably around March next year. IMHO, there is no other version announced to become "long term supported".
On the other side, Django is quite excellent at announcing deprecation of features (about 9 months ahead):[1] for Django 1.7, this is published since this Summer.
[1] https://docs.djangoproject.com/en/1.7/internals/deprecation/
Matthias Runge mrunge@matthias-runge.de -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
Good to know, thanks Matthias. Those other does still appear to be needed, though.... I suppose I should be filing some bz tickets.
--Pete
On 16/11/14 00:11, Pete Travis wrote:
Good to know, thanks Matthias. Those other does still appear to be needed, though.... I suppose I should be filing some bz tickets.
Pete,
Django14 on epel6 is still there:
http://pkgs.fedoraproject.org/cgit/Django14.git/commit/?h=el6
It doesn't make sense to have Django-1.5 (since it's deprecated by upstream already). It would be great, if ask would support newer Django versions as well; then we could re-introduce it to rawhide as well.
/me thinks more about replacing ask by some other app. It tends to create unstructured content. Questions are asked again and again (creating threads over threads). Try to find something there, if it's not tagged...
Matthias
I cannot be sure, but as I said I have a strong feeling about these two social channels. Particularly the yahoo service. And yes, I would test this by a trial of 20-30 days. If it's not difficult, I would also advise create a login service independent from social media. Like username and password and e-mail and of course a strong captcha.
On 11/08/2014 06:07 PM, Ankur Sinha wrote:
On Sat, 2014-11-08 at 17:09 +0200, NikTh wrote:
I have that strong feeling that if we remove Facebook and Yahoo from login/sign-up options, the things will be much better.
Can we do that, even as a test/trial and see how it goes?
How exactly would you test this? You don't know when the spammer is going to post. If you're advising that we just switch them off and wait for a month, I'm not sure if it's a very good idea - I'd expect quite a few users using these authentication methods. The issue is that we haven't info on our userbase - who is using what, how many are using what. If we can narrow down the methods that the spammer is using, we can work on something to limit them.
infrastructure mailing list infrastructure@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/infrastructure
On Sun, 09 Nov 2014 02:02:29 +0200 NikTh nickth@fedoraproject.org wrote:
I cannot be sure, but as I said I have a strong feeling about these two social channels. Particularly the yahoo service. And yes, I would test this by a trial of 20-30 days. If it's not difficult, I would also advise create a login service independent from social media. Like username and password and e-mail and of course a strong captcha.
I blocked our spammer a few times last night and went and looked at the associations table... they were using twitter openid. ;)
Dunno if thats what they always use, but they were last night anyhow.
kevin
If we find a solution through the upstream/update, then OK. If not, then we could disable (at least for now) the social media sign ups, the most possible responsible for such activity, Twitter, FB, yahoo. We could keep the FAS, Google, openID and also an independent account could be handy for people who don't want to associate social media with AskFedora.
On 11/09/2014 06:10 PM, Kevin Fenzi wrote:
On Sun, 09 Nov 2014 02:02:29 +0200 NikTh nickth@fedoraproject.org wrote:
I cannot be sure, but as I said I have a strong feeling about these two social channels. Particularly the yahoo service. And yes, I would test this by a trial of 20-30 days. If it's not difficult, I would also advise create a login service independent from social media. Like username and password and e-mail and of course a strong captcha.
I blocked our spammer a few times last night and went and looked at the associations table... they were using twitter openid. ;)
Dunno if thats what they always use, but they were last night anyhow.
kevin
infrastructure mailing list infrastructure@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/infrastructure
infrastructure@lists.fedoraproject.org
-
Ankur Sinha -
Kevin Fenzi -
Matthias Runge -
NikTh -
Pete Travis -
Petyo Vodenicharov -
Rahul Sundaram