"Official" integration with Akismet

General discussion of development ideas and the approaches taken in the 3.x branch of phpBB. The next feature release of phpBB 3 will be 3.3/Proteus.
Forum rules
Please do not post support questions regarding installing, updating, or upgrading phpBB 3.2.x. If you need support for phpBB 3.2.x please visit the 3.2.x Support Forum on phpbb.com.

If you have questions regarding writing extensions please post in Extension Writers Discussion to receive proper guidance from our staff and community.
Post Reply
User avatar
imkingdavid
Registered User
Posts: 1050
Joined: Thu Jul 30, 2009 12:06 pm

Re: "Official" integration with Akismet

Post by imkingdavid »

I think we should clarify terminology. As I understand the two, and I may be wrong, an extension is a third party, self-contained collection of files that adds or changes one or more related functionalities to a phpBB board, whereas a plugin, which I think we could consider to be a subset of an extension, is a class that is able to be automatically incorporated for use by a given system used by the board. So an extension can contain plugins. For instance, an extension could add a CAPTCHA plugin. I guess on a larger scale, extensions could be considered plugins themselves, since they are able to be automatically incorporated for use by the extension manager. But I think when we're talking on the smaller scale, we should differentiate the two.

So what I think may have been proposed was that a "content analysis plugin system" backend be written, and extensions could then add plugins for specific services (Akismet, et al). I can support that. I am all for making phpBB more modular in this fashion instead of hardcoding everything.
I do custom MODs. PM for a quote!
View My: MODs | Portfolio
Please do NOT contact for support via PM or email.
Remember, the enemy's gate is down.

User avatar
EXreaction
Registered User
Posts: 1555
Joined: Sat Sep 10, 2005 2:15 am

Re: "Official" integration with Akismet

Post by EXreaction »

If a plugin system were to be created for this it should be very generic or it will not be useful. By generic I mean that it will work for posts, private messages, or other mods can call the api without having to hack things. If it is not going to be able to do that, then rather than write a plugin system for this, content analysis should be do-able with events.

User avatar
Pony99CA
Registered User
Posts: 986
Joined: Sun Feb 08, 2009 2:35 am
Location: Hollister, CA
Contact:

Re: "Official" integration with Akismet

Post by Pony99CA »

DavidIQ wrote:Oh I see...I totally missed you had gone off-topic with that so I got confused. I'll try to keep up. :P
:lol: However, what exactly was off-topic? I don't think that phpBB should support only Akismet, so I was suggesting an implementation (plug-ins, like CAPTCHA uses) that would allow Akismet and other user-developed content analysis tools.

I hope generalizing a request isn't considered going off-topic. :?
imkingdavid wrote: So what I think may have been proposed was that a "content analysis plugin system" backend be written, and extensions could then add plugins for specific services (Akismet, et al). I can support that. I am all for making phpBB more modular in this fashion instead of hardcoding everything.
Yes, that's exactly what I'm asking for. :)
EXreaction wrote:If a plugin system were to be created for this it should be very generic or it will not be useful. By generic I mean that it will work for posts, private messages, or other mods can call the api without having to hack things. If it is not going to be able to do that, then rather than write a plugin system for this, content analysis should be do-able with events.
I don't know the inner workings of Akismet, but the system that I envision would be generic. It would be an API that returned "OK" (the post looks good), "Bad" (the post is spam) and "Review" (the post goes in the Moderation Queue; obviously that wouldn't be used for PMs). (Those return values are just English, not what actually may be returned.)

Steve
Silicon Valley Pocket PC (http://www.svpocketpc.com)
Creator of manage_bots and spoof_user (ask me)
Need hosting for a small forum with full cPanel & MySQL access? Contact me or PM me.

User avatar
DavidIQ
Customisations Team Leader
Customisations Team Leader
Posts: 1836
Joined: Thu Mar 02, 2006 4:29 pm
Location: Earth
Contact:

Re: "Official" integration with Akismet

Post by DavidIQ »

RMcGirr83 wrote:I have contacted them concerning the issues brought up in this topic.
Heard anything back yet?
Image

User avatar
RMcGirr83
Registered User
Posts: 357
Joined: Fri Mar 09, 2007 1:51 am
Contact:

Re: "Official" integration with Akismet

Post by RMcGirr83 »

Not a word
Do not hire Christian Bullock he won't finish the job and will keep your money

Chaot_s
Registered User
Posts: 3
Joined: Wed Feb 13, 2013 6:45 am

Re: "Official" integration with Akismet

Post by Chaot_s »

After reading and fighting loads of spam, I would like too see some of this implemented too. The way I would like to see this implemented would be somewhat different then asked before though.

As a first step the phpBB base code should be extended in multiple events too support a "spam-check" based on group-, user-, and/or forum-permissions. This would provide finegrained control over where and when a spamcheck would be needed. This solves the privacy issue (hidden / private / team forums) since the permission system can disable the whole spamcheck based on any of the group-, user-, and/or forum-permissions. As a side effect it would reduce (checker)load impact on sites that do not enable spamchecking at all. Why fire the code if its not requested / enabled.

The events I think would be most important:
- On registration / forget password
- On post / edit post
- On update profile (??Option to only enable the check for certain fields??)
- On change signature.

In addition it could use something optional like the current ranking system to define some levels of checking a user. This would provide an option to exclude more users from the check based upon a "no spammer" ranking. Why would you check a user with 100+ posts for spam, most real users with "high" postcounts wont risk their account for some stupid spam. Reversed.. A spammer most likely wont write 100 real posts and then start spamming. And if it would happen... I would call it an incident, not spam

In the ACP a new tab named something like "Anti-spam" should be created showing spam check stats and possibly some optional list status. The left vertical menu could be divided in segments for several of the main elements of spam checking:
- "Global" ( Master on/off switch, the "no spammer" ranking, reset counters, reset stats, exclude user/IP/email )
- "spam check plugins" (the main system that lists installed spam-checkers, decides their weight, and enabled / disabled status)
- "plugin specific configurations" (for plugins that (need / want to) define their own settings or provide the user some choices.

The phpBB basecode should only handle the basic definition of a plugin and its weight level. By this I mean a board owner can enable, disable, or specify what checkers should be used based upon the event triggering the check. If enabled, the plugin itself will be triggered / called as configured, handles the request, and returns its result to the phpbb base code. Then after all enabled checkers have returned their result, the base code sums up the results and checks the total weight of all checkers versus the threshold the board admin defined. If the level is below the spam threshold, the board continues processing as normal. plugins should return results something like this:
- PASS (test was negative no spammer detected status)
- FAIL (test was positive, the list identified a spammer)
- NONE (the test failed returning no result)

If a check fails (detected as spam), the board redirects the user to a page explaining what and or why the request failed and give the user (a captcha protected) form that could be used to inform the board administrators. If a user decides to inform the administrators (spammers wont do this), the dataset that created the failed request should be stored temporary in the database. And the owner / moderators should get a notice (PM, mail, popup) to review the false flag report in the ACP / MCP.

The stored data could be used to create a reporting just like the current reporting system for moderators. This results in a quick and userfriendly manner of handling false flags for the boards team.

The report should provide (based upon permission levels) some of the following information and options
- Show the complete data set the user was checked for.
- See what plugin caused the false flag so the reviewer knows if a list often returns false flags and its weight should be reduced.
- An option to over-rule the fail. (this way a user doesn't need to re-write the post, redo the signup steps, or whatever the user was doing since the forum could continue processing the request based upon the stored info in the database. This also provides a quick method of excluding the user from further checks in the future.)

Installing checkers could be done using the same principles as the current method in place for modifications using the modification-database. Developers or RBL maintainers can write their own specified checks, the base code of phpbb would provide the information (post, IP, email, whatever data needs to be checked) as a set of variables to the checkerplugin. The plugin handles the request, and reports a status back to the phpBB base code. The plugin developer can create code for whatever the list may need (API key, balance or payment info, you name it) to be configured in the (optional) plugin configuration. And since every plugin writer has its own page in the ACP for its configuration, they can create any check they want. A simple http check, or a full blown mega bloated plugin with a gazillion configuration options.

This way phpBB stays fast for users that do not want spam checks, board owners can add as many as wanted lists to check, and finally users or listowners can write the checks as complicated or easy as they want.

Greets,
Chaot_s

User avatar
RMcGirr83
Registered User
Posts: 357
Joined: Fri Mar 09, 2007 1:51 am
Contact:

Re: "Official" integration with Akismet

Post by RMcGirr83 »

DavidIQ wrote:
RMcGirr83 wrote:I have contacted them concerning the issues brought up in this topic.
Heard anything back yet?
Better late than never I suppose
Hi Rich,

Apologies for the very late reply - our support engineers just discovered that we overlooked your message at the time.

We'd be happy to chat about Akismet and phpBB, both about the technical implementation and issues of usage and cost. You're correct that Akismet is most commonly used on blogs, and our pricing structure does tend to reflect that, but we do have plenty of forum users too. Certainly it's not our intention to discourage anyone from using Akismet, so if you're still interested we'd be happy to discuss ways we can best make Akismet available.

Perhaps you could give us a quick overview of the spam blocking situation in phpBB? We do see phpBB API calls, most commonly from the Advanced Block Mod, but we're really only seeing one side of the conversation there and it'd be very helpful to understand how things look from the forums' side also.

Kind regards,
Alex.
I will leave this to others to chat with Akismet about. I have sent him (Alex Shiels) a link again in an email to this topic and it is my hope that he registers and weighs in.
Do not hire Christian Bullock he won't finish the job and will keep your money

User avatar
jsebean
Registered User
Posts: 165
Joined: Wed Nov 17, 2010 1:40 am
Location: Atlantic Canada

Re: "Official" integration with Akismet

Post by jsebean »

I don't think they care if you use it on forums, after all, MyBB includes a akismet plugin it it's core by default disabled, and they haven't said anything.
-Jonah

Post Reply