Posted on 02-Jan-2002 22:39 GMT by Christian Kemp | 174 comments View flat View list |
Today, I tracked over one hundred attempts of abuse on ANN. I've been working on the filters and editing mechanisms for over four hours. Maintaining ANN is turning into real work, and all I see are tasks that I despise. This one individual, and the general attitude on ANN lately, is alienating visitors and making this site a horrible place to be. Most of what I see is insults and blind advocacy... I'm tired... And I can just see the negative comments again, in reply to me posting this...
|
|
List of all comments to this article |
MOTD 02/01/2002 : Comment 82 of 174 | ANN.lu |
Posted by Dave on 03-Jan-2002 10:11 GMT | In reply to Comment 80 (Christian Kemp): Its not easy. The problem is that the page is served over an active HTTP connection initiated by the client ( nominally on the IP address passed to the cgi script in the CGI environment variables ). To "validate" the page by serving it back to the IP address ( rather than just through the active socket which could have a spoofed address in it ) a socket connection would have to be opened back by the web server to the client. This would require the client running a server listening on a previously agreed port.
The transaction would look something like this:
Client makes http request on http://www.ann.lu:80, this opens a socket connection to that port on the web server, this socket remains active for the lifetime of the http transaction.
The web server spawns a cgi script/application which serves some HTML content back to the client back down the already active socket connection.
This CGI script/application COULD try to authenticate the IP address, but by what means? It certainly could not serve an html page to that IP address without opening a socket to it - and that socket could not be opened without ( this could be that the original socket gets an HTTP redirect to the clients ip address, port 80 but what content could be served there??? How would ANN send it the page? ) a daemon process running an accept on the initiating client.
Unless it is possible to run authentication of the client during the CGI processing ( Im not sure the CGI information itself is sufficient ) then this is a non starter.
Simplest way to code would be to send an email to the Email section of the comment form together with a unique URL in its content that has to be clicked on to confirm each comment before it will appear. Problem is that the easy way to increase the workload for any potential tracking is to use a webmail service address. Then you also need to protect yourself and others from spamming in this way - whats to stop them using your email address so you get several thousand emails requesting confirmation.
Unless you can authenticate by processing the IP header ( and thats not foolproof ) then its not worth even starting to do.
The answer is to look at IRC for an example. Appoint moderators that commit to look at the pages every 15 minutes over a shift who can delete or edit comments and topics. Problem is this starts to become a "power" thing, those with moderator privs supporting their own agenda and forming a clique.
The other thing of course is using cookies to support killfiles. The server would hold the killfile associated with the unique id stored in the client cookie and the client could add ip addresses and regular expressions to the killfile. Thus, any comments/posts matching that regular expression do not get shown.
This does not help the casual browser of course that stumbles across ANN and finds a collection of rabid hallucinating juvenile dribble that the rest of us never see. So I would recommend doing both and watching the watchers very carefully.
Dave. |
|
List of all comments to this article (continued) |
|
- User Menu
-
- About ANN archives
- The ANN archives is powered by #AmigaZeux. It was updated daily (news last: 22-Oct-2004; comments last: 18-May-2005).
ANN.lu was created, previously owned and maintained by Christian Kemp, www.ckemp.com.
- Contribute
- Not possible at this time!
- Search ANN archives
- Advanced search
- Hosting
- ANN.lu was hosted by Dreamhost. Sign up through this link, mention "ckemp" as referrer and he will get a 10% commission on any account you purchase.
Please show your appreciation for any past, present and future work on ANN.lu by making a contribution via PayPal.
|