TurnKey Linux Virtual Appliance Library

comment spam countermeasures (mollom, honeypots, hashcash, bad behavior)

The spam situation has recently gotten a bit out of hand and automated defenses have been giving in.

I've taken a close look at the problem and implemented a gauntlet of spam countermeasures that I'm hoping will give us back the upper hand for a while longer, without compromising on the user experience.

Previously, we only used mollom to filter out comments by anonymous users. This was easy to get around for two reasons:

The DDoS spam bot from hell (a suburb of China)

Happy new year everyone,

I'm back online to put out a fire. My inbox was full of alerts that the CPU on the server that runs the site was maxing out.

Well boys and girls, it turns out www.turnkeylinux.org has been under an escalating distributed denial of service attack that started about two weeks ago. To the best of my knowledge the site continued operating normally. We use a ton of caching. Did any of you notice a slowdown?

Time for a human readable privacy policy?

Up until now TurnKey hasn't had an explicit privacy policy, and that seemed ok because no one ever asked about it. But now that the latest release integrates TurnKey appliances more closely with the TurnKey Hub (e.g., TKLBAM, geo-ip auto apt mirror) and the Hub gets access to sensitive data as part of its normal operation, I felt it was about time we gave this some more thought.

On the other hand, even though we didn't have an explicit privacy policy before I do feel our adoption of the Ubuntu Code of Conduct gave us an implicity privacy policy by making it clear we respect our users and expect them to respect us, and each other, in return.

To put it bluntly, we don't need no stinking privacy policy to avoid breaking your trust. But sometimes it doesn't hurt to spell things out and dispell any doubts. For the record. Here's what I came up with...

Headless PHP Drupal script deletes spam zombie user accounts

For for the last few months automatic bots have been creating hundreds of zombie accounts per day on the TurnKey web site. I'm not sure why they bother. I assume it has something to do with spamming, but they never log in. Besides, spam almost never gets past our content filter (Mollom) and when it does we always nuke it. Zero tolerance.

Brains...

Meanwhile these zombie accounts are polluting my precious database, and that bothers me. Besides, call me prejudiced, but I just hate zombies. You're either alive or you're dead. Pick a side!