Thread

Can you confirm that the domain in question has, in fact, been added to your blacklist? Also, what happens when you do try to write it to .htaccess for debugging purposes?

It’s definitely there. IF it was not there, it would not have successfully validated the second use case from my 2nd post on the 17th and thus give me an expected current behaviour to compare it to. I’ve just confirmed it is present in the list manually, and that the same behaviour exists.

Wrapping the URL in BB code bypasses the error and allows the would be spammer to post. In this case it;s worse, as a simple URL would not be clickable, but using BB code actually converts it to a link.

Are you asking me to try and write it to htaccess to validate it can be written, or try and and write it to htaccess and then trigger? Not sure how I would do the latter - writing to htaccess blocks access to the site, I’m talking about blocking content being submitted as a comment and POST’ed, which I assume is done outside of htaccess?

Hi danieljohnbarnes,

There is still discussion on this issue and I will post back here when I have more information. Thanks for your patience.

Hi danieljohnbarnes,

Thanks for your patience. I’ve brought this to the team and it was determined that the BBcode conversion is happening as intended. If you want to strip out HTML from the conversion’s output, you can use a plugin like HTML Strip.

If you’re still encountering a problem with your blacklist, please upgrade to the latest build to ensure all files are up-to-date, then let us know.

Hey guys,

Thanks for looking into it.

Have to say that I had geared myself up for it to be a “feature” and not a bug, but given the time it took in this thread I had hoped that meant you were not sure yourselves and that I might see a positive resolution.

In the fight against spam, I have managed to get my system into such a state that the only way in without hacking the core or resorting to plugins is via this BB code workaround and the fact links can be posted at will in the profile bio field. The former is something the spammers seem very aware of and are busy exploiting it at will whilst I and many others spend time cleaning up.

Fix those in a standard installation (disable BB code parsing option, and better controls for profile fields), and you’ll prevent a great deal of spam in EE without resorting to plugins (I am not aware of one existing for the bio field issue).

The other issue with Blacklist seems to have sorted itself out while I was away, so I suspect that’s probably an error on my part.

Thanks,

DJB

DJB ,

Thanks again for your response.
I have thoroughly tested the blacklist Module and the set-up you described and it works as intended. Using straightforward links in comments and BBcode. I was denied from posting every time by the Blacklist.

Similarly if I add a link again using straightforward links in comments and BBcode in my Bio Profile I was denied from posting it by the Blacklist Module again.

You may or may not be doing everything on this list but no harm in sharing the link again with you.

Fighting Registration Spam

Slides of a recent presentation from Greg Salt at EECI

Hey John,

Yep, per my last post the black list issue seems to have gone away.

Very, very, painfully aware of the Fighting Spam blog and discussion, but to be honest the big news here should be from the 1.7 changelog:

“Altered member profile fields to disallow HTML.”

I only saw that just now, as my RSS subscription to the new builds forum was on the old forum system and I did not know they would not be forwarded… Assuming that’s carried through to EE 2 I’d be making a bigger noise about it.

One down, one to go 😊

Hi, Daniel. So are we good to close this thread, then?

Yup, go ahead.

Closing as per request. Please post again as needed.