•
| Displays all thread messages |
Displays thread map |
That to which this responds |
This thread's lead message |
Your most recent Tavern page |
Be careful of Josef Tup's post, below — the link runs automatically
07/06/2015, 13:27:16
|
|
|
|
| Displays all thread messages |
Displays thread map |
That to which this responds |
This thread's lead message |
Your most recent Tavern page |
Thanks! I'll want to block that bit of text.
07/06/2015, 20:26:20
|
|
|
| Displays all thread messages |
Displays thread map |
That to which this responds |
This thread's lead message |
Your most recent Tavern page |
Well, it was a bit more peculiar than that....
07/06/2015, 22:23:32
|
Bones writes:
First what you saw when the page opened was our software's default format, not a linked webpage. Second, that post shouldn't have been able to be made. A few of the words had already been blocked and the IP was blocked as well. I'm hoping that the post getting through was due to a hiccup in our software and not a new form of attack from spammers.
|
| Displays all thread messages |
Displays thread map |
That to which this responds |
This thread's lead message |
Your most recent Tavern page |
Oh, I see.
07/07/2015, 04:23:22
|
|
|
| Displays all thread messages |
Displays thread map |
That to which this responds |
This thread's lead message |
Your most recent Tavern page |
Just a FYI about spammers here....
07/09/2015, 12:26:46
|
Bones writes:
There are two different ways that we block spam. One is by blocking particular character combinations -- mostly words but others as well. If someone submits one of these combinations a record is made of their infraction and they get blocked automatically from making further posts -- at least until the cookie is removed.The other way is to block an IP. That's done manually and no cookie is left. Also, we have no record of subsequent posts being blocked. I mention this because we've been getting a lot of spam from a particular IP -- 1000 in this tavern over the past 28 hours. I haven't blocked the IP because if I did then the spammer would just use a different one. I'd have to block that IP in turn and the game would go on. So I'm just blocking the content and watching the blocked message count go up. It's kind of like watching a woodpecker hammering against a concrete wall and wondering how long it will take the dim-witted bird to give up.
|
| Displays all thread messages |
Displays thread map |
That to which this responds |
This thread's lead message |
Your most recent Tavern page |
There's no way to get an absolute win, is there?
07/09/2015, 17:27:28
|
Peter2 writes:
I hope the bird bends his damn' beak!There's a story about a guy making munitions – small shells for something like an Oerlikon – during WWII, who was summoned to London because suddenly his Company's shells were not penetrating the armour that was used to test them. He arrived substantially early for his appointment, and in the ante-room of his contact at the War Office, he met a man who looked as though he hadn't slept for a week – rumpled-suited, tousle-haired, red-eyed, unshaven, and yet with a beaming smile on his face. They got talking, and the man finally explained that he made light armour-plating for Coastal Defence warships – MTBs, MGBs, minesweepers, and so on. Eventually, he disclosed why he was there. He said, "Two months ago, we were told that the test shells were getting through our armour, but we've beaten them again!"
|
| Displays all thread messages |
Displays thread map |
That to which this responds |
This thread's lead message |
Your most recent Tavern page |
Cute story. That's just the kind of fight I don't want to have, but I don't need to....
07/09/2015, 19:50:49
|
Bones writes:
My ultimate goal is to prevent spammers from using up the finite number of massages these boards can handle. Every time spam gets through is one less massage that we can post. This bird can peck all he wants. I don't care as long as nothing gets through. I've already won; the spammer just doesn't know that yet.
|
| Displays all thread messages |
Displays thread map |
That to which this responds |
This thread's lead message |
Your most recent Tavern page |
We're having similar trouble with cold calling by salesmen.
07/09/2015, 20:12:03
|
Peter2 writes:
If the phone can identify the number that's calling, we can block it. We could also block any caller whose phone does not allow us to determine his number, and international calls. However, we've got relatives in foreign lands, and friends whose phones are set to block number recognition, so we have to put up with a small number getting through. The problem is tolerable at present.Those that do get through receive a very dusty answer. But I agree with you — spammers, especially the more prolific ones, are a total pest. I haven't managed to hang any of them yet.
|
| Displays all thread messages |
Displays thread map |
That to which this responds |
This thread's lead message |
Your most recent Tavern page |
I can maybe offer a little bit of advice ...
07/12/2015, 09:06:48
|
Ramillies writes:
Bones, do you block the string "(left-angular-bracket)script"? Since the body (I presume?) is taken as a HTML and embedded into some kind of enclosing frame, it can (if I am correct?) contain these script blocks as well. These essentially run JavaScript code in the moment when the page renders.
|
| Displays all thread messages |
Displays thread map |
That to which this responds |
This thread's lead message |
Your most recent Tavern page |
A little demonstration (expect a message box to pop out).
07/12/2015, 09:08:39
|
|
|
| Displays all thread messages |
Displays thread map |
That to which this responds |
This thread's lead message |
Your most recent Tavern page |
(Of course, the scripts can do much worse than just displaying puny message boxes. Redirecting to other pages included.)
07/12/2015, 09:13:28
|
Ramillies writes:
An experiment has shown that this technique does indeed work. A simple solution for the start would be to block the string <script . Please don't forget the inital <; then it would ban people for no reason at all.
|
| Displays all thread messages |
Displays thread map |
That to which this responds |
This thread's lead message |
Your most recent Tavern page |
Thanks!
07/12/2015, 13:17:33
|
Bones writes:
To my knowledge no one has done that yet, but I don't read all the spam posts before I delete them. Once I add that to the list I'll be able to see if anyone has used that when I review the blocked messages.
|
| Displays all thread messages |
Displays thread map |
That to which this responds |
This thread's lead message |
Your most recent Tavern page |
Glad to have helped!
07/13/2015, 06:39:16
|
Ramillies writes:
I don't know whether it was done like this (I haven't had an opportunity to look at the message), but I'm sure that JavaScript embedded like this surely can do some mischief and it will be better to block it.The fact that the post contained some words that should have been blocked is a further support for my JavaScript hypothesis. For example, this script: document.write(unescape("%48%65%6C%6C%6F%20%57%6F%72%6C%64"))writes a "Hello World" onto the page. Certainly other blocked words can pass the defences in this guise.
|
|
|
