Difference between revisions of "SoC improve the Spam-X plugin"
(First draft of a new Spam-X related GSoC project) |
m (typos and minor corrections) |
||
| Line 8: | Line 8: | ||
== Incentive == | == Incentive == | ||
| − | Geeklog currently ships with a Spam-X module for [http://linksleeve.org/ LinkSleeve] (aka SLV). At the time, this was the only service available that didn't require creating an account, so that it is usable "out of the box". | + | Geeklog currently ships with a Spam-X module for [http://linksleeve.org/ LinkSleeve] (aka SLV). At the time, this was the only free service available that didn't require creating an account, so that it is usable "out of the box". |
Over time, more anti-spam services have appeared. One goal of this project is to evaluate these services. And to be able to do that, we would need Spam-X modules to support these services. | Over time, more anti-spam services have appeared. One goal of this project is to evaluate these services. And to be able to do that, we would need Spam-X modules to support these services. | ||
| Line 16: | Line 16: | ||
== Part 1: New modules for existing services == | == Part 1: New modules for existing services == | ||
| + | |||
| + | === Services === | ||
Here's a quick rundown of some existing anti-spam services: | Here's a quick rundown of some existing anti-spam services: | ||
| − | === Akismet === | + | ==== Akismet ==== |
| − | [http://akismet.com/ Akismet] is associated with the WordPress blog platform. The service initially required a wordpress.com, which made it not suitable for use in Geeklog (asking our users to sign up with a competitor's website would have looked odd). This requirement has since been dropped: You still need to sign up but can do so now from the Akismet homepage. The service is free (commercial options available). | + | [http://akismet.com/ Akismet] is associated with the WordPress blog platform. The service initially required a wordpress.com account, which made it not suitable for use in Geeklog (asking our users to sign up with a competitor's website would have looked odd). This requirement has since been dropped: You still need to sign up but can do so now from the Akismet homepage. The service is free (commercial options available). |
There is already an older version of an Akismet module for Spam-X. It will probably need a review to check for API changes. | There is already an older version of an Akismet module for Spam-X. It will probably need a review to check for API changes. | ||
| − | === | + | ==== Defensio ==== |
[http://defensio.com/ Defensio] is a service owned by security firm Websense. The service requires signup and is free "for all personal bloggers" (commercial options available). | [http://defensio.com/ Defensio] is a service owned by security firm Websense. The service requires signup and is free "for all personal bloggers" (commercial options available). | ||
| − | === Mollom === | + | ==== Mollom ==== |
[http://mollom.com/ Mollom] is loosely associated with the Drupal CMS. It requires signup and offers both free and for-pay services. | [http://mollom.com/ Mollom] is loosely associated with the Drupal CMS. It requires signup and offers both free and for-pay services. | ||
| Line 35: | Line 37: | ||
One specialty of Mollom is that it has an "unsure" categorization for posts where it's not quite sure yet whether the post is spam or not. In this case, it displays a CAPTCHA, so that the poster will have to confirm that they are human. | One specialty of Mollom is that it has an "unsure" categorization for posts where it's not quite sure yet whether the post is spam or not. In this case, it displays a CAPTCHA, so that the poster will have to confirm that they are human. | ||
| − | === TypePad AntiSpam === | + | ==== TypePad AntiSpam ==== |
[http://antispam.typepad.com/ TypePad AntiSpam] is, as the name implies, associated with the TypePad CMS. It is currently (still) in beta. The service requires signup and is free ("and will always be free" -- quote from the website). | [http://antispam.typepad.com/ TypePad AntiSpam] is, as the name implies, associated with the TypePad CMS. It is currently (still) in beta. The service requires signup and is free ("and will always be free" -- quote from the website). | ||
| − | === Stop Forum Spam === | + | ==== Stop Forum Spam ==== |
[http://www.stopforumspam.com/ Stop Forum Spam] is a private (one-man?) project. It doesn not require signup and is free. | [http://www.stopforumspam.com/ Stop Forum Spam] is a private (one-man?) project. It doesn not require signup and is free. | ||
| − | The API has an option to check for a poster's user name which at first glance doesn't seem like a reliable criterion to detect spam (the API has other options as well). Michael Hampton (author of Bad Behavior) also [http://www.bad-behavior.ioerror.us/2010/02/20/stop-forum-spam/ expressed some doubts] about the service. | + | The API has an option to check for a poster's user name, which at first glance doesn't seem like a reliable criterion to detect spam (the API has other options as well). Michael Hampton (author of Bad Behavior) also [http://www.bad-behavior.ioerror.us/2010/02/20/stop-forum-spam/ expressed some doubts] about the service. |
| + | |||
| + | === Discussion === | ||
''(more to come)'' | ''(more to come)'' | ||
| Line 49: | Line 53: | ||
== Part 2: SWOT == | == Part 2: SWOT == | ||
| − | ''TBD | + | ''TBD'' |
== Level of Difficulty == | == Level of Difficulty == | ||
| Line 60: | Line 64: | ||
== Further Reading == | == Further Reading == | ||
| + | ''TBD'' | ||
[[Category:Summer of Code]] [[Category:Development]] | [[Category:Summer of Code]] [[Category:Development]] | ||
Revision as of 09:26, 6 March 2010
Contents
Introduction
Comment spam doesn't need an introduction - pretty much every site gets it. Geeklog ships with its own spam filter, called Spam-X. This filter can easily be extended by adding modules so that it can either be updated for the spammer's latest tricks or to add support for new anti-spam services. This project is about the latter - creating modules for new services.
Incentive
Geeklog currently ships with a Spam-X module for LinkSleeve (aka SLV). At the time, this was the only free service available that didn't require creating an account, so that it is usable "out of the box".
Over time, more anti-spam services have appeared. One goal of this project is to evaluate these services. And to be able to do that, we would need Spam-X modules to support these services.
The second half of this project is then about creating a new anti-spam service (see details below) and compare it with the existing services.
Part 1: New modules for existing services
Services
Here's a quick rundown of some existing anti-spam services:
Akismet
Akismet is associated with the WordPress blog platform. The service initially required a wordpress.com account, which made it not suitable for use in Geeklog (asking our users to sign up with a competitor's website would have looked odd). This requirement has since been dropped: You still need to sign up but can do so now from the Akismet homepage. The service is free (commercial options available).
There is already an older version of an Akismet module for Spam-X. It will probably need a review to check for API changes.
Defensio
Defensio is a service owned by security firm Websense. The service requires signup and is free "for all personal bloggers" (commercial options available).
Mollom
Mollom is loosely associated with the Drupal CMS. It requires signup and offers both free and for-pay services.
One specialty of Mollom is that it has an "unsure" categorization for posts where it's not quite sure yet whether the post is spam or not. In this case, it displays a CAPTCHA, so that the poster will have to confirm that they are human.
TypePad AntiSpam
TypePad AntiSpam is, as the name implies, associated with the TypePad CMS. It is currently (still) in beta. The service requires signup and is free ("and will always be free" -- quote from the website).
Stop Forum Spam
Stop Forum Spam is a private (one-man?) project. It doesn not require signup and is free.
The API has an option to check for a poster's user name, which at first glance doesn't seem like a reliable criterion to detect spam (the API has other options as well). Michael Hampton (author of Bad Behavior) also expressed some doubts about the service.
Discussion
(more to come)
Part 2: SWOT
TBD
Level of Difficulty
easy to medium
Implementing modules for the existing services should be relatively straightforward. Some more thought and work will be required for the SWOT implementation.
Further Reading
TBD
