I updated to 1.2. Noticing a weird thing. I have a trackback going to the old post. It seems to go through fine. But when you check the individual post to look for the trackback, it doesn't show up. It doesn't show in the trackbacks tab either in the admin section.

darkmon, what do you mean by " I have a trackback going to the old post"? What old post? A ping from where to where?

So I'm writing a new post dated (today) and it's linking back to an older dated post on the same blog. Thus, you should see a trackback that shows on the "older post" linking to the "newer post".

Same blog, just two different posts. Unfortunately, on the new post, you see the ping go through, but it doesn't register on the trackback screen or the older individual post.

The rules aren't catching posts of the kind "(very) good / nice / cool" + "site," and I'm really not sure why. The plugin is working otherwise, as test comments with other words in the rules are properly blocked.

darkmon, now I understand. Strange that there was no error... I am not sure if I have tested this with "internal trackbacks" -- I will take a look.

Kate, the current rules in v1.2 should block all of the following, when a comment or trackback starts with:

good site. thank
good site. thanks
good site. thank you
nice site. thank
nice site. thanks
nice site. thank you
cool site. thank
cool site. thanks
cool site. thank you
very good site. thank
very good site. thanks
very good site. thank you
very nice site. thank
very nice site. thanks
very nice site. thank you
very cool site. thank
very cool site. thanks
very cool site. thank you

Note that each of the above includes 'thank' -- does the one(s) that got through have this. Admittedly, this rule does really neeed the 'thank' part, and I probably should remove it...

"good site. thank" gets through when it's the only thing in the comment; you can try it yourself on the link in the URL field.

Here's what spamw.php reads, minus the starting line:

if ($_SERVER['REQUEST_METHOD'] != "POST") { exit("must use POST"); }
$fields = $_REQUEST['author'] . ' ' . $_REQUEST['blog_name'] . ' ' . $_REQUEST['title'] . ' ' . $_REQUEST['url']. ' ' . $_REQUEST['email'];
$body = $_REQUEST['text'] . $_REQUEST['excerpt'];
$all = $fields . ' ' . $body;
if (!isset($_COOKIE['tk_commenter'])) {
[snip first rules]
if (preg_match('@^(very )?(good|nice|cool) site\. thank@i',$all)) { exit('Your comment has been blocked as spam; rephrase it or e-mail the administrator'); }

(Yes, I edited the rules to give a more lengthy response than "blocked.")

I can send you the whole file if you like.

Thanks very much--I really like this idea.

Thanks for the details, Kate. I tried it on you site, and it went through. Sorry for spamming you ;) I found a bug in the rules file and fixed it in v1.21. Use the download links above to grab the updated version. Thanks for pointing this out.

Thanks for looking into it so quickly! I really appreciate it.

Mark... any luck in seeing if internal trackbacks work? I'm still at a loss on my blog and I'm not sure any tbs are going through. It's a very strange thing happening.

When I trackback from post A to post B,
MT registers post A as a good ping and doesn't show any sign of a bad tb on the activity log. But the tb doesn't show up on post B, nor does it show up under the tb tracker.

darkmon, I just tested on my system and it worked okay.

Any chance your trackback was getting blocked by the firewall rules itself? If so, it wouldn't register as an error in MT. When the firewall blocks something, it doesn't send an error code back. In some ways this is a feature, as spambot will get the impression that the spam was successful, so they won't try again.

Is there any way to get a backlog or error log built in? Right now, there's not really any way to tell where it gets stopped in the actual feed or if spamfirewall blocked it. It just disappears which is pretty strange.

Well, one way to tell is to manually create a "trackback form". Similar to a comment form, but point it to SpamFW trackback URL, and then manually submit the following fields:

blog_name
title
url
excerpt

A bit of pain to test this way, but it came in handy when I was developing this plugin.

By the way, which entry on you site was "sending" the trackback? If you can provide a link, I might be able to guess if it might be tripping one of the firewall rules.

This is the link that the tb originated from:
http://life.firelace.com/2007/02/tjx_security_breach_could_be_b_1.html

Another idea is if you could run a whitelist for sites that spamfw will ignore. If that can be managed, then you would skip the rules if they existed from such site.

darkmoon, thanks for the link. Based on that, it seems unlikey that the trackback was blocked by the firewall -- it shouldn't have triggered any rules. Maybe it timed out, hard to tell for sure.

Your whitelist idea is a good one, though I am not sure if it would help in this case, as I think the problem lies elsewhere.

yeah.... I can't figure it out. Nothing has changed, and the trackbacks work fine from the original configuration. Only difference is the spamfw install.

Installed this on a friend's blog and get "premature end of script headers" errors in the server logs. Permissions are at 644 (also tried 755) on spamfw.php. Have double-checked installation and tag changes, rebuilt everything several times, etc.

Any thoughts? Got this running fine on my own blog, but can't get it to work on the friend's blog.

Gary,

Is the error on the spamfw.php file itself, or when the spam firewall script tries to post to the comment script. The different may not be immediately obvious, but it important. To test this, and easy way is to post a comment with a 'bad word' in the name field. (examples: the name of that blue pill, or the place where people go to gamble). If the firewall is working, you should get a "blocked" message.

Mark,
The error is on spamfw.php. Showed up during the rebuild (Movable Type), thus digging into the error logs to figure out why the server error page showed up.

I've got in uninstalled at the moment, but can reinstall if you have some ideas on things to try.

Thanks,
Gary
BTW, on the various messages i've posted here, I've never received an email notification of new posts, even though I've checked "subscribe to this comment" each time! Just FYI.

Gary,

Thanks for the detail. If I understand you correctly, you get the 500 error when inside the MT admin area while trying to rebuild the spam firewall template. This is much different than getting the error on the spamfw.php itself. In this case, it is the MT admin script that is triggering the error during the rebuild.

Since you mention that you tried change permissions of the spamfw.php file itself, this suggests that the rebuild of the template was successful (otherwise the file wouldn't get built and wouldn't exist). As such I am confused.

What version of MT? What version of perl? When you get the internal server error, does it happen right away, or does it take a while before showing the error? Have you tried submitting a comment to the firewall (if so, does it work)?

Ps. I know about that "email subscription" problem. I have used that feature in a long time, and I need to remove the checkbox. My bad. Sorry for the confusion.

Mark,

Let me reinstall this and run some tests, noting exactly what happens and when. I'll get back to you with those details. I've been preoccupied with other stuff, and I admit I'm fuzzy on the exact steps to the error!

Back to you soon.

This sounded like a good idea, but the two times I've tried using Spam Firewall, commenting ceases to work. After logging in to Typekey, I try leaving a test comment, and I get the "Comment Error" page telling me I need to be registered to leave a comment. After changing the plugin template codes back to the MT commenting script, I'm able to leave the comment.

I have MT 3.34 with the commenting on FastCGI and my blog on a subdomain, if that helps.

Hi Curtis, sorry for delayed response. When you say "my blog on a subdomain", do you mean that your blog is on a different subdomain than the MT application? If so, this could be causing the issue.

That particular case is currently a limitation. The PHP firewall script has access to the cookies on blog domain but not on the MT domain. So when the blog domain is different that the MT domain, there's no easy way to pass those TypeKey cookies across. One way to work around is to build the Spam Firewall template as you normally would, and then manually move (or copy) the built PHP file over to a location on the MT domain. Then, update the comment form on your Individual Archive template to point to the new location of of the firewall script.

Mark, in dynamic templates the following error message appears: "Smarty error: [in mt:100 line 73]: syntax error: unrecognized tag 'MTFirewallCommentScript' (Smarty_Compiler.class.php, line 580)"

Mark,

I've tried your suggestions, but I'm still not getting this to work properly for comments.

I have MT set up under cgi-bin on one domain, http://phaticcommunion.com, and a blog on that domain. I have another blog on a subdomain, http://fifthgeneration.phaticcommunion.com. The second blog (where I spend 90% of my time blogging) is causing the problem.

I copied the script file that was created under the subdomain to phaticcommunion.com and pointed the commenting script there. When I did, regular commenting on the subdomain's blog worked, but when I tested out a blocked comment, it also published.

Then, I pointed the commenting form to http://fifthgeneration.phaticcommunion.com/[script], and a test spam comment caused a page to load that said, "blocked!", but a real comment received the error I mentioned before ("Registration required").

Hi Mark,

On one of my blogs a person tried to leave a legitimate trackback and was met with the text "must use POST". I think that person is using Blogger, which I remember didn't have the ability to send trackbacks on its own but needed third party support for that. Is there a way to accept these kinds of trackbacks?

FYI - I'm running MT3.34 with Spam Firewall 1.2.

Thanks!

roderick,

The spam firewall script does require that TBs be sentt via an HTTP POST. This requirement is also true for the built-in TB script. As such, the problem seems to lie with Blogger, or 3rd party solution they are using, that is using a GET instead of a POST. This requirement is important to protect against server load, and even more spam attempts.

Has anyone tried this with MT4.0?

I am currently running the beta and before attempting to use it wanted to make sure it was going to work. I guess there's nothing else to do but try it.

Hi Richard,

I haven't tested Spam Firewall with MT4 yet, so I am not sure whether it will work, or whether it will require an update to work with MT4. I will definitely be updating (if necessary) for the final release of MT4.

Is there a way to use this to require people to fill in the "name" field? I don't see that option in MT natively, and it would be a very simple way of bouncing a lot of spam for me.

Thanks.

Just curious... does this work with MT4 yet? I haven't updated my blog yet due to the template changes for spamfirewall, and wasn't sure if anyone had tested it on MT4 yet. Hopefully it's an easy upgrade without too much hassle.

Hiya

I thought I'd give this plugin a try in Movable Type 4, having never used it before.

Unfortunately I have hit a problem from the word go. Everything is installed but when I try passing a comment through the PHP page, what I get presented with is a 404 for my comment script.

The script is there - no problem with that. However I just can't get to it :(