Re: [racket-dev] spam planet bug reports
Yesterday, Robby Findler wrote: Well, I changed the regexp for the planet bug reports to insist that there was a 'v' at the beginning and then dropped the regexp itself from the error and the spammers just figured it out. So I'm guessing that this means that they are serious about spamming planet (why?!). I'm not sure that the planet keyword is what makes it attractive -- my guess would be some kind of dictionary attack. Did you check the logs? -- ((lambda (x) (x x)) (lambda (x) (x x))) Eli Barzilay: http://barzilay.org/ Maze is Life! _ For list-related administrative tasks: http://lists.racket-lang.org/listinfo/dev
Re: [racket-dev] spam planet bug reports
Well, I changed the regexp for the planet bug reports to insist that there was a 'v' at the beginning and then dropped the regexp itself from the error and the spammers just figured it out. So I'm guessing that this means that they are serious about spamming planet (why?!). Sounds like it is time to look into recaptcha. Robby _ For list-related administrative tasks: http://lists.racket-lang.org/listinfo/dev
Re: [racket-dev] spam planet bug reports
On Sat, Dec 18, 2010 at 9:02 AM, Robby Findler ro...@eecs.northwestern.edu wrote: So I'm guessing that this means that they are serious about spamming planet (why?!). PLaneT is result #9 for google (w/ no cookies) for the word planet. Thus I would guess that having links from there to your spam web page greatly increases its google rank, which is what the spammers are after. No one buys Cialis after seeing it on planet -- they want people who search for buy cialis online to find them. -- sam th sa...@ccs.neu.edu _ For list-related administrative tasks: http://lists.racket-lang.org/listinfo/dev
Re: [racket-dev] spam planet bug reports
[ If you know of bug reports that still exist in the system that have links to some spammers site, please let me know the numbers and I'll delete them. I tried to delete them all but probably missed some. ] PLaneT bug reports now should be using recaptcha properly (it took me about 7x longer than predicted, partly because I don't know python or how trac is organized all that well and partly because the word 'recaptcha' has a 't' in it; about 1/2 and 1/2 for those two, um, problems.) Please let me know if you see any problems. Thanks, Robby PS: Sam, thanks. That makes a lot of sense. Made me go figure out how to expunge the spam reports too! On Sat, Dec 18, 2010 at 8:19 AM, Sam Tobin-Hochstadt sa...@ccs.neu.edu wrote: On Sat, Dec 18, 2010 at 9:02 AM, Robby Findler ro...@eecs.northwestern.edu wrote: So I'm guessing that this means that they are serious about spamming planet (why?!). PLaneT is result #9 for google (w/ no cookies) for the word planet. Thus I would guess that having links from there to your spam web page greatly increases its google rank, which is what the spammers are after. No one buys Cialis after seeing it on planet -- they want people who search for buy cialis online to find them. -- sam th sa...@ccs.neu.edu _ For list-related administrative tasks: http://lists.racket-lang.org/listinfo/dev _ For list-related administrative tasks: http://lists.racket-lang.org/listinfo/dev
Re: [racket-dev] spam planet bug reports
FWIW, recaptcha is really easy to set up. Like less than 10 minutes from not knowing anything about it to having a working system. http://www.google.com/recaptcha On 12/11/2010 07:33 AM, Robby Findler wrote: Some spam system figured out my low-tech anti-spam device for planet so I changed the regexp to insist that the version numbers begin with a 'v' (and I give less of a clue in the error message now). If this stops working soon, Ill probably just disable planet bug report submissions until I can find time to figure out how to make a captcha work. Sorry for the inconvenience. Robby _ For list-related administrative tasks: http://lists.racket-lang.org/listinfo/dev _ For list-related administrative tasks: http://lists.racket-lang.org/listinfo/dev
Re: [racket-dev] spam planet bug reports
One issue to consider with Recaptcha is that it's incidentally a Web bug that helps track people around the Internet. If you don't already have Web bugs in your site, by adding one you increase the cross-site tracking. In the case of PLaneT bug reports, the privacy and security cost of a Web bug seems negligible. However, I think it is good to sanity-check every time you use one of these effective Web bugs. I've seen sites like anonymous discussion boards on sensitive topics doing things like loading Recaptcha for not only posts (goodbye, posting anonymity), but also for every message a user views (hello, centralized detailed profiling). In many cases, I believe that site operators who help implement the tracking are unaware of it, although in other cases they might be indifferent or believe that the tracking will be used only for certain purposes they consider to be good. Now that I'm in my 30s, my interest in this is academic curiosity rather than activist, but I'd like to have at least Racket people aware of the implications when they decide to use an effective Web bug like Recaptcha. FWIW, recaptcha is really easy to set up. Like less than 10 minutes from not knowing anything about it to having a working system. http://www.google.com/recaptcha -- http://www.neilvandyke.org/ _ For list-related administrative tasks: http://lists.racket-lang.org/listinfo/dev
Re: [racket-dev] spam planet bug reports
How difficult is it to implement one as a Planet lib that avoids tracking? On Dec 11, 2010, at 1:41 PM, Neil Van Dyke wrote: One issue to consider with Recaptcha is that it's incidentally a Web bug that helps track people around the Internet. If you don't already have Web bugs in your site, by adding one you increase the cross-site tracking. In the case of PLaneT bug reports, the privacy and security cost of a Web bug seems negligible. However, I think it is good to sanity-check every time you use one of these effective Web bugs. I've seen sites like anonymous discussion boards on sensitive topics doing things like loading Recaptcha for not only posts (goodbye, posting anonymity), but also for every message a user views (hello, centralized detailed profiling). In many cases, I believe that site operators who help implement the tracking are unaware of it, although in other cases they might be indifferent or believe that the tracking will be used only for certain purposes they consider to be good. Now that I'm in my 30s, my interest in this is academic curiosity rather than activist, but I'd like to have at least Racket people aware of the implications when they decide to use an effective Web bug like Recaptcha. FWIW, recaptcha is really easy to set up. Like less than 10 minutes from not knowing anything about it to having a working system. http://www.google.com/recaptcha -- http://www.neilvandyke.org/ _ For list-related administrative tasks: http://lists.racket-lang.org/listinfo/dev _ For list-related administrative tasks: http://lists.racket-lang.org/listinfo/dev
Re: [racket-dev] spam planet bug reports
Effectively impossible. It's all in the domain. On Sat, Dec 11, 2010 at 1:47 PM, Matthias Felleisen matth...@ccs.neu.edu wrote: How difficult is it to implement one as a Planet lib that avoids tracking? On Dec 11, 2010, at 1:41 PM, Neil Van Dyke wrote: One issue to consider with Recaptcha is that it's incidentally a Web bug that helps track people around the Internet. If you don't already have Web bugs in your site, by adding one you increase the cross-site tracking. In the case of PLaneT bug reports, the privacy and security cost of a Web bug seems negligible. However, I think it is good to sanity-check every time you use one of these effective Web bugs. I've seen sites like anonymous discussion boards on sensitive topics doing things like loading Recaptcha for not only posts (goodbye, posting anonymity), but also for every message a user views (hello, centralized detailed profiling). In many cases, I believe that site operators who help implement the tracking are unaware of it, although in other cases they might be indifferent or believe that the tracking will be used only for certain purposes they consider to be good. Now that I'm in my 30s, my interest in this is academic curiosity rather than activist, but I'd like to have at least Racket people aware of the implications when they decide to use an effective Web bug like Recaptcha. FWIW, recaptcha is really easy to set up. Like less than 10 minutes from not knowing anything about it to having a working system. http://www.google.com/recaptcha -- http://www.neilvandyke.org/ _ For list-related administrative tasks: http://lists.racket-lang.org/listinfo/dev _ For list-related administrative tasks: http://lists.racket-lang.org/listinfo/dev _ For list-related administrative tasks: http://lists.racket-lang.org/listinfo/dev
Re: [racket-dev] spam planet bug reports
You could implement your own captcha. This is hard if the captcha is on sites popular enough to be brought to the attention of very smart programmers who specialize in compromising captchas. This is easy if you don't have to worry about those programmers. Or you *might* be able to use Recaptcha in a privacy-friendly way by serving everything yourself to the client, so that no HTTP request is made by the client directly to Google and no plausibly identifying info is otherwise propagated. That way, privacy-wise, Google gets little more than timing and scale info. I'm not sure that this is permitted, technologically or contractually. Serving it yourself is also more expensive to maintain, and, in absence of guarantees from Google, there is more risk that what works today will not work tomorrow. Matthias Felleisen wrote at 12/11/2010 01:47 PM: How difficult is it to implement one as a Planet lib that avoids tracking? -- http://www.neilvandyke.org/ _ For list-related administrative tasks: http://lists.racket-lang.org/listinfo/dev
