Forums | Mahara Community

Support /
The Great Mahara Spam Fest


anonymous profile picture
Account deleted
Posts: 91

23 August 2010, 10:22

Hello All,

I have mentioned the issue of spam in Mahara feedback a couple of times before and wondered if there had been any progress?

There is a specific issue with permissions on secret URL's, which seem to grant the spambot rights to post comments. I know you have the option to make the comments private, but that is not helping as the comments are still visible to logged in group members etc.

We are still having issues with members of goups with "leaked" URL's getting advertisements for online casino, male enhancement, levitra, viagra... the usual. Its pretty poor.

To be blunt, Mahara is the worst system (ok there are some very old guestbook scripts that are just as bad) I have come accross in terms of its inability to protect against spam. I have suggested before that there should be stronger comment moderation along the lines of wordpress.

I have also suggested you look at Akismet integration which will filter a lot of the mess out, and a strong captcha like re-captcha.

I am not sure if you realise but most standard captchas can be broken by spambots using OCR software, captchas like that used by PHP BB etc are worthless, Googles Captcha was broken a year or so ago, re-captcha is one of the few that has not been successfully broken using OCR / AI.

Despite having no-indexed our site In search engines we are still getting pages full of nasties which are visible to a large number of internal users. It does not look good. Not to mention the spam emails being forwarded by Mahara.Org itself.

Sorry to be a whinge, but I am not sure this issue is being taken seriously enough.

 

 

 

anonymous profile picture
Account deleted
Posts: 808

23 August 2010, 17:16

Hi Jez,

We have a few new spam-prevention measures coming in 1.3, basically they involve checking the urls in comments against blacklists, and hashing field names & adding invisible fields in forms on public pages to make it more difficult for bots.

Users can also enable a type of moderation on view feedback - this setting just forces all comments to be private initially (the view owner can make them public later if they wish).

Patches providing akismet or recaptcha integration (in an easily configurable way) are welcome.

R.

anonymous profile picture
Account deleted
Posts: 91

24 August 2010, 5:48

Hi Richard,

Thanks for your reply, I will take a look at these features.

Jez

anonymous profile picture
Account deleted
Posts: 91

24 August 2010, 7:26

Hello again,

 

I had a look at this in 1.3. The delete feature is really important and good to see, I think the spam trap field is also a good idea, but I think I would rename the label of that field. Words like "spam trap" "honey pot" etc are sometimes filtered on.

I think for the time being these additions will go a long way to solving the problem. By the time being I mean whilst Mahara has a small user base and is "below the radar".

I think the scripts that were spamming our site were just generic scripts, i.e. not adapted to target Mahara specifically. If Mahara becomes more widely used then at some point I think it will be directly targeted (due to the stature of the educational domains it is hosted on) in which case I think it would need another overhaul.

Anyway, thanks for adding these features Laughing

Jez

anonymous profile picture
Account deleted
Posts: 61

02 September 2010, 6:07

As one who has also strugggled with huge quantities of SPAM on views, I can only hope that 1.3 will deliver us. In the meantime I found this Cracked article article 'The Spambot Who Seduced Me: A True Story of Forbidden Love' very funny, and I hope some of you do as well (please forgive me if you don't!!).

5 results