Summary: Talk page for CommentDb.
Maintainer: KT
Users: (View? / Edit)

This space is for User-contributed commentary and notes. Please include your name and a date along with your comment.


  • I currently have a series of spam injections, And the disturbing part is that for some reason it sometimes actually works. See an example in this file [(approve links) edit diff] it contains the source of a generated page on my site and the contents of the database. Ivar Snaaijer 2006-11-05 11:37
    • The CommentDb script is independent of most PmWiki machinery when accepting new comments. That is, the posted comment gets immediately saved to the database, without being checked for linkspam, approved urls or whatever else. When the comment is displayed it gets through PmWiki filters which adds the "approve urls" links, which might leave a wrong impression as if the UrlApprove machinery would actually be respected by CommentDb. It is not. (Why? As I've noted above, I've just been too lazy to implement it because I don't really know the insides of PmWiki well enough and I didn't need linkspam protection in my case).
      There are at least two solutions to the problem:
      • If you are well acquainted with PmWiki details, you could filter the posted comments through the UrlApprove procedure (or a slight modification of it). This should count the "unapproved" links and prevent the post if there are too many.
      • Otherwise you might hack up your own similar solution. Ideas like preventing comments containing more than 5 links, preventing more than 3 posts from a single IP in a minute, preventing posts with blacklisted words in a link or simply blocking certain IP-s might be easy to implement as well as good enough for your site.
        In fact, as long as CommentDb is not at all used widely, it's reasonable to assume that there won't be linkspam bots smart enough to know about it. So simply preventing comments containg "a href" html could be the best and the simplest option.-KT, 2006-11-06
    • I solved it by changing the script to check the author field for http (it gets ignored if this happens) also I clear the comment of the characters "<" ">" "/" and ":" this will render any injection totally useless but still allow for internal linking. Ivar Snaaijer, 2006-11-06
  • I have created a new version that uses a simple bayasian filter to detect spam. commentdb_1_1b.phpΔ
    • information about an extra table is in the file, there is also an extra column called `score` smallint(6) in the comments table
    • $CdbSpamScoreDiscard (default 10) Score needed to make entry disapear completely (/dev/null !).
    • $CdbSpamScoreHold (default 3) Score needed to put the entry on hold (only visible from Site.AllRecentComments)
    • $CdbSpamScoreTable (default 1) Set this value to 1 to use the 'nasties' table, set to 0 to turn it off
      • this is not a dropin replacement even with this value set to 0. When the vaule is 0 the script will only count url's.
    • scoring in the 'nasties' table can be set to a negative value to allow white-listing.

Ivar Snaaijer, 2008-02-03

Talk page for the CommentDb recipe (users?).