Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
see #1239762: make greylisting level configurable
I specifically would like to be able to switch blacklisting off.
Comments
Comment #1
bryrock CreditAttribution: bryrock commentedI'm thinking this could be accomplished by making blacklisting configurable in a similar manner as was done for greylisting, and allowing the numeric range for the threat level to be set to 100 for blacklisting, as that is the upper limit of threat levels. Thus, no blacklisting would occur.
Make sense?
Comment #2
killes@www.drop.org CreditAttribution: killes@www.drop.org commentedYes, that makes sense, but are you sure that 100 is actually the maximum? I was thinking the range was 0-255.
Comment #3
bryrock CreditAttribution: bryrock commentedYou are correct. Top range is 255. Project Honeypot advises that scores over 200 are extremely unlikely, and, personally, I don't think I've ever seen anything in logs over 100.
Comment #4
Dane Powell CreditAttribution: Dane Powell commentedsub... a lot of spammers are getting greylisted and whitelisting themselves. Would like to be able to easily adjust the blacklist level to block them. Also, is there a way to see in the logs what a grey/blacklisted IP scored?
Comment #5
bryrock CreditAttribution: bryrock commentedThis seems somewhat unlikely to me. How did you reach the conclusion that actual spammers are whitelisting themselves? Keep in mind that there are some rogue computers out there that are owned by innocent people. Also, there are some who, through no fault of their own, have inherited IP addresses that have tarnished reputations. The whitelisting capability is there for those actual humans. The typical IPs found in Project Honeypot are often spiders, web-bots, etc., that are too dumb to whitelist themselves.
Yes, there is. The log shows the return code from Project Honeypot, and the threat level is in the third set of numbers (from the left).
Here's an example, just caught today: 110.159.138.151 was greylisted (127.1.14.5)
The threat level is "14"
The same log entry will have a link in it to Project Honeypot. The link says "IP data" and, for the one above, goes to http://www.projecthoneypot.org/search_ip.php?ip=110.159.138.151 where you can verify the threat level.
Comment #6
bryrock CreditAttribution: bryrock commentedAn addendum to the above: There are also spammer out there that are brand new, and are not yet present in Project Honeypot, thus no known threat level. They will get through, but they might also find any honeypots on your site, and effectively turn themselves in.
Comment #7
Dane Powell CreditAttribution: Dane Powell commentedSorry, I guess you are right- the IPs don't seem to go on to do anything malicious. I think I was just interpreting the data incorrectly.
Comment #8
bryrock CreditAttribution: bryrock commentedThis has just been committed to 6.x-2.x-dev (but wait for the updated roll-out).
After review I will also add the feature to 7x version, and update release candidates for both 6 & 7.
Comment #9
Michael-IDA CreditAttribution: Michael-IDA commentedWanted something similar as well. Here's the relevent bits from my modified .module file. The immediately blacklisting comment spammers is the most useful change. Changing the blacklist threashold, not so much.
I'd have used a .diff, but there's too much other junk I'm playing with in the file atm.
Bryan,
Shoot me an email if you're still around. We'll consider taking over this module as we have sites from D5-D7 that will need it (Mollon being the site killer it is), and there are several items that still need to be added to http:BL (permissions?!).
Best,
Sam
Comment #10
bryrock CreditAttribution: bryrock commentedOk, unless I'm mistaken, you're actually using this request for an entirely different feature request. Normally I'd ask you to submit it as a separate request, but to be honest, I'm not really entertaining new features at this time, particularly for D6. I tend to agree with you about the need for blacklist threshold control, but I did it as a request from d.o.
Comment #11
bryrock CreditAttribution: bryrock commentedAs this feature has been sitting in the queue for a year now, as "needs review", I'm going to go ahead and roll it into a new rc.