I like this concept.

For me, I would like to add this to my arsenal to help reduce the CPU load of large floods of spam. I have many junk items, and I think it would be overkill to list all of those IPs in my .htaccess. This is the feature that I would lile to see: “Ban address if there are x number of junk items within the past y number of hours”. Essentially, the plugin would only scan the past y hours for junk items, and base the ban list on only those items within that time frame. For me, at least, this would go a long way to reduce the “same IP floods”, while at the same time keeping the ban list short. Thoughts?

Hmmm. I will think about that. The original concept was that you would tune your junk retention period to achieve that end. Based on discussions with staff at webhosting companies, I was under the impression that even thousands of entries in a .htaccess file was no big deal.

On the other hand, that shouldn’t be too hard to implement.

In terms of load, I an not an expert. However, my concern is more on the plugin side, not the .htaccess side. Every time an items gets junked, the plugin would be pulling thousands of records out of the database to recreate the .htaccess file. It is the CPU that the plugin would consume that is my concern. Again, I am not an expert when it comes to CPU load, but I know that spam floods creash my server regularly, so I am wary about something that adds more CPU load to the process. Consider one of those heavy attacks using many proxy IPs — with some many different IPs, the plugin might not slow down such an attack, but with every junked item, the plugin consumes processor power to build the list.

On a side note, I like to keep a lot of junk in system. In terms of new way to prevent spam, it can be a useful database to analyze. ;)

I haven’t noticed a problem in that area, even with as many as 12000 junk objects. As I write, one of my weblogs is under a junk flood attack (>100 / hour) with ~8000 junk objects. The server load is 0.5, which is lower than normal. On the other hand, the error log is filled with “Access Denied” messages, which if they had gone through to the trackback script, would most likely have pushed the load average much higher.

In addition, does file locking so that if one update is still running when another object gets junked, the second update is skipped. This means that the updates can’t push the load average more than about 1 higher, even under massive attack.

Looks fairly slick. I notice that a lot of my spammers are being junked because they exist in the spamlookup blacklist database. Is there any possiblity that we could modify the script to ban those guys IP address premtively??

No. Blitzed does not provide their blacklists as a matter of policy and spamlookup.net has no information at all.

Even if that data were available, downloading the list on a regular basis would either make too expensive to work, or would require a significant structural change.

Interesting on the load info. My server can easily handle over 100 per hour, I am not worries about that. My concern is when the spammers get closer to 100 per minute. This is what kills my server. When this happens, my load will quickly spike, within a 5 minute period, to over 100, caused the server to be effectively unresponsive. I have over 27,000 entries on my system, each one is target for spammers. So when it rains, it pours. Combined with this I have fairly high traffic, with over 150,000 page views per day. So when things slow down, requests start piling up, the problem cascades very, very quickly. The more I think about, I really need to add a good throttling tool, and one that uses .htaccess or iptables.

The biggest weblog I maintain has ~6000 entries. I think the highest rate I’ve seen is 10-20 / minute.

You might want to check out the MT 3.2 Patch: Trackback By Name mod and then use mod_rewrite to deny numeric based trackback requests. That would make much more difficult for the junkers to flood you, since they could no longer just guess numbers.

I will look in to putting the time limit in, although I can’t guarantee a delivery date :-).

Haha. Turns out that there is no simple DB query you can do to get the set of comments (junk or not) made within the last N minutes. This is because the timestamp on each comment is stored with the weblog timezone offset added. Therefore if you have two weblogs with different timezones, comments made at the same time will have different timestamps (differing by the difference of the timezones). What a mess — having done some timezone related work myself, I can say that anything other than storing in UTC and adjusting as needed is a Bad Idea.

However, I am working on another plugin and I actually need this functionality. Maybe. I can think of at least two possible implementations, I will have to see if it’s worth the cost (because the logic would need to load every weblog object from the DB regardless, in order to extract the TZ setting).

Perhaps a simple workaround would to opt for a “last_n” setup. Instead of using time as the limiting factor, using “the most recent ____ items” would achieve the same goals (blocking recent junk IPs, while keep the ban list short). Of course, each site is different and junk comes in fits and starts, not very predictable. But I think that setting this to “last 100 junk comments or trackbacks” would provide a strong anti-throttling tool. Being able to specify a recent timeframe would be nice, but I don’t think it is critical.

I will think about the lastn option, but I’m not sure it’s useful enough to clutter the interface with it.

In the mean time, as you can see, I have added the time limit option.

What about AOL proxy servers? Can they be excluded? It would sort of suck to make yourself invisible to 10M+ readers by banning the proxy servers they all go through.

Yes. AutoBan lets you keep other content in the .htaccess file precisely for this reason. You can whitelist specific IP addresses so that the AutoBan banning has no effect. I have added some text to be clearer about this point.

It was also a perception problem on my part. As delivered the plugin writes it’s .htaccess file to the MT directory. This blocks access to the comment, trackback, and search scripts, but not the blogs web pages.

Yes, that was another deliberate design decision. It blocks incoming junk while blocking the minimal number of other services. It occurs to me now that you could set things up so that access to mt.cgi wasn’t blocked even if your IP address was AutoBanned by putting the comment / trackback scripts and .htaccess file in a subdirectory. It’s probably easier to whitelist yourself.

Thanks for doing this and making it available! I’ve tried it for a few days and it’s working well, according to my server’s error.log. I’m impressed with the simplicity of both the idea and the implementation.

I’m trying to use the tags in a page to keep an eye on things:
MTAutoban:
Objects:< $ MTAutoBanObjectCount$>
Unique: < $ MTAutoBanUniqueCount$>
Banned: < $ MTAutoBanBannedCount$>
Last Update: < $ MTAutoBanLastUpdated$>
Threshold: < $ MTAutoBanThreshold$>
(there shouldn’t be spaces between the < and the $, but your Wiki code didn’t like it if I left them out)

I put them into the page, but when I try to rebuild it, I get: Can’t locate object method “load” via package “MT::PluginData” at /home/virtual/site51/fst/var/www/cgi-bin/mt/plugins//autoban-lib.pm line 236.

I’m not as familiar with Perl as I could be, so I’m a little lost as to what’s happening here. Any help you can provide would be appreciated.

adam

OK, that looks like a bug that’s masked on my installs by other plugins. For a quick fix, edit autoban-lib.pm, subroutine obtain_stats, around line 234. Immediately after the line

sub obtain_stats {

add the line

require MT::PluginData;

I’ll try to get a patched version out in the next day or two.

UPDATE: New version 1.1.3 with fix available 8 Jul 06.

Have you tried this with MT 3.3? Any issues?

I’m assuming it’s MT 3.3 safe…

It should be OK, but I haven’t tested it yet. I will try to do that in the near future.

is working for me using MT 3.31.

I’ve been installing and running this nice script on my 3.3x blog since this morning, with no apparent side effects so far. I’m using the tags to display a little info about comments junked and IP’s blocked on the main page, but it all needs a little tweaking.

I’m not yet certain that once blocked IP’s are also removed from the .htaccess file afterwards, but I suppose time will tell.

I think Autoban over loads CPU, as we have so many junk comments /trackbacks and constantly hit by trackback and comments. To process all this causing Autoban cpu overload ?. How to disable autoban, should i remove the autoban plugin directory or should I kill any process. Please let me know.

Thanks Prakash

To remove AutoBan, simply remove the plugin directory.

I think it unlikely that AutoBan is the cause of the CPU overload. The plugin takes care to only do one update at a time, even if multiple instances of the trackback or comment script is running (although this can cause other problems, in that multiple junk objects can arrive from the same source if they start the feedback script before the one updating process finishes updating the access file — I decided that was a lesser problem than not limiting the CPU consumption of the plugin).

I have running under FastCGI with MT version 3.35. Occasionally the .htaccess file is wiped out and I and everyone else is locked out, until I can restore the htaccess. I’m assuming this is a problem with FastCGI, perhaps a timeout error when is writing to the file? Is there anything I can do to safeguard against this?

Installed this morning trying to take care of one pesky trackback spammer (IP Address: 81.95.146.227 for those keeping score at home.) It gets past the filters and although not published, sits in the “to be approved folder” and I get the requisite email to approve a trackback.

After installing and changing the frequency to “1” I have moved this to the junk folder now up to five times and deleted. Keeps coming back for more. Same IP. Same junk pings.

Is there a log I can access to see the list of those that have been banned by AutoBann as I’d like to know if I am actually putting a dent in these spammers and the plug in is working. Especially this goof at IP Address: 81.95.146.227.

Any advice would be welcome.

Perry/Chicago
The Best Radio You Have Never Heard Podcast
www.bestradiopodcast.com

Any thoughts on making a version of this available for MT4.

Oh yes, I have thoughts about it :-).

I followed the MT4 roll-out, but frankly it doesn’t do much for me. I suppose I will eventually upgrade, but it might not be until 4.1 or 4.2, as it’s going to be a lot of work to carry all of my customizations over, which means lots of pain for little gain.

I will try to push on this, as I realize that unlike my other plugins, other people actually use this one.

OK, new version (1.2.4) which in basic testing seems to work with MT 3 and MT 4.

First off, have been using the plugin for quite a while and love it, but am having an issue with it and a new server I’m working with.

First off, I’m having perl issues with this server to the point where I had to hard-code the config path into mt.cgi and various other mt-*.cgi files, but that got everything working fine. However, AutoBan is the one plugin I can’t seem to get working still.

It is constantly writing errors like this to the activity log:

AutoBan died with: Can’t locate /plugins/AutoBan/autoban-lib.pm in @INC (@INC contains: /home/username/public_html/cgi-bin/mt/plugins/spamlookup/lib /home/username/public_html/cgi-bin/mt/plugins/Akismet/lib /extlib lib /usr/lib/perl5/5.8.8/i686-linux /usr/l

For giggles, I created a “lib” folder in the AutoBan folder and put the .pm files in there, and it slightly changed the error:

AutoBan died with: Can’t locate /plugins/AutoBan/autoban-lib.pm in @INC (@INC contains: /home/username/public_html/cgi-bin/mt/plugins/spamlookup/lib /home/username/public_html/cgi-bin/mt/plugins/Akismet/lib /home/username/public_html/cgi-bin/mt/plugins/AutoB

So I tried moving the *.pm files to the server’s main lib folder, still didn’t help.

This is CentOS 5, Perl 5.8.8, and perl wizard I’m not, but I have a near equivalent setup with Cent OS 4.5 that works fine (this is a MT 3.33 install that I’ll be upgrading to MT 3.35 shortly, tried with both Autoban 1.2.3 and 1.2.4). Is there anyway I can hard-code into autoban.pl where to look for those lib files so I can at least get it working until I figure out why Perl is being weird?

OK, that comment above got filtered a bit, deleting all “A u t o B a n” (case sensitive, w/out the spaces) references, but hopefully you get the idea.

You can tweak line 96 in autoban.pl, which should read

$LIB = File::Spec->catdir(MT->instance->mt_dir, $plugin->envelope, 'autoban-lib.pm');

Change that to the absolute path, e.g.

$LIB = '/usr/home/jack/cgi-bin/mt/plugins/AutoBan/autoban-lib.pm';

The logic uses the MT instance to get the config path, so I suspect your AutoBan problem has the same root cause as your other issues.

P.S. I fixed your original comment. It was hosed by a Webiki bug that I need to fix. It tries to convert AutoBan in a link, but it excludes the current post from the target list (because you want it to link to other posts) so you end up with nothing and it’s effectively elided. I think I’ll change it so that if there are no matches, it leaves the word alone rather than replacing it with an empty list of links.

Thanks for this plugin. I would like to make the suggestion though that when a ban occurs, have it recorded in the activity log. That way 1) the admin can see what is occurring and 2) they can double check to make sure the ban isn’t being applied against an actual visitor.

Best regards, -drmike

Greets again. I’ve got a pair of questions. I don’t see any place to contact you or a support forum so I’ll post it here. Hope you don’t mind. Ever since I’ve installed this plugin, I’ve not been able to edit trackbacks that have been labeled as spam. (I’m pulling them up to look at IP addresses.) The error I’ve been getting is:

Undefined subroutine &MT::CMS::TrackBack::build_junk_table called at lib/MT/CMS/TrackBack.pm line 82.

I’m currently using MT4.15b4b-en. Pulling up accepted trackbacks are fine.

Also whenever I go into the System Overview -> Plugins -> 1.2.4 -> Settings, it appears to reset the listings of caught IP addresses.

I gather I’m missing something here.

Thanks, -drmike

I figured out the issue that I was having. After deleting the Marked as Spam trackbacks, the IP addresses get removed from the htaccess file. Not sure if that’s intended.

Thanks, -drmike