Servlet Web Hosting - MySQL, Java, JSP, Servlet, Tomcat, SSH Blog

144 CHAPTER 4 ADDING CONTRIBUTED MODULES The Check option checks the table (and its indexes) for errors and integrity. The Repair option attempts to fix errors found with check. See the MySQL documentation (http://dev.mysql.com/doc/mysql/en/repair-table.html) for details. The Backup option saves one or more tables in the form of a SQL dump to a file that you specify. The Empty option deletes all data from the table. The Drop option removes the table from the database. Running Queries and Scripts The dba module facilitates querying the database through SQL that you enter directly into the web browser or by using a file stored on your local machine. Using SQL that you type directly into the browser is a convenient way to run custom queries if you are familiar and comfortable with using SQL. To do this, select administer . database and click the Query tab (admin/ database/query). You can also run scripts from files, which is an excellent tool for adding database definitions for modules that you are installing from files. To do this, select administer . database and click the Script tab (admin/database/script). Developer Tools (Devel) Module The Devel module is an indispensable tool for programmers and system administrators who want to know how Drupal accesses the database. It collects all of the SQL queries that are made during the loading of a page and shows them as output at the bottom of the screen, along with the time they took and whether the same query was called more than once. This is an excellent way to start to understand what goes on behind the scenes in Drupal, as well as a means for spotting bottlenecks in performance. The Devel module also defines a couple of helper functions to be used for debugging while programming, integrates with Xdebug (http://www.xdebug.org/) to provide profiler information, and includes a number of scripts for generating dummy database data for the purposes of testing. Installing the Devel Module Download the latest version of the Devel module from http://drupal.org/project/devel. Create a modules/devel folder and move the devel.module file into it. Enable the module from the admin/modulespage. The archive download comes with a devel/generated folder, which contains various scripts for automatically generating content in the database for the purpose of testing. Move these files to the server only if the site is a development site and you intend to use the scripts. Otherwise, you are best advised to omit them. If you are using Xdebug and wish to have access to profiler information through the Devel module, you should add information to either your php.inifile or the .htaccessfile. For php.ini, add the following:
Note: In case you are looking for affordable and reliable webhost to host and run your j2ee application check Vision web design programs services

CHAPTER 4 ADDING CONTRIBUTED MODULES 143 options on the admin/settings/dba page, as described by the MySQL documentation (http:// dev.mysql.com/doc/mysql/en/check-table.html): QUICK means don t scan the rows to check for incorrect links. FAST means to check only tables that haven t been closed properly. CHANGED means to check only tables that have been changed since the last check or haven t been closed properly. MEDIUM means to scan rows to verify that deleted links are okay. It also calculates a key checksum for the rows and verifies this with a calculated checksum for the keys. EXTENDED means to do a full key lookup for all keys for each row. This ensures that the table is 100% consistent, but takes a long time! In the unlikely event that the data integrity of your database becomes compromised, there is a chance that it can be automatically repaired. The Repair Option field lets you determine when the repair link for a table is visible. The best setting is Automatic, as this not only hides superfluous links, but also serves to alert you (by the presence of the link) when the data integrity has been broken. Using the Database Administration Module To see an overview of the tables in your database, select administer . database. For each table, you are shown the number of rows and have the following options: The View option shows the contents of the table. The Describe option shows the data structure of the table, as shown in Figure 4-19. Figure 4-19. The node table described
Note: If you are looking for reliable webhost to maintain and run your java application check Vision java hosting services

142 CHAPTER 4 ADDING CONTRIBUTED MODULES Database Administration Module Permissions To quote from the module s documentation: If a user is granted (or manages to acquire) dba administer database permissions, they are able to directly alter the database. At minimum, they are able to modify data, and possibly to drop tables. Depending on how you have defined your database permissions, the user may also be able to modify other databases unrelated to your Drupal installation. Use at your own risk! Clearly, the Dba Administer Database permission is not to be granted lightly. The second permission that this module defines is Dba View Database, which allows users possessing it the chance to see the contents of the entire database. This includes user e-mail, the encrypted hash of user passwords, any private profile information, and so forth. Judicious use of this module and sparing grants of these two permissions are advised. Automatic Database Backups To configure the dba module, navigate to administer . settings . dba (admin/settings/dba). One of the useful features of this module is the ability to make backup SQL dumps of your database, and it can mail these backups to your e-mail address. Dumps can be made from individual tables, in which case, the backup filename will bear the name of the table, or of several tables or even the entire database. The following are settings that pertain to database backups: Default backup filename: In the case of multiple tables, the name of the backup file is initially taken from this field, although this can be changed at the time you initiate the backup. Automatically backup database every (period of time): The automatic backups are disabled by default, but if you set this field to any of the given time periods, backups will be made as often as you have specified. Automatic backup path: This is the path to the directory on your server where the backups will be saved. Backups are not automatically deleted, so this is a cleanup task that will be left to you. Compress automatic backups: If compression libraries are available to PHP on your server, you can check this option, and backups will arrived in a compressed format, greatly reducing the size of the backup files. Mail backup to administrator: Checking this option will result in the automatic database backups being mailed to the administrator s e-mail account (as defined on the site settings page, admin/settings). Database Integrity Checks The dba module, when used with the MySQL database, allows you to check the data integrity of your database. This is useful for routine maintenance as well as diagnosing problems. The Default Check Type field lets you tell MySQL which type of check to make. Here are the various
Note: In case you are looking for affordable and reliable webhost to host and run your business application check Vision ftp web hosting services

CHAPTER 4 ADDING CONTRIBUTED MODULES 141 Whitelisting filters should be used sparingly and only in the context of training the filter not to repeat false positive identifications that it has made. The reason for this should be clear: if you open up the door for content to automatically be considered never spam, you can t be too surprised when spammers start walking through it. If you are being bombarded with spam from a single source and you can block this source with one filter, and you are positive that the filter will not have any false positives, you might elect to check the Automatically Delete Spam check box. When checked, content matching this filter will be deleted from your site without any warning or notification. This is intended as an extreme defense when your site is suffering from the efforts of a concerted attack. Due to the extreme nature of this option, it is recommended only in last-resort cases. In most normal cases, you will want to have the option of browsing spam content to double-check that no false positives are being made. Using Other Filters In the contributed/custom_filters folder in the Spam module archive, you will find some SQL data dumps of custom filters that others have contributed based on experience from their sites. As noted earlier, you can choose to import these data dumps into your database and benefit from them as well. Here are some examples from the file teledyn.mysql: /b(mortgage|credit|kredit|casino|poker|debt)S*.w{2,3}b/i /b(texas-holdem|onlinegames|blackjack|bingo)S*.w{2,3}b/i These expressions look for domains that contain any of the list of words mortgage, credit, casino, bingo, and so on. The domain bingo123-use.la would be matched, for example. If you decide to use third-party filters, make sure to monitor the content that is being marked as spam to be on the lookout for false positives. Database Administration Module The Database Administration (dba) module allows you to view, edit, repair, and create backups for your Drupal database, all from within the administrator s web interface. It is a practical and convenient way to run SQL queries and view the results. It can also be used to import the database definitions for new modules, possibly saving you a trip to another application or command-line tool. Installing the Database Administration Module To install the dba module, download the latest version from http://drupal.org/project/dba. Then create a modules/dbafolder and copy the dba.modulefile into it. If you are using PostgreSQL as your database, you need to take the extra steps found in the README.pgsqlfile. Finally, activate the module from the admin/modulespage. Configuring the Database Administration Module The most important configuration decisions you need to make concerning the dba module have to do with user permissions. You can also set options for automatic backups and checking the database integrity.
Note: In case you are looking for affordable and reliable webhost to host and run your j2ee application check Vision best web hosting services

140 CHAPTER 4 ADDING CONTRIBUTED MODULES Navigate to administer . spam . URL filters (admin/spam/urls), and you will see an overview of the URLs that the Spam module recognizes as spam URLs. This page also shows how many times each URL has been matched as spam, how many times it has been identified with content that is not spam, the spam probability that it carries (from 1 to 99), and the date of the last match. This page can be useful for removing false positives from the filter in case a spammer does something nasty, like including a link to a legitimate site in her spam, thus tricking the spam filter into thinking that URL, too, is spam. You can also use this page to take preventative measures and block URLs that you know are spammer sites from other sources. Your e-mail inbox could be a good source of these URLs. Every one of those free software and cheap drugs sites that are advertised in e-mail spam deserves to be fed to your site s spam filter. To do this, simply add the domain to the Add New URL Filter section and click Add New URL Filter. If the same witless spammer decides to expand and target your web site as well as your inbox, he will be out of luck. Creating Custom Filters Next to the URL Filters tab is a tab named Custom Filters (admin/spam/custom). Custom filters are a tool for you to help teach the filter by feeding it words, phrases, or regular expressions and telling it what to do with them when they are matched. You create a new custom filter by entering a word, phrase, or Perl-compatible regular expression into the Custom Filter field. If it is a regular expression, you also need to check the Regular Expression check box, and your expression will be checked for validity when you submit the form. Then you need to determine what is to be done with the content that is found to match this filter by making a selection in the Match Effect field. The options are as follows: Always spam (blacklist) Usually spam (graylist) Usually not spam (graylist) Never spam (whitelist) These various classifications affect the probability rating that the content is spam. Remember that the whole point of the Bayesian filter is to establish this rating, so your custom filter is simply taking part in all of the other calculations that will occur when any post or comment is being considered. Here are the technical details, taken from the help text for custom filters: If your filter defines always spam, this increases the chances the new content will be marked spam by 200%. If your filter defines usually spam, this increases the chances the new content will be marked spam by 50%. If your filter defines usually not spam, this decreases the chances the new content will be marked spam by 50%. And if your filter defines never spam, this decreases the chances the new content will be marked spam by 200%. Since the same content can match several filters, they can play complementary or opposing roles. If a comment matches one Always Spam filter and five Usually Not Spam filters, the weight will be in favor of usually not spam, and the chances that the comment will be marked
Note: If you are looking for high quality webhost to host and run your jsp application check Vision christian web host services

CHAPTER 4 ADDING CONTRIBUTED MODULES 139 URL Limits The Limits group on the Spam module s settings page deals with the number of URLs that can appear in either comments or normal content. For each, you can set the highest number of allowed URLs and the number of repeated URLs. Be careful when setting these that you don t preclude normal legitimate use of your web site. For example, if your site is supposed to have reviews of a certain type of web site, it is conceivable that someone would want to include several hyperlinks to reference the same page of the site being reviewed. On the other hand, setting these limits to something reasonable (between 3 to 5 in most cases) will catch and block the attempts of some spammers. Actions for Identified Spam What should happen when the spam filter identifies something as spam? That question is answered by the settings in the Actions group on the Spam module s settings page. You can have the content or comment automatically unpublished by checking the Automatically Unpublish Spam field. This might be the best option if spam or potentially embarrassing content could hurt your business or reputation if allowed to persist on the site for any amount of time. Use this option if you are too busy to constantly police your site (better to be safe than sorry). On the other hand, it is possible (though rare) for the Spam module to identify false positives, and users whose content gets unpublished may get very irritated with your site. The Notify Admin When Spam Detected field causes the administrator of the site to be notified whenever spam is identified. This should be checked as long as you leave possible spam published (Automatically Unpublish Spam is unchecked), or if you are worried about the chance of false positives. That way, you can closely monitor the Spam module s activities and see that it is doing its job correctly. Advanced Spam Module Configuration For everyone who wants to get the Spam module installed and running, the preceding configuration is all that needs to be done. If you re interested in playing around under the hood of the module and tweaking the Bayesian filter parameters, check the Advanced Configuration check box on the admin/settings/spam page and click Submit to see advanced options. The following are two advanced options that you might find interesting (and that don t introduce any risks): Display spam rating: This setting, under the Tools heading, will let you see the spam rat ing for any content or comments. This is a rating from 1 to 99, and the higher the rating, the more likely it is that it is spam. Collect statistics: If you instruct the module to collect statistics, you will have access to interesting information, such as how many spam comments or content submissions have been posted and when the last occurrence was. Managing URL Filters Whenever content is identified as spam, the Bayesian filter takes the opportunity to extract all of the URLs contained within and pay special attention to them. The logic is that the spammers golden eggs are the URLs, and therefore their most telling fingerprint.
Note: In case you are looking for affordable webhost to host and run your servlet application check Vision mysql5 web hosting services

138 CHAPTER 4 ADDING CONTRIBUTED MODULES Spam Module Permissions The permissions structure of the Spam module is designed to let you divide your users into roughly three groups: those who can decide what content is or is not spam, those who are trustworthy and never create spam, and everyone else who cannot be trusted. The Access Spam Rating and Administer Spam Rating permissions can be given to user roles who will help train the filter and identify spam. When looking at content, they will be able to mark it either as spam or not spam, thus assigning a new score (1 or 99) and biasing the spam filter s future handling of similar content. As this is an essential activity, if you are to have an effective filter, you will want to make sure that you have trustworthy people in your community who have these permissions, so that spam content will be quickly identified and marked as such. However, keep in mind that anyone with these permissions can unpublish anything on your site simply by marking it as spam, so trust is essential. The Bypass Spam Filter permission can be granted to any user role who will never submit spam. This would certainly include user roles that receive the Access Spam Rating and Administer Spam Rating permissions. When users with the Bypass Spam Filter permission create content, it will not be passed through the Bayesian filter. The content can be marked as spam later, however. The only advantages to using this permission are a small performance gain, since less processing is done upon submitting content, and that no content will be falsely marked as spam for these users (a very small danger to begin with). It has the negative side effect that content from these users won t automatically train the filter. Thus, assigning this permission to too many users isn t a good idea. Filters for Content Types Select administer . settings . spam (admin/settings/spam) to see the configuration settings for the Spam module. The group of settings titled Filter gives you the chance to determine which content types will be eligible for spam filtering. As a rule of thumb, you should allow the Spam module to filter any content that can be created anonymously or by users whose trustworthiness cannot be guaranteed (that is, you don t know them personally). The options are as follows: Filter comments: This should be checked in most cases. There are known scripts for attacking Drupal sites where the URLs for nodes are systematically probed and comments are posted. The scripts craftily hit low-numbered nodes (low-numbered nodes are usually older content on most sites) and stop before becoming very conspicuous, in a bid to create comment spam but not be detected. Since these scripts target comments, it is advisable to enable this option. Filter open relays: This corresponds to the Distributed Server Boycott List method of spam filtering, described earlier. It uses the IP address of the user posting content and compares it to published lists of known spammers. Any content published from an IP address found on these lists will have a greatly increased chance of being marked as spam. Filter spammer URLs: This instructs the Spam module to pay greater attention to the URLs in content and afford them special treatment. The URLs in posts marked as spam will be branded as positive identifiers for spam content, and any new content containing the same URLs will be marked as spam.
Note: If you are looking for high quality webhost to host and run your jsp application check Vision christian web host services

CHAPTER 4 ADDING CONTRIBUTED MODULES 137 URL Counting Since the most common goal of spam content is to publish links back to the spammer s web site, a logical and effective method for identifying spam revolves around counting URLs in posts. The Spam module can be configured to mark content or comments as spam if they have more than a certain number of URLs in them, or alternatively, if the same URL appears more than a certain number of times. Distributed Server Boycott List The Distributed Server Boycott List is a set of lists of IP addresses of servers that are known to be open relays, open proxies, or to have other vulnerabilities that allow anyone to deliver e-mail to anywhere, through that server. The Spam module s fourth anti-spam mechanism uses these lists to check the IP addresses of users posting content and see if they are known e-mail spammers. Presumably, e-mail spammers are also content/comment spammers. Installing the Spam Module Follow these steps to install the Spam module: 1. Download the latest version of the Spam module from http://drupal.org/project/ spam. Note At the time of writing, this module was being rewritten. You are encouraged to follow developments on the Spam 2.0 module at http://www.kerneltrap.org/jeremy/drupal/spam/. 2. After backing up your data, import the file spam.mysql (or spam.pgsql if appropriate) into your database. 3. Although the Spam module comes delivered with many subfolders and extra files, the only one you need to get started is spam.module. Create a folder called spam in your modules directory and move spam.module into it. 4. Since the Spam module learns from experience and builds lists of words, URLs, and IP addresses associated with spam, the experience of other web site administrators can be very useful in avoiding spam. To this end, there are a number of database dumps of the spam filters from active sites that have dealt with large quantities of spam. These files are found in the contributed/spam_tokens folder that comes with the Spam module download. Optionally, you can load these files into your database. 5. Navigate to administer . modules (admin/modules) and enable the module. Configuring the Spam Module To configure the Spam module, you need to set the appropriate Drupal permissions. You also need to visit the module s settings page and set up your filters and other spam prevention options.
Note: In case you are looking for affordable webhost to host and run your servlet application check Vision ecommerce web hosting services

136 CHAPTER 4 ADDING CONTRIBUTED MODULES with blatant advertisements for their products. They will comment on other people s content, sometimes masking their intent in a thin veneer of compliments before getting to the business of self promotion. They will use scripts to find the holes in your site and flood you with postings. Spammers show a lot of resourcefulness and absolutely no mercy. If given the chance, they will turn your web site into a wasteland of Viagra, poker, and payday loan advertisements. It is important to the health of your online community that you have a strong defense against this malicious activity. Just as people need to have means to deal with spam e-mail in their inbox, you need to have a way to deal with spam posts on your web site. You will find this defense in the Spam module. Detecting Spam The Spam module can be configured and trained to detect content of any kind that is considered spam, including comments and node types. The administrator has configuration options that allow the Spam module to automatically unpublish that content and/or notify the administrator. Up to four different mechanisms can be used to identify content as spam: the Bayesian filter, custom filters, URL counting, and the Distributed Server Boycott List. Bayesian Filter The Bayesian filter learns to detect spam by being shown content that has been identified as spam by the site administrator. The best way to describe this method is to quote Jeremy Andrews, the author of the Spam module. The Bayesian filter does statistical analysis on spam content, learning from spam and non-spam that it sees to determine the likelihood that new content is or is not spam. The filter starts out knowing nothing, and has to be trained every time it makes a mistake. This is done by marking spam content on your site as spam when you see it. Each word of the spam content will be remembered and assigned a probability. The more often a word shows up in spam content, the higher the probability that future content with the same word is also spam. As most comment spam contains links back to the spammer s websites (ie. to sell Prozac), the Bayesian filter provides a special option to quickly learn and block content that contains links to known spammer websites. For more information about Bayesian filtering, see http://en.wikipedia.org/wiki/ Bayesian_filtering. Custom Filters As the site administrator, you can define custom filters that increase the probability of certain words and patterns to indicate spam. The filters will cause content to be marked as follows: Blacklisted content will be definitely marked as spam. Whitelisted content will definitely be marked as not spam. Graylisted content is marked as either usually spam or usually not spam, increasing or y the Bayesian filter.
Note: If you are looking for best quality webspace to host and run your tomcat application check Vision shared web hosting services

CHAPTER 4 ADDING CONTRIBUTED MODULES 135 Figure 4-18. The Group details block and the link to manage subscriptions Note The moderator of a group is the person who created the group. It is not currently possible to have more than one moderator. To change the moderator of a group, a user with the Administer Nodes permission must edit the group node and change the Authored By field to the username of the new moderator. Since the Administer Nodes permission is almost synonymous with being a site administrator, you should not grant this permission solely for the sake of changing group moderators. Until this facet of the Organic Groups module is better developed, it is advisable to either disallow the changing of moderators or to handle all requests to do so yourself. Be careful to whom you grant Administer Nodes permission! Managing Groups The Group Details block is the control panel for a group. It is visible on a group s homepage. You can add content, manage subscribers, create albums, manage e-mail subscriptions, and perform other group-related tasks from the Group Details block. For example, you can arrange to receive e-mail notification whenever something gets posted to a group of which you are a member. In the Group Details block (see Figure 4-18), click the my subscription link to see and set the status of your e-mail subscription. Spam Module Recent years have seen an explosion in web site spam. Spam is any content posted to a web site that is unwanted or has an ulterior motive other than being part of the online community. The most common ulterior motive is getting links to third-party web sites published, in pursuit of the higher search engine rankings that come with the elevated page rank that their web sites enjoy when links from external sites point to them. Some people are willing to do almost anything to get a link to their web site posted on your web site. They will sign up for accounts, and then post forums and make blog entries
Note: In case you are looking for affordable and reliable webhost to host and run your business application check Vision ftp web hosting services