six demon bag

Wind, fire, all that kind of thing!


Registration Blocker 1.6.0 released

There are some recurring patterns spammers use for their e-mail addresses, so I added a regular expression filter to the Registration Blocker plugin for Question2Answer.

Download: Version 1.6.0

Posted 13:53 [permalink]


Registration Blocker 1.5.0 released

Due to popular demand I added an option to whitelist domains instead of the default blacklist mode to the Registration Blocker plugin for Question2Answer. Enjoy.

Download: Version 1.5.0

Posted 14:12 [permalink]


Registration Blocker 1.4.0 released

A short while ago I forked the Registration Blocker plugin for Question2Answer, since it apparently has been abandoned by the original developer, and I needed some additional features.

Today I'm releasing my updated version of the plugin, which adds the following features:

See more ...

Posted 20:10 [permalink]


Content Security Policy for Question2Answer

The trickiest part of setting up my Q&A site (running on Question2Answer) was getting the content security policy right. I started with this basic policy:

default-src 'self';
script-src 'self';
style-src 'self';
img-src *;
object-src: 'none';
form-action: 'self';
frame-ancestors: 'self';

but quickly realized that it prevented some page elements from showing.

See more ...

Posted 13:16 [permalink]


Backscatter protection

What is backscatter?

When mail servers accept mail and later discover that for some reason they are unable to actually deliver it, RFC 821 specifies that a Non-Delivery Notification (NDN, also known as "bounce") must be sent to the originator of the mail.

However, the "From" address can be spoofed most easily, so there is no guarantee whatsoever that the mail actually originated from that address. In case of a spoofed address, the NDN will be sent to someone who hadn't sent the original mail to begin with. These bounces going back to someone else but the original sender are called "backscatter".

Why is that a problem?

Because spammers tend to send their bulk e-mails to anything that looks even remotely like an e-mail address, the "To" addresses usually include lots of invalid addresses. Therefore spam-runs can cause massive waves of backscatter flooding the mailboxes of those people whose addresses were spoofed in the "From" field. However, it's not sensible to simply block all incoming bounces, because there are legitimate bounces as well.

See more ...

Posted 22:41 [permalink]