Reputation: 21015
Django app spam prevention
we have a Django web application running on Ubuntu/Apache. Lately, we've had a lot of issues with high volume spamming (comments, registrations, user contributed content, etc.).
We have CSRF security in place, but am wondering what steps others have taken to curb this (ip table restrictions, Apache modules, captchas, etc)?
Upvotes: 4
Views: 5784
Answers (4)
Reputation: 21116
In addition to what other posters already written, you can use akismet or mollom services. For both exist Python libraries on pypi, respectively akismet and PyMollom. You can see how they get integrated in a Django project here (akismet example) and here (mollom example).
If you instead don't want to rely on external services consider to use a captcha application for Django. Personally I used Django Simple Captcha and was happy with it, it's very customizable and easy to install. It also supports audio captcha. This bitbucket repo contains a simple Django project showing how to captcha protect a classic contact form using Django Simple Captcha.
Also I'm not sure that resorting to IP tables is the best way to prevent spam on your site, at least if you don't have to block usually annoying IP addresses.
Upvotes: 3
Reputation: 34583
You might have a look at django-simple-math-captcha as an alternative to a text-based captcha. It's very simple to integrate and doesn't rely on any 3rd party systems.
Upvotes: 1
Reputation: 55972
I believe these issues are at the root design issues. Having a clear policy of who is allowed to post can annonymous users post. Perhaps only allow registered users to post. Or have a set of permissions regarding who is allowed to post where.
Captchas are extremely easy way to weed out spamming. http://www.google.com/recaptcha Recaptcha literally only takes a couple minutes to integrate, and is extremely effective.
Upvotes: 0
Reputation: 77339
Django CSRF protection is meant to protect your forms from cross-site request forgery, not from SPAM.
CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart) will protect you from automated SPAM.
For human generated SPAM you can use a moderation system.
Upvotes: 3
Related Questions
- How to protect Malicious attack on django website
- How do I block people from intentionally re-submitting a form?
- Django: Use htaccess to protect django app
- Django to respond to only specific apps
- Leanest way to prevent scripted abuse of a web app?
- Securing Apache with Django authentication
- Automatic spam filtering or flagging for Django or Python?
- Spam proof hit counter in Django
- Spam Filtering Forms Without Akismet
- Spambots are cluttering my log file [Django]