"Official" integration with Akismet

General discussion of development ideas and the approaches taken in the 3.x branch of phpBB. The next feature release of phpBB 3 will be 3.3/Proteus.
Forum rules
Please do not post support questions regarding installing, updating, or upgrading phpBB 3.2.x. If you need support for phpBB 3.2.x please visit the 3.2.x Support Forum on phpbb.com.

If you have questions regarding writing extensions please post in Extension Writers Discussion to receive proper guidance from our staff and community.
Post Reply
MartinTruckenbrodt
Posts: 171
Joined: Sun Jan 29, 2006 1:00 pm
Location: Germany
Contact:

Re: "Official" integration with Akismet

Post by MartinTruckenbrodt » Wed Jun 27, 2012 3:23 pm

Hello,
usefull HTTP blacklists to prevent forum spam are (in order of efficiency):
  1. Stop Forum Spam
  2. BotScout
  3. Akismet
The problem with HTTP blacklists is that every HTTP blacklist uses an own different API. There is no standard like it is for (most of) DNS blacklists.

For me one bad point for some phpBB integrations in past is that MOD authors just have used a third-party class or something like this. They used the phpBB integration like a bridge to the third-party class.
But the APIs are very easy and it's possible to make a integration only with phpBB default code and coding.

Project Honey Pot aka http:BL is a IP-RBL DNS blacklist which is using non-standard DNS blacklist requests with a own API. So it's also a candidate for a HTTP blacklist plug-in system.

phpBB3 Olympus and blacklists history: I think it's time to add it to the core! ;)

Please don't integrate it just for something like a quarantine. Use it to block (or to prevent) spam(, too).
Do you really want that your moderators have to check hundreds/thousands of spam guest postings or spam user registrations per day?
Think about adding something like a weight system. So if you want spam will be blocked if it is found on at least two blacklists.
Add a feature to recheck posts and user accounts for spam. Add it to the related ACP and MCP pages. Also integrate this check into Who Is Online for analysis.

Bye Martin
Last edited by MartinTruckenbrodt on Thu Jun 28, 2012 2:30 pm, edited 2 times in total.
Advanced Block MOD 1.1.1 has been released! - Prevent spam on your phpBB3 board with Stop Forum Spam, BotScout, Akismet, Project Honey Pot and several IP-RBL and Domain-RBL DNS blacklists! - My MODs

User avatar
callumacrae
Former Team Member
Posts: 1046
Joined: Tue Apr 27, 2010 9:37 am
Location: England
Contact:

Re: "Official" integration with Akismet

Post by callumacrae » Wed Jun 27, 2012 6:58 pm

I've tried blacklists besides Akismet (including Martins advanced block MOD) and they haven't performed well at all. While Akismet doesn't catch all spam (and that would improve if every single phpBB board were reporting spam), the other two have a *lot* of false positives. From what I've seen, they see an IP that has previously spammed in the past, or a Russian ISP (yes, I had an issue with a genuine ISP being blocked), and they mark it as spam.
Made by developers, for developers!
My blog

MartinTruckenbrodt
Posts: 171
Joined: Sun Jan 29, 2006 1:00 pm
Location: Germany
Contact:

Re: "Official" integration with Akismet

Post by MartinTruckenbrodt » Wed Jun 27, 2012 7:05 pm

Hello Callum,
you can handle rare false positves (I don't have them on my boards.) with redirecting them to a contact form. The contact form can be protected e.g. with CAPTCHA.

Bye Martin
Last edited by MartinTruckenbrodt on Thu Jun 28, 2012 2:31 pm, edited 1 time in total.
Advanced Block MOD 1.1.1 has been released! - Prevent spam on your phpBB3 board with Stop Forum Spam, BotScout, Akismet, Project Honey Pot and several IP-RBL and Domain-RBL DNS blacklists! - My MODs

User avatar
EXreaction
Registered User
Posts: 1555
Joined: Sat Sep 10, 2005 2:15 am

Re: "Official" integration with Akismet

Post by EXreaction » Wed Jun 27, 2012 11:33 pm

I think I am a bit confused at the different talks about integration here. Some are talking about registration and I think some are talking about checking posts. Akismet is designed for checking posts to see if they are spam, Stop Forum Spam, and other blacklists are for users (I would argue that checking posts for spam is far more valuable than users, because posts are where people do not want spam, and registration data can easily be sent as random numbers/letters, something that would not be possible to block).

User avatar
EXreaction
Registered User
Posts: 1555
Joined: Sat Sep 10, 2005 2:15 am

Re: "Official" integration with Akismet

Post by EXreaction » Wed Jun 27, 2012 11:48 pm

As for whether or not this should be a plugin (official or not), built in, or have an interface for anti-spam built in, I do think that having an interface would be the nicest option for extend-ability and friendliness, but I think that the best option would be either a plugin or to have it built in. I would do it that way primarily because I think building an interface and administrative control system for it seems like significant work and that effort would be better put towards finishing something else, like plugins. I don't see advantages to an interface over the plugins system being great enough to offset the time spent writing it.

If it were just an official plugin that was included, and if others wanted to make other systems work that work the same way as Akismet, they would have a template (the Akismet plugin) ready to go, so it should be fairly easy for authors to make it work with other similar services.

Oleg
Posts: 1150
Joined: Tue Feb 23, 2010 2:38 am
Contact:

Re: "Official" integration with Akismet

Post by Oleg » Thu Jun 28, 2012 6:06 am

naderman wrote:Rather than having hard coded integration with akismet, can we maybe have a generic plugin interface for these kinds of antispam tools? How much work would it be to change the pull request to be a generic antispam plugin feature with akismet as a default plugin shipped with phpBB?
I support this.

User avatar
brunoais
Registered User
Posts: 964
Joined: Fri Dec 18, 2009 3:55 pm

Re: "Official" integration with Akismet

Post by brunoais » Thu Jun 28, 2012 2:23 pm

Oleg wrote:
naderman wrote:Rather than having hard coded integration with akismet, can we maybe have a generic plugin interface for these kinds of antispam tools? How much work would it be to change the pull request to be a generic antispam plugin feature with akismet as a default plugin shipped with phpBB?
I support this.
me2

KnocksX
Registered User
Posts: 80
Joined: Thu Jul 19, 2012 2:03 am

Re: "Official" integration with Akismet

Post by KnocksX » Wed Aug 08, 2012 10:29 pm

Doesn't Akismet require a credit card before giving you the API key? If so, it might run into problems with the GPL.

User avatar
EXreaction
Registered User
Posts: 1555
Joined: Sat Sep 10, 2005 2:15 am

Re: "Official" integration with Akismet

Post by EXreaction » Thu Aug 09, 2012 1:00 am

No, it does not.

User avatar
Pony99CA
Registered User
Posts: 986
Joined: Sun Feb 08, 2009 2:35 am
Location: Hollister, CA
Contact:

Re: "Official" integration with Akismet

Post by Pony99CA » Thu Aug 09, 2012 1:20 am

KnocksX wrote:Doesn't Akismet require a credit card before giving you the API key? If so, it might run into problems with the GPL.
As long as we're only creating an interface to a service, how would their license affect phpBB at all? Are ReCAPTCHA and all of the other anti-spam services supported by CAPTCHA plug-ins GPL?

As for the overall concept, I think a multi-layered approach is best (all optional, of course):
  • CAPTCHAs for registering (and Guest posting). phpBB already has this.
  • Configurable blacklist support for those who want it. phpBB currently supports two non-configurable blacklists: spamcop.net and http://www.spamhaus.org at registration and posting. That should be configurable using plug-ins (ideally to allow more than one with some logic included for weighting) to support StopForumSpam and other services.
  • Post content scanning via plug-ins/extensions that could support Akismet and other services. Maybe phpBB could even ship a simple one, blocking posts with too many URLs and/or censored words (possibly in a specified group, like Newly Registered Users). That would allow blocking posts instead of having posts go into moderation. Maybe there could even be a Does not need post scanning permission for some groups.
The latter is really the only new item, although making the second item configurable would require some work.

Steve
Silicon Valley Pocket PC (http://www.svpocketpc.com)
Creator of manage_bots and spoof_user (ask me)
Need hosting for a small forum with full cPanel & MySQL access? Contact me or PM me.

Post Reply