Reading the 'Moodle Security' discussion (http://moodle.org/mod/forum/discuss.php?d=109366) I got an idea how to prevent spam entries in user profile descriptions.
Whats the problems? Spammer and perhaps sometimes students add advertising or banned words in their profiles. This is a problem for open systems. We have a partial solution for this if we hide the profiles for not logged in guys. This makes it uninteresting for most spammer. But it will be a problem for other users if they see this entries.
We have a solution with the censorship filter. Here we can add words that are hidden by a filter. But we don't have a system to fill up the list automatically. On the other side the use of this filter needs to much resources if it works on every page.
My idea is the following:
- A new type of filter checks automatically each new or changed entry in a description field of a user profile against a blacklist of banned words. Is a list entry found the admin gets an information via mail. The check can be done while saving the entry or daily by a cron job. An alternative is a manually check started by the admin. Perhaps it is simple search in the DB table.
- If an admin see a problematic word he can add it to a list of censored words and can report it to a central blacklist. B2evolution ( a multiblog system) does this (http://manual.b2evolution.net/Antispam_tab#First_always_keep_your_antispam_table_up_to_date.).
- Admins can enable/disable /create a individual blacklist, manually updated from the central blacklist or automatical updated from the central blacklist on a daily or weekly base.
- Perhaps we need an additional option to define which fields should be searched.