While attempting to configure the new spam module, I found that there is an issue with the way we are doing proxy caching which is causing issues with the way the module is supposed to work. More spam was coming through, so here's the actions I took:<br>
- disabled Mollom, re-enabled reCaptcha<br>- disabled anonymous posting, at least temporarily- discussion following..<br><br>I suspect that there is a reason we have allowed anonymous postings, and I'd like to hear what that reason is as a part of the discussion on revamping the website. <br>
<br>My personal feeling is that I'm not sure it's really necessary to allow completely anonymous users to post to the site, essentially requiring us to monitor and control for spam like this. Since logged in users can change the "author" of the post to appear as anonymous, I suggest that we make it apparent that this can be done in the redesign, and require people to register on the website in order to post comments, stories, etc.<br>
<br>Thoughts? -CR<br><br><div class="gmail_quote">On Sun, May 1, 2011 at 6:09 PM, Chris Ritzo <span dir="ltr"><<a href="mailto:chris.ritzo@gmail.com">chris.ritzo@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">
I just changed the settings so all forms use mollom's captcha not textual analysis. let me know if the spam continues.<br><font color="#888888"><br>Chris</font><div><div></div><div class="h5"><br><br><div class="gmail_quote">
On Sun, May 1, 2011 at 5:22 PM, Mike Lehman <span dir="ltr"><<a href="mailto:rebelmike@earthlink.net" target="_blank">rebelmike@earthlink.net</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">
<div bgcolor="#ffffff" text="#000000">
With my set-up, when I'm not signed into my account I can see a link
to the Mollom privacy policy, but do not see any actual captchas.<br>
<br>
Could be unrelated, but we're getting a bunch of mortgage spam over
the last couple of hours.<br><font color="#888888">
Mike Lehman</font><div><div></div><div><br>
<br>
On 5/1/2011 3:33 PM, Chris Ritzo wrote:
<blockquote type="cite">all: <br>
I've just switched the IMC site from the reCaptcha module to the
Mollom module. All forms that are exposed to non-authenticated
users should now be protected either by captchas or by Mollom's
textual analysis.. For those monitoring posts, I'm hoping this
reduces the amount of spam posts that you see. please confirm if
you note this.<br>
<br>
Thanks,<br>
Chris<br>
<br>
<div class="gmail_quote">On Fri, Apr 29, 2011 at 3:05 PM, Mike
Lehman <span dir="ltr"><<a href="mailto:rebelmike@earthlink.net" target="_blank">rebelmike@earthlink.net</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">
<div bgcolor="#ffffff" text="#000000"> Found a little info
that may be relevant. <br>
<a href="http://computerworld.co.nz/news.nsf/security/mozilla-patches-firefox-4-fixes-programming-bungle" target="_blank">http://computerworld.co.nz/news.nsf/security/mozilla-patches-firefox-4-fixes-programming-bungle</a><br>
<br>
Seems one of the fixes in FF 4.0.1 was to deal with a MS
issue with ASLR in Vista and 7 that made them "making the
flaw as exploitable on those platforms as it would be on
Windows XP or other platforms." <br>
<br>
Maybe when they fixed things in Vista and 7, they broke
cpatchas in XP? Just speculation, but since many things
funky lead back to MS, this wouldn't surprise me.<br>
<font color="#888888"> Mike Lehman</font>
<div>
<div><br>
<br>
On 4/29/2011 1:32 PM, Mike Lehman wrote:
<blockquote type="cite"> Chris,<br>
More info. I tried a test post on my other machine.
Entered the displayed captcha, hit Save and -- then it
gave me an error message and no longer displayed any
captcha. Now that I've seen it twice, it was the same
thing that happened the first time a couple of days
ago, as I was trying a test post then, too.<br>
<br>
You can sign in and out of your account, everything's
fine there, but you never get the captchas back so
that it's possible to post when not logged in.<br>
<br>
My guess now is that this is an issue with Firefox.
It's actually Firefox 4.0.1 that I'm running on both
machines.<br>
Mike Lehman<br>
<br>
On 4/29/2011 11:05 AM, Chris Ritzo wrote:
<blockquote type="cite">Thanks for documenting your
troubleshooting Mike. I haven't had a chance to look
into this yet, and it appears that the issue is
inconsistent. I've had good results using the Mollom
module for captchas on other sites and I'm thinking
of just switching the IMC site to that. It uses a
web service to do the captchas and will also do
textual analysis on fields which is an added layer
of spam protection.<br>
<br>
Chris<br>
<br>
<div class="gmail_quote">On Fri, Apr 29, 2011 at
10:29 AM, Mike Lehman <span dir="ltr"><<a href="mailto:rebelmike@earthlink.net" target="_blank">rebelmike@earthlink.net</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;"> After some
poking around...<br>
<br>
Still no captchas on my usual machine, even
after several reboots. On my laptop, captchas
are there. Both machines are running XP SP3 and
the latest version of Firefox (4.0), so not sure
why they just went MIA on the one.<br>
<br>
And the captchas seem to be there for others, as
we've had some of the usual spam and one
legitimate post since I first noticed the
problem.<br>
<br>
This seemed superficially similar to the issue
we've had several times lately where someone
accidentally turned captchas off. Chris
indicated that he'd reset that the last time it
happened and remove it from the editor's menu so
it couldn't happen again. However, that doesn't
seem to be the case here, as I can get captchas
on my alternate machine.<br>
<br>
I realize that this may just be my problem, but
wanted to document it in case someone else runs
into the same issue. I made no changes in
settings AFAIK before this happened.<br>
Mike
<div>
<div><br>
<br>
On 4/27/2011 5:44 PM, Mike Lehman wrote:<br>
</div>
</div>
<blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">
<div>
<div> Sometime today, the captchas
disappeared from the website.<br>
<br>
Mike Lehman<br>
_______________________________________________<br>
IMC-Tech mailing list<br>
<a href="mailto:IMC-Tech@lists.chambana.net" target="_blank">IMC-Tech@lists.chambana.net</a><br>
<a href="http://lists.chambana.net/mailman/listinfo/imc-tech" target="_blank">http://lists.chambana.net/mailman/listinfo/imc-tech</a><br>
<br>
<br>
<br>
<br>
</div>
</div>
=======<br>
Email scanned by PC Tools - No viruses or
spyware found.<br>
(Email Guard: 7.0.0.21, Virus/Spyware
Database: 6.17390)<br>
<a href="http://www.pctools.com/" target="_blank">http://www.pctools.com/</a><br>
=======<br>
<br>
</blockquote>
<div>
<div> <br>
<br>
_______________________________________________<br>
IMC-Tech mailing list<br>
<a href="mailto:IMC-Tech@lists.chambana.net" target="_blank">IMC-Tech@lists.chambana.net</a><br>
<a href="http://lists.chambana.net/mailman/listinfo/imc-tech" target="_blank">http://lists.chambana.net/mailman/listinfo/imc-tech</a><br>
</div>
</div>
</blockquote>
</div>
<br>
<br>
<br>
<br>
<br>
<font face="Tahoma" size="2"><br>
=======<br>
Email scanned by PC Tools - No viruses or spyware
found.<br>
(Email Guard: 7.0.0.21, Virus/Spyware Database:
6.17410)<br>
<a href="http://www.pctools.com/?cclick=EmailFooterClean_51" target="_blank">http://www.pctools.com</a><br>
=======</font>
<pre><fieldset></fieldset>
_______________________________________________
IMC-Tech mailing list
<a href="mailto:IMC-Tech@lists.chambana.net" target="_blank">IMC-Tech@lists.chambana.net</a>
<a href="http://lists.chambana.net/mailman/listinfo/imc-tech" target="_blank">http://lists.chambana.net/mailman/listinfo/imc-tech</a>
=======
Email scanned by PC Tools - No viruses or spyware found.
(Email Guard: 7.0.0.21, Virus/Spyware Database: 6.17410)
<a href="http://www.pctools.com/" target="_blank">http://www.pctools.com/</a>
=======
</pre>
</blockquote>
<br>
<br>
<br>
<br>
<br>
<font face="Tahoma" size="2"><br>
=======<br>
Email scanned by PC Tools - No viruses or spyware
found.<br>
(Email Guard: 7.0.0.21, Virus/Spyware Database:
6.17410)<br>
<a href="http://www.pctools.com/?cclick=EmailFooterClean_51" target="_blank">http://www.pctools.com</a><br>
=======</font>
<pre><fieldset></fieldset>
_______________________________________________
IMC-Tech mailing list
<a href="mailto:IMC-Tech@lists.chambana.net" target="_blank">IMC-Tech@lists.chambana.net</a>
<a href="http://lists.chambana.net/mailman/listinfo/imc-tech" target="_blank">http://lists.chambana.net/mailman/listinfo/imc-tech</a>
=======
Email scanned by PC Tools - No viruses or spyware found.
(Email Guard: 7.0.0.21, Virus/Spyware Database: 6.17410)
<a href="http://www.pctools.com/" target="_blank">http://www.pctools.com/</a>
=======
</pre>
</blockquote>
<br>
</div>
</div>
</div>
<br>
_______________________________________________<br>
IMC-Tech mailing list<br>
<a href="mailto:IMC-Tech@lists.chambana.net" target="_blank">IMC-Tech@lists.chambana.net</a><br>
<a href="http://lists.chambana.net/mailman/listinfo/imc-tech" target="_blank">http://lists.chambana.net/mailman/listinfo/imc-tech</a><br>
<br>
</blockquote>
</div>
<br>
<br>
<br>
<br>
<br>
<font face="Tahoma" size="2"><br>
=======<br>
Email scanned by PC Tools - No viruses or spyware found.<br>
(Email Guard: 7.0.0.21, Virus/Spyware Database: 6.17410)<br>
<a href="http://www.pctools.com/?cclick=EmailFooterClean_51" target="_blank">http://www.pctools.com</a><br>
=======</font>
</blockquote>
<br>
</div></div></div>
<br>_______________________________________________<br>
IMC-Tech mailing list<br>
<a href="mailto:IMC-Tech@lists.chambana.net" target="_blank">IMC-Tech@lists.chambana.net</a><br>
<a href="http://lists.chambana.net/mailman/listinfo/imc-tech" target="_blank">http://lists.chambana.net/mailman/listinfo/imc-tech</a><br>
<br></blockquote></div><br>
</div></div></blockquote></div><br>