I just got comment spammed

Guardian2003 · Posted: Tue Sep 04, 2007 12:56 am

I would be more inclined to keep delete functions within the admin pages.
Although you *could* put them in the user page wrapped in an is_admin check, that would use some extra resources which are not really essential.

gregexp · Posted: Tue Sep 04, 2007 6:17 am

Nice line of thought if you dont mind me saying. But you could in fact put a captcha to help prevent bots, I personally think sessions might be a good idea to start with as well.

I would force a wait of about 10 seconds between each post and a maximum of 3 posts per minute.

I think that would put a stopper in almost any spammer.

As for the admin functions, I sudjest a single use of the is_admin function.

For example, I believe you would use a loop in this for any output.

I would do this:

if(is_admin($admin)){
loop for admins;
}else{
loop for users;
}

I think that would eliminate any extra resources that would not normally be used.

montego · Posted: Tue Sep 04, 2007 7:34 am

Gremmie,

Given the original way this module was set up, where the module itself was read only, and the admin piece was, well, the admin piece, I would prefer to see all deletions be active only within the admin piece.

It is funny, because when you originally asked me this question earlier this weekend, I had never even activated the module piece because I just thought it was just an admin module. Hence why I was confused by your question. Sorry about that.

gregexp,

I have been running RN 2.10.x with the spam captcha since before it was even released and I agree that an effective captcha will stop most. However, I did have five articles spammed about the same time Gremmie did where the punk actually created a user and literally went through and manually spammed. I could tell from the post times that it was not automated... I think he finally got tired of it after he spammed my front page news articles. This module was sure nice to have at that time.... made getting rid of the spam very quick and painless.

Thanks Guardian and Gremmie for your work on this!

Guardian2003 · Posted: Tue Sep 04, 2007 11:47 am

To clarify my earlier post, my opinion to only use a delete function within the admin page to avoid resource wastage is simply because, although only one 'check' might be needed as grepexp mentions, if you have a high traffic site, that 'check' is going to be carried out for every http request. Thus 100 visitors = 100 is_admin checks which do not *need* to be carried out IMHO.
I know it's only miniscule amounts of resources we are talking about but from little acorns...

montego · Posted: Wed Sep 05, 2007 5:06 am

Well, one could cut out the function call each time by setting a variable or constant up front with the result of ONE is_admin() call... Wink

But, then you still have to wrap the row with an IF statement, but, hey, that is what control structures are for. Laughing

(Just having a little fun...)

However, since the module already came with an admin section, it could still go in there. I liked it only because I could focus my reviews and deletions by module and could therefore, get more rows on a page to review and/or delete. BUT, not seeing how the new module is coded (works), I guess I don't know one way or the other which way would be best.

Gremmie · Posted: Wed Sep 05, 2007 7:50 am

Well I started coding an admin part. But I don't see what the performance hit of an is_admin() check is going to be. Surely at least one call is made to is_admin() on any random page load, and after that, isn't the result cached in a static variable? And you are right, in my module code I would call is_admin() once and cache it myself anyway.

I can't seem to find (yet) the magic phpBB function that will let me delete a forum post. I was hoping to find it in includes somewhere. If not, I'll look in modules/Forums, and if the code isn't too long I'll just duplicate it. Otherwise I'll leave forum post deletions up to the already existing phpBB functions.

Gremmie · Posted: Wed Sep 05, 2007 6:16 pm

The magic delete forum post code isn't actually a function, it's just a whole bunch of code in a switch statement in the file modcp.php. Sad

I could either

1) replicate that code (which consists of 4 or 5 SELECTS followed by 7 deletes followed by a sync() forum call!) in the comments module

2) factor the code into a callable free function and place it in includes, then modify modcp.php to call it (of course this will have to be redone upon every BBtoNuke change...ughh)

3) Just leave forum post deletion up to the already existing phpBB facilities

Thoughts? (I'm thinking option 3....)

montego · Posted: Thu Sep 06, 2007 7:40 am

Gremmie, well, although I agree that Option 3 may be the right choice for now, but if you think about it from a poor admin's perspective if they actually left their forums open for anonymous posting (yeah, I know, maybe they deserve the swift kick in the pants), could you imagine how difficult it will be for them to clean that mess up?

Maybe something for us to just think about down the road, but not now.

Gremmie · Posted: Thu Sep 06, 2007 4:47 pm

I was wrong about the delete post code. It is actually in posting.php and eventually calls delete_post() which is in includes/functions_post.php. That function is pretty phpBB specific but perhaps I can figure out what it is doing. If I can't call it directly I can possible do the same steps it is doing.

fkelly · Posted: Fri Sep 07, 2007 12:28 pm

Yes back to comments.

Some quick stats on the new is_user and is_admin from my local system.

Going to the index page. Old method: 152 queries, new method: 141 queries.

Going from index page to admin screen: Old method: 131 queries, new method: 108 queries.

montego · Posted: Fri Sep 07, 2007 6:55 pm

yeah, the ones which calls is_admin() in a loop are the "killers". Wink

Gremmie · Posted: Sat Sep 08, 2007 12:25 pm

The only thing left to do is to delete forum posts. I don't want to give up on this, but wow...

I have given up on the idea of just doing what phpBB does on my own. It is way too complicated, too many corner cases, and too much code to replicate. Most, but not all, of what I need, is in the functions found in includes/functions_post.php. I think I am going to copy some of the surrounding glue code in Forums/posting.php and then call the functions in functions_post.php just like it does, if you follow me.

That means I will have to include functions_post.php. I think I can do this, I just have to define IN_PHPBB first.

Gremmie · Posted: Sat Sep 08, 2007 1:11 pm

Crap that is turning out to be a pain too as now I have to setup a whole bunch of globals and stuff for the code in functions_post.php to work. I can't just include Forums/nukebb.php as it includes header.php.

fkelly · Posted: Sat Sep 08, 2007 7:30 pm

Gremmie, a while back I tried to clone the Forums "search for a user" function because I thought it would be great to have in Your Account. After a morning trying to follow all the paths the code took me down I gave the idea up. It is just way too convoluted to be cloned over into Nuke or called from core Nuke. It sounds like you are running into the same thing.

Gremmie · Posted: Sat Sep 08, 2007 7:34 pm

Yes....

I thought I posted here but it is gone now. Confused

I checked something in for the Comments module, minus the forum deletion, as a beta test for the RN team. When you have a chance, let me know what you think.

Raven · Posted: Sun Sep 09, 2007 11:21 am

Gremmie,

I have been testing Comments and sent you my results (just for the record) Smile

.

RN Team - Also, I am going to move most of this thread to our Development area because it really is a development issue other than the spam issue Smile

Raven · Posted: Sun Sep 09, 2007 2:25 pm

Got them and posted them. All seems well Smile

Raven · Posted: Sun Sep 09, 2007 11:24 pm

I have moved the posts to the RavenNuke Design Methodology Discussions forum (Developers only)