Problem/Motivation

On my site I have a huge amount of spammers trying to post spam comments -- last week, > 40000 within a couple days. AYAH works extremely well at blocking this spam -- however, it also has resulted in very high server load, with generally 3 - 4 active connections attempting (and failing) to post comments.

Proposed resolution

I am deploying fail2ban to block all sorts of badly behaved users. To get information from Ayah, I need Ayah to log whenever there is a system failure.

Remaining tasks

(patch provided)

User interface changes

Ayah will add a log message whenever a user fails to complete a game.

API changes

Add a Watchdog log message.

CommentFileSizeAuthor
#4 ayah-add-logging-options-2313531-4.patch2.62 KBtomgeekery

Comments

freelock’s picture

freelock
Location Seattle
commented
Status: Active » Needs review

Proposed patch:

diff --git a/ayah/ayah.module b/ayah/ayah.module
index 96398e1..7a86056 100755
--- a/ayah/ayah.module
+++ b/ayah/ayah.module
@@ -204,6 +204,7 @@ function ayah_validate($element, &$form_state) {
   if (!$is_a_human) {
     // Wrong answer, set form error.
     form_set_error('ayah_response', t("You did not pass the game."));
+    watchdog('ayah', "Failed ayah game.");
   }
 }

... with this patch, here's a Fail2ban regex that will catch it:

failregex = \|ayah\|\|.*\|Failed ayah game\.$

tomgeekery’s picture

tomgeekery commented
Assigned: Unassigned » tomgeekery

Great, thanks for this. This seems like a good idea to me. I will probably add an option in the admin settings to enable or disable this in case people don't want the failures to be logged.

I'll get a patch going as soon as I have some free time.

freelock’s picture

freelock
Location Seattle
commented

Hi,

Thanks for considering!

If you'd like to make this an optional setting, I think I would suggest instead of doing that, provide a setting for the watchdog severity level: https://api.drupal.org/api/drupal/includes!bootstrap.inc/function/watchd... ... Seems to me that logging success and failure is very worthwhile, but I can see where people might want to elevate failures to WATCHDOG_WARNING or WATCHDOG_ERROR instead of the default WATCHDOG_NOTICE... and make successes WATCHDOG_INFO or WATCHDOG_DEBUG.

I'm a big fan of instrumentation, especially when there's something like this happening. False positives of a CAPTCHA can be maddening to track down, so to me it's especially important to log whenever something like this blocks a post.

Cheers,
John

tomgeekery’s picture

tomgeekery commented
StatusFileSize
new ayah-add-logging-options-2313531-4.patch2.62 KB

Attaching a patch here.

I agree that logging success and failure is very worthwhile, but I still wanted to give users the choice to turn it on or off. Per your suggestion I added some select lists for picking the severity of the log message.

Thanks again for the request. Let's hope the bot likes the patch!