Lillesvin Networks

phpCF version 0.5 beta is just done (after almost 4 years!) and commited to the repository. Among the changes are a completely new and more managable rules system, that allows for easy rules writing while still allowing for even more flexibility than previous versions. I’ll tag a release, upload tar-balls and update the phpCF page as soon as I get home from work tonight. See the ChangeLog for a more detailed list of changes.

Update (May 5 2009 @ 4:32 AM): The phpCF page is now updated and with links to tar-balls, docs and stuff.

This release of phpCF features:

• Incorporation of the Lillesvin Networks blacklist (text/plain version) – possibly more blacklists will be supported in future releases.
• Better testing for HTML
• Configuration to allow specific HTML tags, thus excluding them when testing for HTML
• Better debugging methods
• Removal of disabled checks in the instance-log

Go get it at http://lillesvin.net/phpcf!

I was just looking through my logfiles (I tend to do that whenever I get a bit tired, but don’t go to sleep) and I realized that the number of spam attempts has decreased heavilly. From blocking more than 30 attempts a day, all the way down to 52 attempts throughout June and no attempts at all in August or September. Same goes for blacklist redirects (ie. blacklisted hosts being redirected to a customized 404 page saying that they’ve been blacklisted.)

I’m not quite sure what to make of this, because there are a couple of things involved and the decrease started just as I made some big changes to my anti-spam system. The following are some possible factors in the decrease and there may very well be some I’m overlooking.

I started returning 404 Not Found on blacklist redirects instead of 200 OK

Are the spammers running some kind of automated learning, so once they receive a 404, they stop trying? That would be weird, because in order to even see the before mentioned 404, they have to make at least 3 attempts at spamming. So automated learning would be indicated by a vast amount of blocked attempts compared to the number of blacklist redirects, which is not the case here – both numbers have decreased heavilly, though the number of blacklist redirects varies from zero to 5-6 a day.

phpCF is working great

If the spammers are in some way measuring their success-rate, then it must mean that phpCF is working great, because no spam has gotten through in a long time. But this would also be strange, because how would they measure the success-rate? Googling? I think not.

The blacklist is complete

I’ve finally blacklisted each and every spam-bot on the planet! Yay, for me! :-p
Actually, this would explain the small number of blocked attempts compared to the larger amount of blacklist redirects. But still, somehow I don’t believe that this is the reason.

More options

Last, but not least, there may be outside factors causing the decrease (even though I’d like to think that I came up with the “cure for the cancer”). Maybe Google-bombing has gotten harder, or the spammers are getting more cautious – or maybe blog-spamming just isn’t profitable enough…

… and then there is all the stuff I can’t think up right now because it’s 8:46 AM and I haven’t slept yet. If you have any ideas, experiences, thoughts … anything! Please, post a comment or drop me a mail. I’d be more than happy to know what you think.

… and then I pulled myself together and released phpCF 0.2 into the wild. You may be wondering why you never saw a 0.1 release, but that’s because it was never released. But tonight I gave it the final work-over, wrote some documentation for it and – thanks to Steffie – decided NOT to write a DB configuration backend for it anyway, so now it runs with a single, very simple configuration file. Way better than a big, clumsy and useless configuration in a database. (There are more reasons, but I won’t get into them now.)

In case you’re wondering what phpCF is, then you’ve chosen the right paragraph to read. phpCF is a PHP class designed for scanning of e.g. blog-comments to determine whether they’re spam or not. phpCF only does the checking, assigns a score and compares it to the configured threshold. What to do if it’s spam is up to the one implementing it. Apart from doing a simple job in a simple way it’s also simple to implement. Simple, simple, simple… SIMPLE! Look at this example…

Also, I created a Freshmeat entry for phpCF and I hope that the server can stand the extra traffic, when phpCF hits the Freshmeat front page. If not, let me know.

Creativity both on the coding front and the artistic front.

First of all, I’ve been receiving a lot of comment spam lately – so I thought I’d revamp my spam checking system (I just counted the number of links before; if it was > 5, then the comment was blocked and the IP logged for potential blacklisting). The new system I’ve been hacking a little on is way more flexible and extensible – so it’ll be a lot easier to fight off spam later, if they find yet another way to spam me. If this turns out to be a success I might release it under the GPL, but I want to test it a little before deciding on it.

Secondly, I’ve been playing more with my tablet and now it works perfectly with Linux. Turned out that kernels 2.6.4 through 2.6.8 had some issues, so after upgrading to kernel 2.6.11 and recompiling mousedev.ko, evdev.ko and wacom.ko I finally got it working. (Thanks to the docs at the Linux Wacom Project and furrywolf from #debian.) So if you’re considering buying a tablet I can recommend the Wacom Volito (if you’re a beginner) – it’s cheap and it’s relatively easy to get working with Linux – just like the other Wacom tablets. Look them up on eBay – you can probably get a used one very cheap.

Oh yeah, bumped into this sign here in Århus – I can’t remember whether it was a hair dresser or some kind of shop. Also, take a look at this cake we made for a friends birthday.