The module configuration makes reference to a whitelist URL. Is there one? Or should that be deleted from the greylist message?

There is also reference to a greylist challenge issued to those who are greylisted -- does that happen on the honeypot project page? That's a bit of a mystery as far as the documentation here.

Comments

praseodym’s picture

Grey- and whitelisting are features of the Drupal module. Greylisting allows users that aren't certainly a bot, e.g. because their ISP assigned them an IP previously used by a bot or users from large networks with shared IPs, to regain access for the current session by passing a simple test. The challenge occurs through the module - on your site and for the current session only.

Capnj’s picture

How do I set up a whitelist?

Is there a way I can trigger the greylisting and see what that user is confronted with?

gil

praseodym’s picture

Whitelisting works through the access table (admin/user/access).

You can try greylisting by adding your IP to the httpbl table with status 2 (iirc).

Capnj’s picture

You said "Whitelisting works through the access table (admin/user/access)"

I'm not seeing that. Did you mis-speak? The reference to a whitelist makes reference to a whitelist URL which I took to be a list maintained either on my site or elsewhere. Admin/user/access is merely the access control page for all modules.

My apologies for all the questions, but maybe they will help you compile more documentation! :-)

gil

praseodym’s picture

There's no support for an external whitelist. Through admin/user/access you can add IP addresses, any whitelist status will be honored by the module.

Capnj’s picture

OK, you're talking about in admin/user/rules/add, right? Add a rule to ALLOW, check HOST, and enter the IP there.

But then your default greylisted message includes:
You may try whitelisting on %whitelisturl.

What is the whitelisturl referred to there? That's my question.

gil

praseodym’s picture

That is the URL for the module's own whitelisting. The url is replaced automatically.

The workflow is as follows:
- Visitor gets greylisted
- Visitor gets presented a message with whitelist link (internal)
- Visitor follows whitelist link
- Visitor is required to enter some information (to verify that he/she is human)
- Visitor gets access to the site for his/her current session

Capnj’s picture

NOIW I understand. Thanks. I've installed the module on 5 sites with a honeypot on each and am anxious to see in a couple of weeks if some bad guys are scooped up. Thanks for the work and the great response.

gil

praseodym’s picture

Status: Active » Closed (fixed)

You're welcome.