sh404SEF 4 Documentation

This page short URL: q6a

Anti-spam configuration

Preamble

sh404SEF can help you keeps spammers and attackers away through the use of the Project Honey Pot service. This is (free of charge) service that aims to trap and identify spammers IP addresses, then make them available to verify that requests to your site are not coming from known spammers.

sh404SEF can transparently and very quickly perform this check for you, after you've requested an access key with the project, as outlined below.

Getting a Project Honey pot access key

Though using the Project Honey Pot database is free of charge, you must get a access key to perform requests against it.

Project Honey Pot relies on volunteer setting up so-called "Honey pot" to "catch" spammers. If this is within your abilities, that's one very useful things to do.

Getting an access key is as simple as:

  1. Creating an account

  2. You'll then receive an activation e-mail with a link. Click on that link, you'll see this:

Creating an account with Project Honey Pot

  1. Fill-in the captcha test, and the next page will show your access key:

Getting an access key from Project Honey Pot

Configure and enable

Once you have obtained your Project Honey Pot access key, you can copy it into the corresponding field of the Security > Project Honey Pot tab of sh404SEF configuration. As soon as you'll set Use Prohect Honey Pot to Yes, sh404SEF will start to check all requests made to your site against the spammer IP database.

Enabling Project Honey Pot usage inside sh404SEF

The Project Honey Pot check is really quick, and very well cached - it uses the DNS system to handle queries, so it should not add any significant overhead to any but the most trafficked web sites.

Handling false positives

As with all anti-spam effort, some spammers will go through, as they've not been identified yet; and some non-spammers will be blocked by mistake. To handle the later case in the most friendly manner, sh404SEF will display a message to the blocked visitors, asking them to click on a specific link. If they do, they'll be granted access, and a cookie will let them go through without any further control.

To prevent spammer robots to simulate a click on that link, sh404SEF will also display another link, with a warning to not click it. Robots won't understand that warning and be will denied access definively.