The ‘Ban Nasties’ plugin has been working fine — without incident — for nearly week now. If there are a few brave souls out there (or people who have testing platforms that can’t get too screwed up) I’d like volunteers to test it out (and possibly tell me if it’s got any security vulnerabilities etc.) To do so, visit:
http://rankexploits.com/protect/2012/04/ban-nasties-plugin/
Leave a comment at that post, and I’ll get you the address for the plugin as currently constituted.
Those wishing to discuss the Ban Nasties plugin (or even the ‘weird’ event last night which did not involve my plugin), visit the side blog.
Feel free to continue discussing climate here. And… it’s a good time for someone to write a guest post. π
Your mother was a hamster and your father smelt of elderberries.
DocMartyn (Comment #94353)
Now go away, or I shall taunt you a second time!
It’s not really a spam plugin in the sense of monitoring the content of comments. It’s a plugin to reduce server load by getting rid of things that do really nasty stuff like attempt XSS attackes, server side includes, hack into the WP database etc. Calling my mother a hamster is nothing compared to that sort of stuff.
Because it does read the Bad Behavior file, and Bad Behavior catches quite a bit of spam, it will reduce spam. But BB doesn’t monitor “troll” behavior or even watch for “bad words”. It checks headers. So, for example: If you try to leave a trackback using a browser user agent, it stops that. (Trackbacks should only be left by servers, not people/browsers.) If you try to leave a comment with a server user agent, it stops that. (Comments should only be left by people/browsers not servers. )
If your browser is badly programmed it would stop you. But that’s generally a sign that someone isn’t on a browser, they are a script-kiddie who is using a hastily slapped together spam-bot.
I’ve got two volunteers, which is likely enough. Mostly, I
1) Don’t want to release a plugin that has vulnerabilities.
2) Don’t wnat to release a plugin that turns out to be incompatible with some wordpress themes. (I would have to explain about “hooks” to explain why that can happen…. I’ll say no more.)
3) I want someone other than me to try the installation instructions to see if they can be followed.
Etc. But mostly I think it’s ready for prime time. (Of course, scope creep always rears it’s ugly head. I can already think of an improvement …. which… might permit… can I write the word … monetization!
Question for Lucia (or other knowledgeable) – what is the best way to post comments on a site like RPJ, Nick Stokes or other that doesn’t seem to allow anonymous commenters with names. I like Billc π
Billc –
I’m not sure if this is the same issue, but I found I couldn’t post comments ar RPJ’s site (which seemed to be because my email address alone was insufficient..) So I emailed him and he suggested getting a gmail account. Which I did but it doesn’t seem to have helped me.
I’m guessing that chronic techno-incompetence on my part is the problem, but to be honest I haven’t pursued the matter with much diligence.
I don’t think that me being ‘Anteros’ was the problemo.
Nah – Ant – getting your Gmail account is going to require you to specify it on RPJ’s site, which is going to reveal whatever your account name is. So, you’d have to get a gmail account e.g. anteros@gmail.com AS Anteros. I think you can do this, but I just haven’t wanted to bother. There has to be a better way?? I just figured the fastest way to find out was to ask around on some of these blogs that don’t require ID. I don’t mind our hosts knowing my email address; I just don’t want to make it totally public.
Billc– Hmmm…. It may not be technoincompetence on your part. The system may be designed to not permit you to do what you want to do. The goal of those system my be to prevent you from being anonymous.
I think at the blogs that let you sign in using wordpress (which RJP’s does), you can create a wordpress.com blog. Then pick an author name of “billc”… then…. I think there is some way if you create a wordpress.com blog. But that’s a PITA because if you don’t actually blog from that place, you have to log in to your ‘blog’ before you can comment at RJPs.
I have a wordpress.com ‘blog’ because I needed to establish one to get a AKISMET API way back when. I”m pretty sure logging into WP gives me the best options at RJP’s blog– but I don’t want to post a comment that says “test” just to check it out for you.
Lucia,
Thanks. I thought maybe but wasn’t sure. Or one of the other options, such as an OpenID. Anyway it is a PITA, and I guess why it’s done is to try to keep people from simply trolling due to the PITA factor, because it’s certainly not hard to get around if you’re motivated.
BillC–
Most spam control is a PITA for users. But spam is a PITA for the blogger. Mostly, letting people post anonymously is acceptable to bloggers, but not if it means the blogger then has to deal with spam and troll. Given the choice, the blogger will take away anonymity.
So, at RJPs you have to deal with what’s there.
Billc, Anteros,
You can set up a gmail account with whatever email address you like (as long as it hasn’t been used before), for example expurgated@gmail.com. You also choose a name which is something quite different. It’s the name that’s posted publicly, not your email address.
Paul Matthews –
I set up a gmail account as xpurgated@gmail.com, and would choose my name – Anteros.. – as a name, but at RPJ’s site my techno-incompetence still prevents me from managing to post a comment. Perhaps I should go over there now and try a little bit harder…. π
I edited to delete the email just in case it’s real!
Well. I don’t know if my comment will be published as it has to be approved by RPJ π but there seem to be no technological problems.
***
gmail account…Click Google account… Sign in….. Bingo!
Anteros–
Good luck. I hate moderation…. but there are reasons it has to be done.
Anteros,
Moderation and outright banning is necessary with some people. Doug Cotton at The Air Vent is a recent example. He’s also been banned from Science of Doom.
Paul – yup, that’s what I didn’t want to do. Enter a real phone number, leave a real email address for google to track everything I do. Even though they already do I’m sure. I’d rather just give Lucia or RPJ my real email contact info. Shame if they sell it π
DeWitt – Doug still gets around it by creating new email addresses. More PITA for all.
Lucia/Dewitt –
Absolutely. I’m mostly astonished by the tolerance most of you have with the likes of Doug Cotton.
It is so different to the partisan snipping/editing/deleting carried out by the likes of SkS (and RealClimate to a certain extent, although a brief perusal of the bore hole will show the kinds of trolling they have to put up with there)
Lucia – have you had a look at this month’s guesswork on the TLT? I’m sure Ray is champing at the bit to put an SD on our WAG’s
Anteros – your comment at RPJr is up. He moderates quickly. I hope the gmail adress you posted here for the spambots to harvest is not the real one!
Billc – google regularly asks me for my phone number and I click ‘skip’ to avoid it. It asked me for my DOB and I gave it a fake one.
BillC–
I don’t sell email addresses. I haven’t even gotten any offers to sell them. π
I know they get scraped so
0) I do not display emails with comments. (No one does anymore.)
1) I do stuff to keep email scrapers off the pages. (Heck… the entire plugin writing is related to this.)
2) Use a plugin to prevent WordPress from including emails when it emails comments to my email inbox.
3) Use Cloudflare to mask emails from bots that might just happen to load the pages.
Google does have decent spam filter– but I know what you mean about them ‘knowing’ everything you do. At the same time, I understand why bloggers use screening through these big groups (facebook, google, wordpress etc.)
Anteros– One convenient thing about the betting script. As soon as bets close, the bets show. If Ray wants to compute, he can get numbers at http://rankexploits.com/musings/2012/april-uah-bets-new-improved-form/
Paul-
On the emails:
1) Cloudflare masks emails.
2) I expurgated — and there are no html tags stuffed in there.
3) Luckily, gmail has some of the best spam filters going.
Lucia – that was very dosy of me – I should have remembered the bets come up automatically…
Did my bet get lost in the system? Entered and accepted yesterday afternoon… Unless I was actually dreaming. I even remember my captcha addition of 18 + 1.2 Maybe I added it up wrong? π
Lucia –
Yes the email address was real….
Thanks π
HmmmI could look in the database. Did anyone else’s get lost?
In the database, ‘Anteros’ bet 5 quatlos that the outcome would be -0.037 on March 16. Maybe there is more script malfunctioning due to spaces…. I thought I’d made the script ‘robust’ to that!
Anteros– Since you always do bet, and are bringing this up promptly, if you email me your bet, I’ll add it. After all… it’s April now. π
Re: Anteros (Apr 17 09:44),
It’s worth being somewhat patient with someone you’re pretty sure is a troll. I’m assuming that there are a lot more readers than posters. False arguments need to be countered, especially at a site like Science of Doom. But it gets pointless when it gets repetitive.
Maybe u could use something like this:
roman_numeral(III)
number(5)
alpha(6)
alphaupper(3)
This would tranlate to 35fC
Or count(***) = 3
Or NumberOfSides(triangle) = 3