spam

Spam or SPAM may refer to: read more at WikiPedia

  • TechCrunch has an interesting article “the Truth about infographics”

    Turns out that those info graphics that are so popular these days are part of an incredibly sophisticated keyword-spamming operation! Which is convenient, because, honestly, we are all kind of getting a little tired of them.

    Technically, just add a rel="nofollow" to the href link provided (I change the link for Google Revenues Streams infographic)

    So that for sure my last info graphics published. But this one is really interesting.

    infographicinfographic1

  • So I have just finished and test the integration of a hashcash challenge (MD5) into the com_akocomment component...using the code of this page http://dev.wp-plugins.org/browser/wp-hashcash/trunk/ only an extract but all credit to original authors:
    • C.S. - www.cimmanon.org
    • Gene Shepherd - www.imporium.org
    • John F -www.stonegauge.com
    • Magenson - http://blog.magenson.de/
    • Matt Mullenweg - photomatt.net
    • Matt Warden - www.mattwarden.com
    • Paul Andrew Johnston - pajhome.org.uk
      and to  Arthur Konze, the author of com_akocomment : This email address is being protected from spambots. You need JavaScript enabled to view it.

    I must also pack everything into a new version of the component or better say refactored the code a little bit, because it is still full of debug statements...

    Principle:
    robot wo want to submit spam comments must pay the prize (using cpu time, approx. 100 hashcash max. each minute on a high end computer) and compute manually (can not be automated by submitting directly to the form) a Hashcash (www.Hashcash.org)


    Extract form the document of wp-hashcash:
    "Wordpress Hashcash
    Introduction:
    Taking Matt’s stopgap spam solution, which sends precomputed hashes to be echoed back by the user-agent’s form, I’ve added dynamic generation of the md5 hash. Rather than write it to a hidden field, we wait until the form is submitted to compute the hash. This prevents spammers from automatically scraping the form, because anyone wanting to submit a comment *must* execute the javascript md5.
    This plugin used to be called “Spam Stopgap Extreme.â€? Now it’s been moved to the WP plugins repository under the new name “Wordpress Hashcash.â€? All future development will take place through the plugins repository.
    New Features:
    • Log and emailing of spam, for your records
    • Client-side hash required.
    • The “Keyâ€? is hashed once before output to the html form–so spammers can’t make sense of it, and then hashed on the client side, again.
    • The “Keyâ€? is now a time-dependent, visitor dependent hash, for more variability. You can’t just compute the right md5 once, because it’s always changing.
    • Failure to compute the md5 hash results in a 1 minute timeout penalty."

    Expect a release before week end...But I must also inform Arthur Konze first for a feedback
    Then I will add the same code in login page (because generizing the code),in order  to avoid brute forcing passwordin admin login page....and in guestbook (because I was spammed many times last week)
  • Forcing the spammer to pay the price (computing power) before submitting rubish to Your homepage (in comments or guestbook section for example). The user will have to create a new cryptographic value of a hidden field (Javascript code provided) and that may take 1 to 2 seconds, but may be more with RSA 1024....
    This also do not allow robot to easily sumbit code without parsing Your HTML page before...

    User developer guide of the cryptographic component framework for Mambo: com_hashcash

    A version 1.0 will be release soon....GNU/GPL

    Developer Documentation


    @component: com_hashcash
    @copyright (C) 2005 Walter Cedric for Mambo Integration
    @license http://www.gnu.org/copyleft/gpl.html GNU/GPL

    Free Software

    3rd partly Javascript

    3rd partly PHP

    • MD5/RSA/SHA1 part of PHP language.

    Based on:

    Kudo to all developer above! Thanks to GPL I do not have to reinvent the wheel...

    Links:

    Requirements

    • Component: com_hashcash - cryptographic facility for Mambo
    • Component already using com_hashcash:com_akobook 3.42 and hashcash1.0and com_akocomment 2.0 and hashcash 1.0
    • Required prior to installation: com_log4php

    Principe:

    Forcing the spammer to pay the price (computing power) before submitting rubish to Your homepage. The user will have to create a new cryptographic value of a hidden field (Javascript code provided) and that may take 1 to 2 seconds, but may be more with RSA 1024....
    This also do not allow robot to easily sumbit code without parsing Your HTML page before...

    How It works in details

    This code add a supplementary hidden field in all html form submitted to the user.

    - The hidden field name has a random name (Hname), each time different at each load of the page
    - The hidden field value is a cryptographic hashcode (MD5, MD4 or RSA) value. (Hvalue),

    Hvalue = Crypt(UserSessionID + mosConfig_absolute_path + UserBrowserAgent + TodayDate(F j, Y, g a))

    Crypt is the cryptographic PHP function: MD5, MD4 or RSA

    If the user want to submit a comment, the browser with the help of a small javascript will have to
    - locate the hidden field name (Hname) with javascript: (function replace())
    - rehash with MD5 the hidden field value (Hvalue) (it is time consuming)
    and send everything back to server.

    If the spammer do not follow the challenge, the comment wont be accepted....
    You Can switch ON/OFF this feature in Admin control panel under the tab posting of component akocomment and akobook

    Configuring HashCash

    open file /com_hashcash/settings.php with Your favorite text editor:

    key in filevaluesnotes 
    $hashcash_use = 'md5''md4','md5' or 'sha1'md4, md5 or sha1 
    $hashcash_debugtrue/falseWill write all informations in page by from submit 
    $hashcash_log_activetrue/falseSpams submission will be written to logs 
    $hashcash_log_alltrue/falseLog accepted and refused post -> be careful with size of logs! 
    $hashcash_log_file$GLOBALS['mosConfig_absolute_path'] . "/components/com_hashcash/hashcash.log"Location of the logs file 
    $hashcash_Notify_Admintrue/falseNotify an administrator by email? 
    $hashcash_log_sizeintegereach 64kb a mail will be sent to admin with the content of logs 
    $hashcash_AdminEmailvalid emailadmin email 

    Note: An Administrator frontend will be shipped with release 1.0

    Protecting Your Mambo Forms against Spammers and Robots

    php code send to the client (in the code where You create the form)
    # include and instance of Object, in the portion of code where Hashcash is needed, note that I have here a strong reference to the algorithm...(Here MD5)
    # This will be soon a factory
    include($mosConfig_absolute_path.'/components/com_hashcash/plugins/md5/php/CodeInliner.php');
    $MD5CodeInliner =& new MD5CodeInliner(true);

    ...

    Insert this JS (js1), the browser will use this js during submit to localize the random hidden field name, and encrypt its value
    echo $MD5CodeInliner->insertHashCashJavascript(false);

    ...

    Insert this code in your submit or validation JS method, this will call js1
    echo $MD5CodeInliner->insertSubmitJavascript();

    ...

    add the hascash input field in Your form
    echo $MD5CodeInliner->insertHiddenField($contentid);

    Verifying on the server in Your code that the user submission can be accepted

    in the code where You validate and do somethig interesting with the submission
    include($mosConfig_absolute_path.'/components/com_hashcash/HashcashChecker.php');
    $HashcashChecker =& new HashcashChecker();

    $submission = $HashcashChecker->check($submission, $contentid);

    $commentIsAccepted = strlen($submission) != 0;

    if ($commentIsAccepted)
    {

    ...

    }

    else

     

    Changelog:

    Real object model, abstract class and factory still missing...