Spam block mod / notifications
|
Posted
#85555
(In Topic #17575)
|
|
|---|---|
Community saint |
FYI Chris I'm just passing on my thoughts and info to you for reference for future versions. I have "Perceived spammer blocked" notification set to email when one is banned, and it seems that is working way too good. What triggers a notification when an IP ban is triggered? I've noticed I am receiving multiple emails from the same IP ban just a few seconds apart. Some of these bans have triggered 20 or more emails for the same IP ban in just a few seconds. I was away for 7 hours today and received 133 IP ban emails during that time. In 9 hours I have received 318 emails (159 + 159 carbon copies). If some unsuspecting person chooses one of the email digests or a PT he/she could be in for a surprise. 
Steve
|
|
|
|
Posted
|
|
Community saint |
I didn't have any notification set until just now but it will be interesting to see what emails I get. Regarding talking to myself, I just posted in the other thread that I don't expect Chris to address this necessarily since the feature is not formally released. However, I have taken to reporting both banned and unbanned IPs with their response from HTTP:BL in the hopes of providing plenty of data for Chris to analyze when he gets around to it. I think I figured out that getting a response of 127.0.0.67 from Tornevall will only result in a ban if the "Implied confidence level" exceeds the "Spammer ban threshold". Anyway, I'll let you know if I have any issues with email here. Bob |
|
|
|
|
Posted
|
|
|
Community saint |
In 20 hours I've received a total of 634 emails (317 + 317 carbon copies) for bans. I'll probably turn emails back off since I know bad IP's are being caught.
Steve
|
|
|
|
|
Posted
|
|
|
Community saint |
Bob |
|
|
|
|
Posted
|
|
|
Community saint |
I'm switching notifications settings to the email digest. In the 24 hours I've had notifications turned on, I've had:
This is why I wanted to bring this to Chris' attention for consideration for tweaking in the release version. 
Steve
|
|
|
|
|
Posted
|
|
|
Community saint |
Bob |
|
|
|
|
Posted
|
|
|
Community saint |
Steve
|
|
|
|
|
Posted
|
|
|
Community saint |
I definitely agree with this. I just got my first notification which was duplicated just as yours are. The notification subject contains "Notification: Perceived spammer banned (194.167.115.18)" but the IP does not appear in my ban list. My block list cache time is set to 1080 (18 hours) and I received this notification at 6:45AM, less than 2 hours ago. Bob |
|
|
|
|
Posted
|
|
|
Community saint |
I switched from individual emails to "daily digest" and I'm still receiving individual emails. (Or maybe I'm misunderstanding how the digest option works?)
Steve
|
|
|
|
|
Posted
|
|
ocStaff (admin) |
Yes, however only in the case of HTTP:BL not having any data, otherwise tornevall would never be checked. i.e. HTTP:BL takes precedence because it has confidence data which tornevall does not. Putting this another way, a higher implied confidence level will never take precedence over the real confidence level that HTTP:BL reports. If I answered something that you think should be in the documentation, please take the initiative and add it to the community documentation. We really need people to help out here and build a well-organised large support resource. |
|
|
|
|
Posted
()
|
|
|
ocStaff (admin) |
And the NSA now have another 700 emails from Sholzy to check for indications of terrorism .
If I answered something that you think should be in the documentation, please take the initiative and add it to the community documentation. We really need people to help out here and build a well-organised large support resource. |
|
|
|
|
Posted
|
|
|
ocStaff (admin) |
1… The internal IP ban list is not checked if the .htaccess is writable. This was a (small) optimisation but now we have these temporary bans, we need to take that off. Permanent bans will still get written to .htaccess, which is the main performance boost (stops a DOS attack pulling up requests that have to bootstrap ocPortal). In sources/global2.php change: Code
if (((!isset($SITE_INFO['known_suexec'])) || ($SITE_INFO['known_suexec']=='0')) && (!is_writable_wrap(get_file_base().'/.htaccess'))) // If we have to run this in software
Code
require_code('config'); // Config is needed for much active stuff
2… The subject lines of the notifications all say ban, which is wrong. I'll fix, but check the body of the message for whether it is really a ban, a block, or an approve. It is possible in the flood case some say block… 3… …There's no way of monitoring what people have been blocked within a time threshold, so no way I can really limit these. So I do suggest putting the notification on digest mode. I'll make that the default for this notification. I'll look at the digest apparently not working soon. If I answered something that you think should be in the documentation, please take the initiative and add it to the community documentation. We really need people to help out here and build a well-organised large support resource. |
|
|
|
|
Posted
|
|
|
Community saint |
It appears that the IP is checked at each page load (my setting) and the email sent if it the response indicates the IP shuld be banned. It seems like the actual email sending code should be part of "ad ban" code and that a check for an existing ban should be made prior to doing the add or will this produce too much overhead? Bob |
|
|
|
|
Posted
|
|
|
ocStaff (admin) |
If I answered something that you think should be in the documentation, please take the initiative and add it to the community documentation. We really need people to help out here and build a well-organised large support resource. |
|
|
|
|
Posted
|
|
|
Community saint |
Got it – we crossed due to my being one of the slowest typists in the world. Thanks for your help. Bob |
|
|
|
|
Posted
|
|
|
ocStaff (admin) |
A little from column A and a little from column B. I just tested this and found the digests weren't working for system-originating emails. This OcCLE command should fix it: Code
:$GLOBALS['SITE_DB']->alter_table_field('digestives_tin','d_from_member_id','?USER');
I think you were seeing a lack of digests, but also seeing the CC emails you mentioned earlier. If I answered something that you think should be in the documentation, please take the initiative and add it to the community documentation. We really need people to help out here and build a well-organised large support resource. |
|
|
|
|
Posted
|
|
|
Community saint |
I just had an IP banned and received two notification emails. I made the changes in '1' above but it seems I am still receiving two emails. Bob |
|
|
|
|
Posted
|
|
|
ocStaff (admin) |
If I answered something that you think should be in the documentation, please take the initiative and add it to the community documentation. We really need people to help out here and build a well-organised large support resource. |
|
|
|
|
Posted
|
|
|
Community saint |
Also, the body of the email contains no reference to 'ban', 'block' or 'approve' – just the subject which contains "Notification: Perceived spammer banned (94.102.48.116)". Bob |
|
|
|
|
Posted
|
|
|
ocStaff (admin) |
If I answered something that you think should be in the documentation, please take the initiative and add it to the community documentation. We really need people to help out here and build a well-organised large support resource. |
|
|
|
1 guests and 0 members have just viewed this: None
Control functions: