Any feedback (positive or negative) regarding my anti-spam / IP blocker plugin?

It's been almost a month since I've released the http:blacklist plugin: http://community.elgg.org/plugins/1641554/1.8.2/elgg-1819-httpblacklist (just updated today to offer also a working version for Elgg 1.9).

Sadly, there was no response whatsoever since then. So, I really don't know if this plugin has any value at all and if it's worth to improve it (and anyway feedback regarding possible improvements would be appreciated, too).

Is it that the purpose of the plugin is not clear? The http:bl blacklist is a service similar for example to Stopforumspam, i.e. it's a database of IP addresses that were previously used for suspicious actions like posting spam and other malicious things. The http:blacklist plugin checks against the database when the 'register', 'forgotpassword' or 'login' pages are accessed and blocks / redirects the access if the IP address is listed.

I would really like to know if there's any positive effect is noticeable when then plugin is used (e.g. what does the block counter says?). The http:bl blacklist database seems to have at least an equal number of listed IPs compared to the Stopforumspam database, so I wonder if you notice a similar (positive) effect regarding reduction of spam on your site.

  • For me indeed the purpose is a bit unclear. Spam login filter plugin combined with IP tracker seems to do the same. What I found that these plugins miss, is they do not check registered users unless they become active again. Also that you cannot manage the IP database, adding IP addresses manually (deleting is possible)

    Spammers are often digital nomads, moving through the internet from site to site and only return to make new accounts and off course sometimes return to add content, risking detection and they tend to know that and therefore do not return to existing accounts.

    That still leaves bad users and bad content behind. So I think that the fight against spammers has to move to already registered users. Finding them and eliminate them and their content. This is not to promote my plugin, since it is not very much used as well and I don't really care.

    I just want to fight the bad guys if and when possible and if we can come up with more ideas I am willing to work together on this. Others can benefit from it if they use it and if they don't at least we gave them a fighting chance.

  • The really depressing story behind this, is that the frontdoor anti spam plugins deny 90% of the registrations (more than 200/day) and that my spam check plugin finds another 25% of the registration accounts to be spammers after a couple of days/weeks. Leaving 15 users per day not being known spammers out of 200. Sometimes a bit more, but still not very encouraging.

    This is so depressing, I sometimes want to stop the whole project and go do something else. But I still have a feeling that if we can fight it at the root cause, there is a reason to go on. And it is not just Elgg, any social network is suffering from it, but a lot of them just do not seem to care.

  • @ innoy and gerard, I have not tested your plugins but I think you are on the right direction. I am also working on two anti spams to help fight spammers and robots or automatedscripts. Lets keep up the good work...

  • @ iionly and Gerard, I will test them and then give my feedback once i have used them on my testing site.

  • I agreee With you @gerard wat u says is right we need to do something to stop this ...

  • hmm.. spam maps. ;)
    i haven't used this new plugin yet, since i looked at project honeypot a while ago and concluded it was flawed.

    i notice that thunderbird email uses some type of pattern recognition process (learning) to identify what is and is not spam. i do not know whether honeypot, stopforumspam and fassim are using this type of approach too, yet i see that it can be effective.
    a learning approach will allow profiles to be created, yet will scan all created content items and combine that with other available information, to provide a 'junk' list, as email apps do.

    this approach would be an improvement over the type of blanket denial that is applied via existing plugins since the process is adapatable and actively intelligent.

  • @Ura, a learning system would indeed be a good approach, but to determine such patterns and build it might be quite hard. Akismet is using pattern recognition and I tried it, but it is flawed. Too much false positives.

    I don't think SFS or fassim is using it. Anyway, I think it is a good direction and maybe we can come up with a better approach.

  • @tom, what is your take with those two plugins ?

  • @ura:

    i looked at project honeypot a while ago and concluded it was flawed.

    What do you mean?

    @Gerard:

    Spam login filter plugin combined with IP tracker seems to do the same.

    Stopforumspam and Project Honeypot have their own database each that is used to gain information on the IP addresses. There might be overlapping entries but who knows that for sure. That's why I would like to know if the http:blacklist plugin makes any (positive) difference. And I don't want to suggest to use the http:blacklist plugin instead of the Spam Filter plugin. I think they might complement each other and improve the ratio of blocked spammers.

    Of course, you won't catch 100% of all spammers before they register. But you gave the number yourself: 90% of all account creation attempts are blocked (with Spam Filter alone). The question is: can the http:blacklist plugin increase this 90% (and consequently decrease the number of spammers who only get identified later after they already posted some spam).

    The Project Honeypot has a slightly different approach in identifying spammers (and other malicious actions). They have a distributed network of many, many 1000s of honypot sites that track the actions of spam bots, harvesters, dictionary attackers, search engines (not the valid ones) and more. The comment spamming identification (what's annoying on Elgg sites) is also done via their honeypot servers and not possible right now (sadly) by direct reporting of identified spammers.

    While other anti-spam plugins surely provide an additional benefit by using different approaches each (as I said it should not be "either ... or ..." but rather "... and ...") I would like to ask to keep the discussion here on topic regarding the http:blacklist plugin. It's this plugin I would like to hear feedback about here.

  • there are several flaws with the honeypot concept (and other existing anti-spam systems), which i rarely see addressed. the primary issue for me is that they pass responsibility for 'vetting' the visitors to my site to an external and un-examinable process - so i am essentially passing over the doorkeys to a security guard. since this whole topic of spam prevention is that of trust and the abuse of trust that spammers choose to express when they spam, we already know that there are many users of the internet who cannot be trusted to act with integrity. so why then would i trust coders of a 'security app' to be acting with integrity, when the truth is that i know almost nothing about the ones involved wtih running the project and am not seeing the workings of the code?

    i would not trust a 3rd party to vet my emails, to prevent certian mails from reaching me - so why would i do the same for the visitors to my website?

    ultimately this type of system is open to abuse of a different kind to spamming and i can also see that some spamming could exist solely to push website operators towards using the anti-spamming software and thus handing over the doorkeys to their site to these 3rd parties and thus then opening a way for the traffic to be manipulated.

    there are other issues with these services, yet this is the primary one which puts me off of using them and i am not aware of a solution to this issue - except to use a radically and entirely different approach.