closed-social
/
mastodon
3
0
Fork 2
Code Issues 5 Pull Requests 0 Projects 0 Releases 3 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
8007 Commits
4 Branches
567 MiB
Tree: b5f7e12817
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'b5f7e12817'
${ noResults }
mastodon/app/lib/spam_check.rb

198 lines
5.3 KiB
Raw Normal View History

Add a spam check (#11217) * Add a spam check * Use Nilsimsa to generate locality-sensitive hashes and compare using Levenshtein distance * Add more tests * Add exemption when the message is a reply to something that mentions the sender * Use Nilsimsa Compare Value instead of Levenshtein distance * Use MD5 for messages shorter than 10 characters * Add message to automated report, do not add non-public statuses to automated report, add trust level to accounts and make unsilencing raise the trust level to prevent repeated spam checks on that account * Expire spam check data after 3 months * Add support for local statuses, reduce expiration to 1 week, always create a report * Add content warnings to the spam check and exempt empty statuses * Change Nilsimsa threshold to 95 and make sure removed statuses are removed from the spam check * Add all matched statuses into automatic report
4 years ago
Change spam check to apply to local accounts and add a threshold (#11806) Instead of detecting spam on first duplicate message, add a threshold of 5 such messages to reduce false positives
4 years ago
Add a spam check (#11217) * Add a spam check * Use Nilsimsa to generate locality-sensitive hashes and compare using Levenshtein distance * Add more tests * Add exemption when the message is a reply to something that mentions the sender * Use Nilsimsa Compare Value instead of Levenshtein distance * Use MD5 for messages shorter than 10 characters * Add message to automated report, do not add non-public statuses to automated report, add trust level to accounts and make unsilencing raise the trust level to prevent repeated spam checks on that account * Expire spam check data after 3 months * Add support for local statuses, reduce expiration to 1 week, always create a report * Add content warnings to the spam check and exempt empty statuses * Change Nilsimsa threshold to 95 and make sure removed statuses are removed from the spam check * Add all matched statuses into automatic report
4 years ago
Change spam check to apply to local accounts and add a threshold (#11806) Instead of detecting spam on first duplicate message, add a threshold of 5 such messages to reduce false positives
4 years ago
Add a spam check (#11217) * Add a spam check * Use Nilsimsa to generate locality-sensitive hashes and compare using Levenshtein distance * Add more tests * Add exemption when the message is a reply to something that mentions the sender * Use Nilsimsa Compare Value instead of Levenshtein distance * Use MD5 for messages shorter than 10 characters * Add message to automated report, do not add non-public statuses to automated report, add trust level to accounts and make unsilencing raise the trust level to prevent repeated spam checks on that account * Expire spam check data after 3 months * Add support for local statuses, reduce expiration to 1 week, always create a report * Add content warnings to the spam check and exempt empty statuses * Change Nilsimsa threshold to 95 and make sure removed statuses are removed from the spam check * Add all matched statuses into automatic report
4 years ago
Add setting to disable the anti-spam (#11296) * Add environment variable to disable the anti-spam * Move antispam setting to admin settings * Fix typo * antispam → spam_check
4 years ago
Add a spam check (#11217) * Add a spam check * Use Nilsimsa to generate locality-sensitive hashes and compare using Levenshtein distance * Add more tests * Add exemption when the message is a reply to something that mentions the sender * Use Nilsimsa Compare Value instead of Levenshtein distance * Use MD5 for messages shorter than 10 characters * Add message to automated report, do not add non-public statuses to automated report, add trust level to accounts and make unsilencing raise the trust level to prevent repeated spam checks on that account * Expire spam check data after 3 months * Add support for local statuses, reduce expiration to 1 week, always create a report * Add content warnings to the spam check and exempt empty statuses * Change Nilsimsa threshold to 95 and make sure removed statuses are removed from the spam check * Add all matched statuses into automatic report
4 years ago
Change spam check to apply to local accounts and add a threshold (#11806) Instead of detecting spam on first duplicate message, add a threshold of 5 such messages to reduce false positives
4 years ago
Add a spam check (#11217) * Add a spam check * Use Nilsimsa to generate locality-sensitive hashes and compare using Levenshtein distance * Add more tests * Add exemption when the message is a reply to something that mentions the sender * Use Nilsimsa Compare Value instead of Levenshtein distance * Use MD5 for messages shorter than 10 characters * Add message to automated report, do not add non-public statuses to automated report, add trust level to accounts and make unsilencing raise the trust level to prevent repeated spam checks on that account * Expire spam check data after 3 months * Add support for local statuses, reduce expiration to 1 week, always create a report * Add content warnings to the spam check and exempt empty statuses * Change Nilsimsa threshold to 95 and make sure removed statuses are removed from the spam check * Add all matched statuses into automatic report
4 years ago
Change spam check to apply to local accounts and add a threshold (#11806) Instead of detecting spam on first duplicate message, add a threshold of 5 such messages to reduce false positives
4 years ago
Add a spam check (#11217) * Add a spam check * Use Nilsimsa to generate locality-sensitive hashes and compare using Levenshtein distance * Add more tests * Add exemption when the message is a reply to something that mentions the sender * Use Nilsimsa Compare Value instead of Levenshtein distance * Use MD5 for messages shorter than 10 characters * Add message to automated report, do not add non-public statuses to automated report, add trust level to accounts and make unsilencing raise the trust level to prevent repeated spam checks on that account * Expire spam check data after 3 months * Add support for local statuses, reduce expiration to 1 week, always create a report * Add content warnings to the spam check and exempt empty statuses * Change Nilsimsa threshold to 95 and make sure removed statuses are removed from the spam check * Add all matched statuses into automatic report
4 years ago
Change spam check to apply to local accounts and add a threshold (#11806) Instead of detecting spam on first duplicate message, add a threshold of 5 such messages to reduce false positives
4 years ago
Add a spam check (#11217) * Add a spam check * Use Nilsimsa to generate locality-sensitive hashes and compare using Levenshtein distance * Add more tests * Add exemption when the message is a reply to something that mentions the sender * Use Nilsimsa Compare Value instead of Levenshtein distance * Use MD5 for messages shorter than 10 characters * Add message to automated report, do not add non-public statuses to automated report, add trust level to accounts and make unsilencing raise the trust level to prevent repeated spam checks on that account * Expire spam check data after 3 months * Add support for local statuses, reduce expiration to 1 week, always create a report * Add content warnings to the spam check and exempt empty statuses * Change Nilsimsa threshold to 95 and make sure removed statuses are removed from the spam check * Add all matched statuses into automatic report
4 years ago
Change spam check to apply to local accounts and add a threshold (#11806) Instead of detecting spam on first duplicate message, add a threshold of 5 such messages to reduce false positives
4 years ago
Add a spam check (#11217) * Add a spam check * Use Nilsimsa to generate locality-sensitive hashes and compare using Levenshtein distance * Add more tests * Add exemption when the message is a reply to something that mentions the sender * Use Nilsimsa Compare Value instead of Levenshtein distance * Use MD5 for messages shorter than 10 characters * Add message to automated report, do not add non-public statuses to automated report, add trust level to accounts and make unsilencing raise the trust level to prevent repeated spam checks on that account * Expire spam check data after 3 months * Add support for local statuses, reduce expiration to 1 week, always create a report * Add content warnings to the spam check and exempt empty statuses * Change Nilsimsa threshold to 95 and make sure removed statuses are removed from the spam check * Add all matched statuses into automatic report
4 years ago
Add setting to disable the anti-spam (#11296) * Add environment variable to disable the anti-spam * Move antispam setting to admin settings * Fix typo * antispam → spam_check
4 years ago
Add a spam check (#11217) * Add a spam check * Use Nilsimsa to generate locality-sensitive hashes and compare using Levenshtein distance * Add more tests * Add exemption when the message is a reply to something that mentions the sender * Use Nilsimsa Compare Value instead of Levenshtein distance * Use MD5 for messages shorter than 10 characters * Add message to automated report, do not add non-public statuses to automated report, add trust level to accounts and make unsilencing raise the trust level to prevent repeated spam checks on that account * Expire spam check data after 3 months * Add support for local statuses, reduce expiration to 1 week, always create a report * Add content warnings to the spam check and exempt empty statuses * Change Nilsimsa threshold to 95 and make sure removed statuses are removed from the spam check * Add all matched statuses into automatic report
4 years ago
Remove auto-silence behaviour from spam check (#12117) Fix #12113
4 years ago
Add a spam check (#11217) * Add a spam check * Use Nilsimsa to generate locality-sensitive hashes and compare using Levenshtein distance * Add more tests * Add exemption when the message is a reply to something that mentions the sender * Use Nilsimsa Compare Value instead of Levenshtein distance * Use MD5 for messages shorter than 10 characters * Add message to automated report, do not add non-public statuses to automated report, add trust level to accounts and make unsilencing raise the trust level to prevent repeated spam checks on that account * Expire spam check data after 3 months * Add support for local statuses, reduce expiration to 1 week, always create a report * Add content warnings to the spam check and exempt empty statuses * Change Nilsimsa threshold to 95 and make sure removed statuses are removed from the spam check * Add all matched statuses into automatic report
4 years ago
Change spam check to apply to local accounts and add a threshold (#11806) Instead of detecting spam on first duplicate message, add a threshold of 5 such messages to reduce false positives
4 years ago
Add a spam check (#11217) * Add a spam check * Use Nilsimsa to generate locality-sensitive hashes and compare using Levenshtein distance * Add more tests * Add exemption when the message is a reply to something that mentions the sender * Use Nilsimsa Compare Value instead of Levenshtein distance * Use MD5 for messages shorter than 10 characters * Add message to automated report, do not add non-public statuses to automated report, add trust level to accounts and make unsilencing raise the trust level to prevent repeated spam checks on that account * Expire spam check data after 3 months * Add support for local statuses, reduce expiration to 1 week, always create a report * Add content warnings to the spam check and exempt empty statuses * Change Nilsimsa threshold to 95 and make sure removed statuses are removed from the spam check * Add all matched statuses into automatic report
4 years ago
Change spam check to apply to local accounts and add a threshold (#11806) Instead of detecting spam on first duplicate message, add a threshold of 5 such messages to reduce false positives
4 years ago
Add a spam check (#11217) * Add a spam check * Use Nilsimsa to generate locality-sensitive hashes and compare using Levenshtein distance * Add more tests * Add exemption when the message is a reply to something that mentions the sender * Use Nilsimsa Compare Value instead of Levenshtein distance * Use MD5 for messages shorter than 10 characters * Add message to automated report, do not add non-public statuses to automated report, add trust level to accounts and make unsilencing raise the trust level to prevent repeated spam checks on that account * Expire spam check data after 3 months * Add support for local statuses, reduce expiration to 1 week, always create a report * Add content warnings to the spam check and exempt empty statuses * Change Nilsimsa threshold to 95 and make sure removed statuses are removed from the spam check * Add all matched statuses into automatic report
4 years ago
 
  1. # frozen_string_literal: true
  2. 

  3. class SpamCheck
  4.   include Redisable
  5.   include ActionView::Helpers::TextHelper
  6. 

  7.   # Threshold over which two Nilsimsa values are considered
  8.   # to refer to the same text
  9.   NILSIMSA_COMPARE_THRESHOLD = 95

  10. 

  11.   # Nilsimsa doesn't work well on small inputs, so below
  12.   # this size, we check only for exact matches with MD5
  13.   NILSIMSA_MIN_SIZE = 10

  14. 

  15.   # How long to keep the trail of digests between updates,
  16.   # there is no reason to store it forever
  17.   EXPIRE_SET_AFTER = 1.week.seconds
  18. 

  19.   # How many digests to keep in an account's trail. If it's
  20.   # too small, spam could rotate around different message templates
  21.   MAX_TRAIL_SIZE = 10

  22. 

  23.   # How many detected duplicates to allow through before
  24.   # considering the message as spam
  25.   THRESHOLD = 5

  26. 

  27.   def initialize(status)
  28.     @account = status.account
  29.     @status  = status
  30.   end
  31. 

  32.   def skip?
  33.     disabled? || already_flagged? || trusted? || no_unsolicited_mentions? || solicited_reply?
  34.   end
  35. 

  36.   def spam?
  37.     if insufficient_data?
  38.       false
  39.     elsif nilsimsa?
  40.       digests_over_threshold?('nilsimsa') { |_, other_digest| nilsimsa_compare_value(digest, other_digest) >= NILSIMSA_COMPARE_THRESHOLD }
  41.     else
  42.       digests_over_threshold?('md5') { |_, other_digest| other_digest == digest }
  43.     end
  44.   end
  45. 

  46.   def flag!
  47.     auto_report_status!
  48.   end
  49. 

  50.   def remember!
  51.     # The scores in sorted sets don't actually have enough bits to hold an exact
  52.     # value of our snowflake IDs, so we use it only for its ordering property. To
  53.     # get the correct status ID back, we have to save it in the string value
  54. 

  55.     redis.zadd(redis_key, @status.id, digest_with_algorithm)
  56.     redis.zremrangebyrank(redis_key, 0, -(MAX_TRAIL_SIZE + 1))
  57.     redis.expire(redis_key, EXPIRE_SET_AFTER)
  58.   end
  59. 

  60.   def reset!
  61.     redis.del(redis_key)
  62.   end
  63. 

  64.   def hashable_text
  65.     return @hashable_text if defined?(@hashable_text)
  66. 

  67.     @hashable_text = @status.text
  68.     @hashable_text = remove_mentions(@hashable_text)
  69.     @hashable_text = strip_tags(@hashable_text) unless @status.local?
  70.     @hashable_text = normalize_unicode(@status.spoiler_text + ' ' + @hashable_text)
  71.     @hashable_text = remove_whitespace(@hashable_text)
  72.   end
  73. 

  74.   def insufficient_data?
  75.     hashable_text.blank?
  76.   end
  77. 

  78.   def digest
  79.     @digest ||= begin
  80.       if nilsimsa?
  81.         Nilsimsa.new(hashable_text).hexdigest
  82.       else
  83.         Digest::MD5.hexdigest(hashable_text)
  84.       end
  85.     end
  86.   end
  87. 

  88.   def digest_with_algorithm
  89.     if nilsimsa?
  90.       ['nilsimsa', digest, @status.id].join(':')
  91.     else
  92.       ['md5', digest, @status.id].join(':')
  93.     end
  94.   end
  95. 

  96.   class << self
  97.     def perform(status)
  98.       spam_check = new(status)
  99. 

  100.       return if spam_check.skip?
  101. 

  102.       if spam_check.spam?
  103.         spam_check.flag!
  104.       else
  105.         spam_check.remember!
  106.       end
  107.     end
  108.   end
  109. 

  110.   private
  111. 

  112.   def disabled?
  113.     !Setting.spam_check_enabled
  114.   end
  115. 

  116.   def remove_mentions(text)
  117.     return text.gsub(Account::MENTION_RE, '') if @status.local?
  118. 

  119.     Nokogiri::HTML.fragment(text).tap do |html|
  120.       mentions = @status.mentions.map { |mention| ActivityPub::TagManager.instance.url_for(mention.account) }
  121. 

  122.       html.traverse do |element|
  123.         element.unlink if element.name == 'a' && mentions.include?(element['href'])
  124.       end
  125.     end.to_s
  126.   end
  127. 

  128.   def normalize_unicode(text)
  129.     text.unicode_normalize(:nfkc).downcase
  130.   end
  131. 

  132.   def remove_whitespace(text)
  133.     text.gsub(/\s+/, ' ').strip
  134.   end
  135. 

  136.   def auto_report_status!
  137.     status_ids = Status.where(visibility: %i(public unlisted)).where(id: matching_status_ids).pluck(:id) + [@status.id] if @status.distributable?
  138.     ReportService.new.call(Account.representative, @account, status_ids: status_ids, comment: I18n.t('spam_check.spam_detected_and_silenced'))
  139.   end
  140. 

  141.   def already_flagged?
  142.     @account.silenced? || @account.targeted_reports.unresolved.where(account_id: -99).exists?
  143.   end
  144. 

  145.   def trusted?
  146.     @account.trust_level > Account::TRUST_LEVELS[:untrusted]
  147.   end
  148. 

  149.   def no_unsolicited_mentions?
  150.     @status.mentions.all? { |mention| mention.silent? || (!@account.local? && !mention.account.local?) || mention.account.following?(@account) }
  151.   end
  152. 

  153.   def solicited_reply?
  154.     !@status.thread.nil? && @status.thread.mentions.where(account: @account).exists?
  155.   end
  156. 

  157.   def nilsimsa_compare_value(first, second)
  158.     first  = [first].pack('H*')
  159.     second = [second].pack('H*')
  160.     bits   = 0

  161. 

  162.     0.upto(31) do |i|
  163.       bits += Nilsimsa::POPC[255 & (first[i].ord ^ second[i].ord)].ord
  164.     end
  165. 

  166.     128 - bits # -128 <= Nilsimsa Compare Value <= 128
  167.   end
  168. 

  169.   def nilsimsa?
  170.     hashable_text.size > NILSIMSA_MIN_SIZE
  171.   end
  172. 

  173.   def other_digests
  174.     redis.zrange(redis_key, 0, -1)
  175.   end
  176. 

  177.   def digests_over_threshold?(filter_algorithm)
  178.     other_digests.select do |record|
  179.       algorithm, other_digest, status_id = record.split(':')
  180. 

  181.       next unless algorithm == filter_algorithm
  182. 

  183.       yield algorithm, other_digest, status_id
  184.     end.size >= THRESHOLD
  185.   end
  186. 

  187.   def matching_status_ids
  188.     if nilsimsa?
  189.       other_digests.select { |record| record.start_with?('nilsimsa') && nilsimsa_compare_value(digest, record.split(':')[1]) >= NILSIMSA_COMPARE_THRESHOLD }.map { |record| record.split(':')[2] }.compact
  190.     else
  191.       other_digests.select { |record| record.start_with?('md5') && record.split(':')[1] == digest }.map { |record| record.split(':')[2] }.compact
  192.     end
  193.   end
  194. 

  195.   def redis_key
  196.     @redis_key ||= "spam_check:#{@account.id}"
  197.   end
  198. end