nukeSEO.com - PHPNuke SEO Search engine optimization, professional tools including nukeSEO, nukeSPAM, nukeFEED, nukePIE, nukeWYSIWYG and more

 

. Welcome to nukeSEO.com  ! 
.
.
.
Support nukeSEO
Make donations with PayPal!
July´s Goal: $100.00
Due Date:   Jul 31
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Donations


Tag This

tag on del.icio.us digg this reddit this


.
nukeSEO.com: Forums


nukeSEO.com :: View topic - nukeSPAM™ update
 Forum FAQForum FAQ   SearchSearch   UsergroupsUsergroups   ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

nukeSPAM™ update
Goto page 1, 2, 3, 4, 5  Next
 
Post new topic   Reply to topic    nukeSEO.com Forum Index -> nukeSPAM (tm)
View previous topic :: View next topic  
Author Message
kguske
Site Admin
Site Admin


Joined: May 12, 2005
Posts: 907

PostPosted: Wed Jan 25, 2012 10:09 pm    Post subject: nukeSPAM™ update Reply with quote

nukeSPAM™ is currently in alpha release. It is in use on a few sites and being reviewed by several members of the RavenNuke™ team.

nukeSPAM currently has the ability to block user registration by optionally checking:
  • admin-specified combinations of username, email address and / or IP address against known spammer databases:
    • BotScout
    • fSpamList
    • StopForumSpam
  • DNS blacklists (by IP):
    • Abuse.CH (Drone)
    • Abuse.CH (HTTPBL)
    • Abuse.CH (Spam)
    • Abuse.CH (ZeusTracker)
    • AHBL
    • DroneBL
    • EFNet
    • Project Honey Pot
    • Sorbs
    • SpamHaus
    • SpamCop
    • Tornevall
    • Tor
Each database / blacklist can be individually configured (enabled / disabled) with pop-up guidance on usage, and there are links for those that require database / API keys for use.

It also allows admins to manually test (for false positive resolution and eventual integration with RavenNuke™ Your Account - RNYA).

We're currently working on logging, whitelist functionality and documentation. Stay tuned...
_________________
Back to top
View user's profile Send private message Visit poster's website
kguske
Site Admin
Site Admin


Joined: May 12, 2005
Posts: 907

PostPosted: Tue Jan 31, 2012 9:51 am    Post subject: Reply with quote

Logging is working now, and it has been moved from an admin function to the module.

This will allow non-admin users to view your spam log, but I wouldn't recommend that as giving access to this give access to email addresses and, depending on the volume of your log and the settings / configuration, could impact performance (i.e. you don't necessarily want everyone viewing thousands of records whenever they desire to).

The whitelist functionality is next, then more testing and documentation.

In short - it's coming soon...

Here's a screenshot of viewing the log (test data):


_________________
Back to top
View user's profile Send private message Visit poster's website
Guardian
webmaster


Joined: Dec 25, 2005
Posts: 371
Location: Angra do Heroismo

PostPosted: Wed Feb 01, 2012 4:20 pm    Post subject: Reply with quote

Really looking forward to using this great tool!
Back to top
View user's profile Send private message Visit poster's website
kguske
Site Admin
Site Admin


Joined: May 12, 2005
Posts: 907

PostPosted: Wed Feb 01, 2012 5:33 pm    Post subject: Reply with quote

G, you can appreciate this: the IP address is stored as an integer to save space and time (someone did an analysis comparing storing IP address as a string and an integer - it took less space - naturally, but also less time to store, retrieve, and convert IP addresses stored as integer). It uses built-in MySql functions to do the conversions.
Nice!
_________________
Back to top
View user's profile Send private message Visit poster's website
montego
webmaster


Joined: Dec 26, 2005
Posts: 256

PostPosted: Sat Feb 04, 2012 7:40 am    Post subject: Reply with quote

kguske, since IPV6 is already in use and is going to start growing more rapidly, are there going to be any provisions for this? I struggle with the same question around NukeSentinel™. With the conversion being a 128bit number, I am not looking forward to that addition - but isn't it necessary?
_________________
Where Do YOU Stand?
HTML Newsletter :: ShortLinks :: DynamicTitles :: Approved Membership Lite :: And more...
Back to top
View user's profile Send private message Visit poster's website
kguske
Site Admin
Site Admin


Joined: May 12, 2005
Posts: 907

PostPosted: Sat Feb 04, 2012 8:35 am    Post subject: Reply with quote

Not yet.
_________________
Back to top
View user's profile Send private message Visit poster's website
kguske
Site Admin
Site Admin


Joined: May 12, 2005
Posts: 907

PostPosted: Wed Feb 08, 2012 12:19 am    Post subject: Reply with quote

Today's update: the whitelist maintenance function is completely working with modal dialogs for adding and deleting and inline editing of whitelist entries.

What remains:
- One logging bug to fix
- Some language definitions
- Configuration for the jQuery UI theme (possibly, thought this should really be defined outside this module)
- (finally) addressing the false positive possibility
- Code cleanup
- Packing / license notifications / etc.

Future releases:
- Purging of the log file
- Improved validation when adding / editing whitelist entries
_________________
Back to top
View user's profile Send private message Visit poster's website
kguske
Site Admin
Site Admin


Joined: May 12, 2005
Posts: 907

PostPosted: Thu Feb 09, 2012 6:49 pm    Post subject: Reply with quote

Ready for private Beta (notifications have been sent).

What remains:
- Configuration for the jQuery UI theme (possibly, thought this should really be defined outside this module)
- Minor code cleanup
- Packing / license notifications / etc.

Future releases:
- Purging of the log file
- Improved validation when adding / editing whitelist entries
_________________
Back to top
View user's profile Send private message Visit poster's website
Palbin
webmaster


Joined: Nov 28, 2007
Posts: 39

PostPosted: Fri Feb 10, 2012 1:32 pm    Post subject: Reply with quote

I have a few issues I have come across.

1. The table names are hard coded in log.php

2. Code: 1064 - Message: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'where config_type = "nukeSPAM"' at line 1
SQL was: SELECT 1 FROM `nuke_seo_config` LIMIT 1 where config_type = "nukeSPAM"

3. Code: 1062 - Message: Duplicate entry 'nukeSPAM-baseMatch' for key 'PRIMARY'
SQL was: INSERT INTO `nuke_seo_config` VALUES ('nukeSPAM', 'baseMatch', '');

4. In log.php you should be doing $sOrder = ''; not if (!isset($sOrder)) $sOrder = '';. If you leave it this way you nee to filter it.

5. A major issue is that if the module is activated the add/delete functions become indirectly "publicly" available. I know you do not intend this to be public, but these should not be available to anyone other than an admin at any time.

6. Also if the module is activated a person could query your db from a separate site via ajax the same way you are doing it. There is not really a way around this unless you use some kind of token. Again I know you do not intend this to be public, but I would only let log.php run if it is a user. Maybe display a message saying you must be logged in to view or something. The only reason I say this is that you know some person is going to make this public.
Back to top
View user's profile Send private message
kguske
Site Admin
Site Admin


Joined: May 12, 2005
Posts: 907

PostPosted: Fri Feb 10, 2012 2:15 pm    Post subject: Reply with quote

1. I'll change it to use $prefix.
2. This is necessary for first-time installation of the tables.
3. Not sure if this is related to #1, but there is only one insert.
4. $sOrder cannot be initialized as it's passed into that function, so I'll addslashes.
5. It's public in the sense that any module can use it, but I'll look into securing this further.
6. The module security addresses this (i.e. if you make the module available to everyone, yes, anyone could retrieve it, just as they would if they went through modules.php).
_________________
Back to top
View user's profile Send private message Visit poster's website
kguske
Site Admin
Site Admin


Joined: May 12, 2005
Posts: 907

PostPosted: Fri Feb 10, 2012 2:28 pm    Post subject: Reply with quote

Correction: $sOrder is set based on other cleansed parameters, so it can be initialized. I'll test and confirm.
_________________
Back to top
View user's profile Send private message Visit poster's website
Palbin
webmaster


Joined: Nov 28, 2007
Posts: 39

PostPosted: Fri Feb 10, 2012 2:45 pm    Post subject: Reply with quote

I get 2 & 3 on every page load of the admin section even after it installs.

What I mean by 5 is that any one that has access to view the module can add or delete entries even if the options are not vieable. They can submit a dummy form or do it via ajax. You need to be doing an is_admin() test before allowing these to continue.
Back to top
View user's profile Send private message
kguske
Site Admin
Site Admin


Joined: May 12, 2005
Posts: 907

PostPosted: Fri Feb 10, 2012 3:01 pm    Post subject: Reply with quote

1, 4 and 5 have been corrected (same download link). I also made change that could resolve 2 & 3. I'm not seeing those errors in my version of WAMP, so please confirm and let me know.

Thanks!
_________________
Back to top
View user's profile Send private message Visit poster's website
Palbin
webmaster


Joined: Nov 28, 2007
Posts: 39

PostPosted: Fri Feb 10, 2012 4:42 pm    Post subject: Reply with quote

You need to move the LIMIT to the end of the statement to correct 2 & 3.

Code:

$existSQL = 'SELECT 1 FROM `'.$prefix.'_seo_config` WHERE `config_type` = "nukeSPAM" LIMIT 1';


I have confirmed that this works.
Back to top
View user's profile Send private message
kguske
Site Admin
Site Admin


Joined: May 12, 2005
Posts: 907

PostPosted: Fri Feb 10, 2012 4:57 pm    Post subject: Reply with quote

That's already there:
Code:
      $existSQL = 'SELECT 1 FROM `'.$prefix.'_seo_config` LIMIT 1 where config_type = \'nukeSPAM\'';


Must it be after the where clause?
_________________
Back to top
View user's profile Send private message Visit poster's website
Display posts from previous:   
Post new topic   Reply to topic    nukeSEO.com Forum Index -> nukeSPAM (tm) All times are GMT - 5 Hours
Goto page 1, 2, 3, 4, 5  Next
Page 1 of 5

 

Jump to:   
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum

Powered by phpBB © 2001-2008 phpBB Group


nukeSEO™, nukeFEED™, nukeINFO™, nukeNAV™, nukePIE™, nukeREADER™, nukeSLIDER™, nukeSOCIAL™, nukeSPAM™, nukeTIDY™, nukeWYSIWYG™ are trademarks of nukeSEO.com.

RavenNuke™ CMS is distributed by Raven PHP Scripts
New code written and maintained by the RavenNuke™ TEAM


PHP-Nuke Copyright © 2004 by Francisco Burzi. This is free software, and you may redistribute it under the GPL. PHP-Nuke comes with absolutely no warranty, for details, see the license.
Page Generation: 0.55 Seconds