All geek questions in one place

Spam Prevention Rails

What is the current state of affairs on rails to prevent spam accounts? Security code? Any good plugins, tutorials or suggestions?

+4
source share
6 answers

Edit:

BranBuster seems to be dead (this was many years ago). But I really like: https://github.com/matthutchinson/acts_as_textcaptcha

I am a big fan of the rails plugin called BrainBuster. This is a logically based CAPTCHA, which I think is preferable to the “type of these words”, because sometimes it’s annoying to decipher the words ... Just look at “What is 10 minus 3?”? and come up with an answer. YMMV:

https://github.com/rsanheim/brain_buster

+1
source

Use the library . You (almost) always assign code from people who are better suited to the subdomain than you. The Akismet Wordpress guys forgot more about blog spam than I know, and for a while I was an anti-spam researcher by email. You might be interested in the Rails integration plugin for Akismet .

Protection in variety . Spam is a bizarre problem because the more popular a countermeasure becomes, the worse it gets. As such, especially for low-profile sites, you can get shockingly good results by encoding simple one-time triplets. I will not give you the code to copy / paste because it defeats the excercise goal: to have countermeasures that are globally unique.

One simple example is a hidden form element that starts as some randomized line and which is set by a known Javascript code value. Then you give up everything that does not matter well. This blocks clients who do not implement Javascript, which includes the vast majority of spam scripts. Of course, there are problems, as some legitimate clients also block Javascript - but really, if you use Rails, I assume that you think cookies are enabled and Javascript is working.

+6
source

I also recommend ReCAPTCHA because it is a highly reliable service that you do not need to manage, and because it serves two common products - the OCR tasks described by the ReCAPTCHA team, and the progress in educating people how captchas work, which reduces failure rates.

+3
source

There is a re-captcha plugin if you want to use captch to confirm that only a person can register or add content: http://ambethia.com/recaptcha/files/README_rdoc.html

+1
source

Spam is honest. It doesn't matter what you run behind the scenes.

So by extension, what works well in Rails are the same things that work for PHP, ASPNET, etc. Check out Akismet and the various karma bot controls in question.

For some, there are existing ruby ​​ports, but you may have to rewrite several tasks.

0
source

You can use Captchas to create an account. I personally don’t really like them, and I don’t think they are effective. But if you use them, I highly recommend that you use the service, rather than trying to hack it. Re-captcha comes to mind. Not sure if there are shells for Ruby or Rails.

However, to prevent spam content, I highly recommend Defensio (disclaimer: I worked there in the past). It uses modern spam filtering techniques, such as those used for email, such as Bayesian filtering. There are plugins for many blog platforms, including Mephisto (with Rails). The API is simple, and you can look in several places to get working examples of how to use it with Ruby.

0
source

Source: https://habr.com/ru/post/1276925/

More articles:


All Articles