This is an archived forum and the content is probably no longer relevant, but is provided here for posterity.
The active forums are here.
February 26, 2011 3:45pm
Subscribe [2]#1 / Feb 26, 2011 3:45pm
In the Blacklist/Whitelist module for EE 1.6x, what is the meaning of blacklisting URLs or URL fragments? Which of the fields are being scanned for these blacklisted URLs? The referrer data? The comment data? For user-input comment data, which ones (the location field, source URL field, name field, comment text field) are being scanned?
#2 / Feb 28, 2011 1:24am
P.J.,
ExpressionEngine BL/WL module will deny or delete a comment, trackback, referrer, or other posted information. For your user input comment data it would be all fields. Whatever is posted from the form. It examines what has been posted.
Does that help?
#3 / Feb 28, 2011 3:17pm
To clarify with an example…
One of the spammers keep entering a spamming URL (using some variants each time) into the name or location field in the comments to my posts: sometimes with or without the “www.”, sometimes with or without “http”, and sometimes with or without a backslash.
For example, if the URL I want to block is www [dot] spammer [dot] com, can I enter spammer [dot].com into the URL field in the blacklist module to block any comment when this URL is entered into the name or location field?
Also, what will the spammers see when this is triggered? Do they see a message page with a system message? Do they see a blank page? I clicked on the button to allow the blacklist module to edit the htaccess file. Will this change what the spammers see?
#4 / Mar 01, 2011 3:58am
P.J.,
One of the spammers keep entering a spamming URL (using some variants each time) into the name or location field in the comments to my posts: sometimes with or without the “www.”, sometimes with or without “http”, and sometimes with or without a backslash.
URLs or URL fragments can be placed here, with each entry on a separate line. For instance, you could specify http://www.spam-king.com and EE would match any incoming URLs from that domain to block. Likewise, you could specify simply the word spam and EE would match any URL that contained that word, whether it was “www.spam-king.com” or “www.i-eat-spam.com”.
For example, if the URL I want to block is www [dot] spammer [dot] com, can I enter spammer [dot].com into the URL field in the blacklist module to block any comment when this URL is entered into the name or location field?
It doesnt’ need to be the name or comment field like I said it just has to be posted through EE. It can be any field
Also, what will the spammers see when this is triggered? Do they see a message page with a system message?
Yes exactly
I clicked on the button to allow the blacklist module to edit the htaccess file. Will this change what the spammers see?
Writing to a htaccess file means spammers are blocked from seeing your site completely
#5 / Mar 01, 2011 12:39pm
Thanks for the clarification.
It seems that if I want the spammer to see my error page, I should include the spamming URL in the blacklist but NOT write the spamming URL to the .htaccess file. Am I correct?
If I enable blacklist to write to the .htaccess file, and the spammer is completely blocked from accessing my site entirely, what HTTP code will be returned to the spammer’s browser? Is it a 401 or 404?
#6 / Mar 02, 2011 10:18am
Hi, PJ.
I’ve always written the blacklist to the .htaccess file.
You could certainly attempt to test this yourself with a bogus site name.