May 24, 2006

log spam

I deleted about 250 comment spams from today. I also added terms like "blackjack", "casino", and "roulette" to the blacklist. The system blocks comments that contain any of those patterns. While it's possible that it could block some legitimate comments, real people will just see an error message and can try posting again without the URL.

Anyone with a log account can add to the blacklist and prune spam from their log using mt-blacklist.cgi. MT-Blacklist is no longer supported, but we haven't bothered upgrading to a newer version of MovableType that includes better anti-spam features. If we're going to upgrade, it would be nice to find something that supports LDAP properly.

We also automatically turn off comments for old posts as a way to reduce comment spam. That seems to help a lot.

Incidentally, if you have a log account and want to show a list of recent comments, check the wiki page.

Posted by tim at 08:55 PM | Comments (0)

May 05, 2006

Wiki, now with LDAP

The Antiflux Wiki now uses LDAP for authentication, which means you must log in using your okcomputer username and password (i.e., whatever you use for SSH or mail).

For security, you should always log in over https.

Posted by evan at 02:40 PM | Comments (1)

May 04, 2006

LDAP authentication

As of last night, we are now using LDAP for authentication, as opposed to local password files.

If you have problems logging in, please e-mail root.

Update: We have discovered that SSH clients that use Password as their authentication mode, as opposed to Keyboard-Interactive, may have problems. This problem is more common among older, SSH version 1 clients, but it may also affect people using Putty or SecureCRT and SSHv2. If you are using Putty or SecureCRT, check your settings and make sure you are using SSH version 2 and Keyboard-Interactive authentication.

We have upgraded the Java SSH client, which now uses SSHv2 and Keyboard-Interactive authentication.

We may disable SSHv1 in the near future, so it would be a good idea to change your settings and/or upgrade your SSH client to one that supports this version of SSH.

Posted by evan at 12:17 PM | Comments (0)