[UCIMC-Tech] Captchas MIA
Mike Lehman
rebelmike at earthlink.net
Sun May 1 22:20:52 CDT 2011
Chris,
Yes, there is a reason. Open publishing is required for IMCs as a matter
of principle. So we need to have something that allows people to post
and comment anonymously that goes straight to full view.
I know virtually nothing about the backend, but that's the policy side
of things. Lots of ways to interpret and implement this, however.
Lots of things would be easier about editing would be far easier without
anon publishing. However, I think it is something we've always been
committed to. Such complexities are why I've been keeping notes and
outlining what I need to present to those who want to help catch written
policy up with empirical policy. There are several different ideas of
how to deal with this in terms of how different IMCs have dealt with it,
although I've done no surveys of the current status of how this is dealt
with right now at various IMCs. Implementation has varied considerably
for the user, so I suspect that the code is similarly diverse. Within
the Principles of Unity, I think we're in a position to come up with
something that will fit locally policy wise.
That's a lot of work, though. We need to do it eventually, but that's
more a matter of choice provided there's not a technical reason to do
something sooner.
You have the power as a Tech admin to decide if anon publishing needs to
be shut down as an emergency measure. It's happened before, but a long
time ago, so don't remember any details. Use your best judgment and
we'll work through things if it turns out it needs to be less temporary
than anticipated.
Mike Lehman
On 5/1/2011 7:17 PM, Chris Ritzo wrote:
> While attempting to configure the new spam module, I found that there
> is an issue with the way we are doing proxy caching which is causing
> issues with the way the module is supposed to work. More spam was
> coming through, so here's the actions I took:
> - disabled Mollom, re-enabled reCaptcha
> - disabled anonymous posting, at least temporarily- discussion following..
>
> I suspect that there is a reason we have allowed anonymous postings,
> and I'd like to hear what that reason is as a part of the discussion
> on revamping the website.
>
> My personal feeling is that I'm not sure it's really necessary to
> allow completely anonymous users to post to the site, essentially
> requiring us to monitor and control for spam like this. Since logged
> in users can change the "author" of the post to appear as anonymous, I
> suggest that we make it apparent that this can be done in the
> redesign, and require people to register on the website in order to
> post comments, stories, etc.
>
> Thoughts? -CR
>
> On Sun, May 1, 2011 at 6:09 PM, Chris Ritzo <chris.ritzo at gmail.com
> <mailto:chris.ritzo at gmail.com>> wrote:
>
> I just changed the settings so all forms use mollom's captcha not
> textual analysis. let me know if the spam continues.
>
> Chris
>
>
> On Sun, May 1, 2011 at 5:22 PM, Mike Lehman
> <rebelmike at earthlink.net <mailto:rebelmike at earthlink.net>> wrote:
>
> With my set-up, when I'm not signed into my account I can see
> a link to the Mollom privacy policy, but do not see any actual
> captchas.
>
> Could be unrelated, but we're getting a bunch of mortgage spam
> over the last couple of hours.
> Mike Lehman
>
>
> On 5/1/2011 3:33 PM, Chris Ritzo wrote:
>> all:
>> I've just switched the IMC site from the reCaptcha module to
>> the Mollom module. All forms that are exposed to
>> non-authenticated users should now be protected either by
>> captchas or by Mollom's textual analysis.. For those
>> monitoring posts, I'm hoping this reduces the amount of spam
>> posts that you see. please confirm if you note this.
>>
>> Thanks,
>> Chris
>>
>> On Fri, Apr 29, 2011 at 3:05 PM, Mike Lehman
>> <rebelmike at earthlink.net <mailto:rebelmike at earthlink.net>> wrote:
>>
>> Found a little info that may be relevant.
>> http://computerworld.co.nz/news.nsf/security/mozilla-patches-firefox-4-fixes-programming-bungle
>>
>> Seems one of the fixes in FF 4.0.1 was to deal with a MS
>> issue with ASLR in Vista and 7 that made them "making the
>> flaw as exploitable on those platforms as it would be on
>> Windows XP or other platforms."
>>
>> Maybe when they fixed things in Vista and 7, they broke
>> cpatchas in XP? Just speculation, but since many things
>> funky lead back to MS, this wouldn't surprise me.
>> Mike Lehman
>>
>>
>> On 4/29/2011 1:32 PM, Mike Lehman wrote:
>>> Chris,
>>> More info. I tried a test post on my other machine.
>>> Entered the displayed captcha, hit Save and -- then it
>>> gave me an error message and no longer displayed any
>>> captcha. Now that I've seen it twice, it was the same
>>> thing that happened the first time a couple of days ago,
>>> as I was trying a test post then, too.
>>>
>>> You can sign in and out of your account, everything's
>>> fine there, but you never get the captchas back so that
>>> it's possible to post when not logged in.
>>>
>>> My guess now is that this is an issue with Firefox. It's
>>> actually Firefox 4.0.1 that I'm running on both machines.
>>> Mike Lehman
>>>
>>> On 4/29/2011 11:05 AM, Chris Ritzo wrote:
>>>> Thanks for documenting your troubleshooting Mike. I
>>>> haven't had a chance to look into this yet, and it
>>>> appears that the issue is inconsistent. I've had good
>>>> results using the Mollom module for captchas on other
>>>> sites and I'm thinking of just switching the IMC site
>>>> to that. It uses a web service to do the captchas and
>>>> will also do textual analysis on fields which is an
>>>> added layer of spam protection.
>>>>
>>>> Chris
>>>>
>>>> On Fri, Apr 29, 2011 at 10:29 AM, Mike Lehman
>>>> <rebelmike at earthlink.net
>>>> <mailto:rebelmike at earthlink.net>> wrote:
>>>>
>>>> After some poking around...
>>>>
>>>> Still no captchas on my usual machine, even after
>>>> several reboots. On my laptop, captchas are there.
>>>> Both machines are running XP SP3 and the latest
>>>> version of Firefox (4.0), so not sure why they just
>>>> went MIA on the one.
>>>>
>>>> And the captchas seem to be there for others, as
>>>> we've had some of the usual spam and one legitimate
>>>> post since I first noticed the problem.
>>>>
>>>> This seemed superficially similar to the issue
>>>> we've had several times lately where someone
>>>> accidentally turned captchas off. Chris indicated
>>>> that he'd reset that the last time it happened and
>>>> remove it from the editor's menu so it couldn't
>>>> happen again. However, that doesn't seem to be the
>>>> case here, as I can get captchas on my alternate
>>>> machine.
>>>>
>>>> I realize that this may just be my problem, but
>>>> wanted to document it in case someone else runs
>>>> into the same issue. I made no changes in settings
>>>> AFAIK before this happened.
>>>> Mike
>>>>
>>>>
>>>> On 4/27/2011 5:44 PM, Mike Lehman wrote:
>>>>
>>>> Sometime today, the captchas disappeared from
>>>> the website.
>>>>
>>>> Mike Lehman
>>>> _______________________________________________
>>>> IMC-Tech mailing list
>>>> IMC-Tech at lists.chambana.net
>>>> <mailto:IMC-Tech at lists.chambana.net>
>>>> http://lists.chambana.net/mailman/listinfo/imc-tech
>>>>
>>>>
>>>>
>>>>
>>>> =======
>>>> Email scanned by PC Tools - No viruses or
>>>> spyware found.
>>>> (Email Guard: 7.0.0.21, Virus/Spyware Database:
>>>> 6.17390)
>>>> http://www.pctools.com/
>>>> =======
>>>>
>>>>
>>>>
>>>> _______________________________________________
>>>> IMC-Tech mailing list
>>>> IMC-Tech at lists.chambana.net
>>>> <mailto:IMC-Tech at lists.chambana.net>
>>>> http://lists.chambana.net/mailman/listinfo/imc-tech
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> =======
>>>> Email scanned by PC Tools - No viruses or spyware found.
>>>> (Email Guard: 7.0.0.21, Virus/Spyware Database: 6.17410)
>>>> http://www.pctools.com
>>>> <http://www.pctools.com/?cclick=EmailFooterClean_51>
>>>> =======
>>>>
>>>>
>>>> _______________________________________________
>>>> IMC-Tech mailing list
>>>> IMC-Tech at lists.chambana.net <mailto:IMC-Tech at lists.chambana.net>
>>>> http://lists.chambana.net/mailman/listinfo/imc-tech
>>>>
>>>>
>>>>
>>>>
>>>> =======
>>>> Email scanned by PC Tools - No viruses or spyware found.
>>>> (Email Guard: 7.0.0.21, Virus/Spyware Database: 6.17410)
>>>> http://www.pctools.com/
>>>> =======
>>>
>>>
>>>
>>>
>>>
>>>
>>> =======
>>> Email scanned by PC Tools - No viruses or spyware found.
>>> (Email Guard: 7.0.0.21, Virus/Spyware Database: 6.17410)
>>> http://www.pctools.com
>>> <http://www.pctools.com/?cclick=EmailFooterClean_51>
>>> =======
>>>
>>>
>>> _______________________________________________
>>> IMC-Tech mailing list
>>> IMC-Tech at lists.chambana.net <mailto:IMC-Tech at lists.chambana.net>
>>> http://lists.chambana.net/mailman/listinfo/imc-tech
>>>
>>>
>>>
>>>
>>> =======
>>> Email scanned by PC Tools - No viruses or spyware found.
>>> (Email Guard: 7.0.0.21, Virus/Spyware Database: 6.17410)
>>> http://www.pctools.com/
>>> =======
>>
>>
>> _______________________________________________
>> IMC-Tech mailing list
>> IMC-Tech at lists.chambana.net
>> <mailto:IMC-Tech at lists.chambana.net>
>> http://lists.chambana.net/mailman/listinfo/imc-tech
>>
>>
>>
>>
>>
>>
>>
>> =======
>> Email scanned by PC Tools - No viruses or spyware found.
>> (Email Guard: 7.0.0.21, Virus/Spyware Database: 6.17410)
>> http://www.pctools.com
>> <http://www.pctools.com/?cclick=EmailFooterClean_51>
>> =======
>
>
> _______________________________________________
> IMC-Tech mailing list
> IMC-Tech at lists.chambana.net <mailto:IMC-Tech at lists.chambana.net>
> http://lists.chambana.net/mailman/listinfo/imc-tech
>
>
>
>
>
>
>
>
> =======
> Email scanned by PC Tools - No viruses or spyware found.
> (Email Guard: 7.0.0.21, Virus/Spyware Database: 6.17410)
> http://www.pctools.com
> <http://www.pctools.com/?cclick=EmailFooterClean_51>
> =======
>
>
> _______________________________________________
> IMC-Tech mailing list
> IMC-Tech at lists.chambana.net
> http://lists.chambana.net/mailman/listinfo/imc-tech
>
>
>
>
> =======
> Email scanned by PC Tools - No viruses or spyware found.
> (Email Guard: 7.0.0.21, Virus/Spyware Database: 6.17410)
> http://www.pctools.com/
> =======
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.chambana.net/pipermail/imc-tech/attachments/20110501/59922bdc/attachment-0001.html>
More information about the IMC-Tech
mailing list