django-stopforumspam

Transcript

1. django-stopforumspam https://github.com/benjaoming/django-stopforumspam/

2. None
3. None

4. Honey pot snippet class HoneypotWidget(forms.TextInput): is_hidden = True def __init__(self,

   attrs=None, html_comment=False, *args, **kwargs): self.html_comment = html_comment super(HoneypotWidget, self).__init__(attrs, *args, **kwargs) if not self.attrs.has_key('class'): self.attrs['style'] = 'display:none' def render(self, *args, **kwargs): value = super(HoneypotWidget, self).render(*args, **kwargs) if self.html_comment: value = '<!-- %s -->' % value return value class HoneypotField(forms.Field): widget = HoneypotWidget def clean(self, value): EMPTY_VALUES = (None, '') if self.initial in EMPTY_VALUES and value in EMPTY_VALUES or value == self.initial: return value raise forms.ValidationError('2+2')

5. Honey pots (cont'd) class MemberShipForm(forms.Form): name = forms.CharField(max_length=256, label=_("Your name"))

   email = forms.EmailField(label=_('Your e-mail')) email_repeat = HoneypotField()

6. Latest list from Stop Forum Spam (SFS): 81,905 IPs

7. Stop Forum Spam: We provide free access to our database

   of known forum and blog spammers. The database provides their email addresses, IP addresses, usernames, spamming frequency, and, in some cases, evidence of their spam.

8. Same as Akismet? Nope! Sorry - Due to abuse by

   certain people, we are currently limiting API signups to members of the forum. We are sorry that we have had to take this course of action.

9. # echo “iptables -A INPUT -s 1.2.3.4 -j DROP” >

   /var/blocked_sites.conf # iptables-restore < /var/blocked_sites.conf # reload ip-tables # Unblock IP address?? iptables?

10. <Directory "/var/www/html"> Order deny, allow Allow from all deny from

    219\.(7[6-7])\. deny from 218\.250\. deny from 218\.(10[2-3])\. deny from 211\.157\.(10[0-9]¦11[0-9]¦12[0-7])\. </Directory> <Directory "/var/www/html"> Include /var/tmp/blocked_ips.conf </Directory> Apache conf?

11. Django middleware? YES!

12. class StopForumSpamMiddleware(): def process_request(self, request): if sfs_settings.FORCE_ALL_REQUESTS: return self.check_request_ip(request) def

    compile_paths(path_list): paths = [] for path in path_list: if path.startswith("/"): paths.append(path) else: paths.append(reverse(path)) return paths if not request.method == 'POST': return if sfs_settings.ALL_POST_REQUESTS: if request.path in compile_paths(sfs_settings.URLS_IGNORE): return return self.check_request_ip(request) if request.path in compile_paths(sfs_settings.URLS_INCLUDE): return self.check_request_ip(request)

13. def check_request_ip(self, request): remote_ip = ipv6._unpack_ipv4(request.META['REMOTE_ADDR']) cache_entries = models.Cache.objects.filter(ip=remote_ip) if

    cache_entries.count() > 0: if sfs_settings.LOG_SPAM: log = models.Log(message = "Spam received from %s" % remote_ip) log.save() return render( request, 'stopforumspam/denied.html', {"cache_entries": cache_entries,}, Status=403 )

14. Installing django-stopforumspam $> pip install stopforumspam

15. settings.py MIDDLEWARE_CLASSES = ( 'django.middleware.common.CommonMiddleware', 'django.contrib.sessions.middleware.SessionMiddleware', 'django.middleware.csrf.CsrfViewMiddleware', 'django.contrib.auth.middleware.AuthenticationMiddleware', 'django.contrib.messages.middleware.MessageMiddleware', 'stopforumspam.middleware.StopForumSpamMiddleware',

    ) INSTALLED_APPS += ['stopforumspam']

16. $> python manage.py syncdb $> python manage.py sfsupdate

17. stopforumspam.com zip archives: you can MAX download 2 times a

    day Determined by IP. If you host many sites, use: wget -O /path/file.zip URL Site 1: manage.py sfsupdate Site 2: manage.py sfsupdate ... settings.SFS_SOURCE_ZIP = "file:///path/to/listed_ip_7.zip"

18. Cron job m h dom mon dow command 0 2

    * * * wget -O /tmp/listed_ip_7.zip \ http://www.stopforumspam.com/downloads/listed_ip_7.zip; \ python /var/vhost1/manage.py sfsupdate; \ python /var/vhost2/manage.py sfsupdate

19. Epilogue More deployment and testing This is not a replacement

    for Akismet Use honey pots and email confirmations Github: benjaoming [email protected] #djangocph