Posted on: 04/12/04 01:03pm
By: Limynali
Has anyone else noticed lately a huge influx of spam/porn related comments? I run a few different geeklog sites and in the past week I've gotten 15+ anonymous comments all with the same stuff about incest etc. In addition I've had lots more membership submissions from obvious spammers/porn people. :-(
I ended up having to disable anonymous comments and just delete most member submissions. Is anyone dealing with this? If so how?
Spam / Porno Comments
Posted on: 04/12/04 01:28pm
By: ScurvyDawg
I have not had this issue, seems some spammers have found your site is all. Hopefully they will move on to the next site when they see you keep deleting their posts.
Spam / Porno Comments
Posted on: 04/12/04 02:25pm
By: Blaine
I did and had to disable anonymous comments
Spam / Porno Comments
Posted on: 04/12/04 10:10pm
By: scroff
I had some spam/porn sites finding their way into my referrer list. I used the handi dandi ban plugin by Tom to ban them. If there aren't too many you can ban their IP using
this ban[*1] .... Just my novice two cents...
Spam / Porno Comments
Posted on: 04/13/04 01:00am
By: Leita
I had this happen last night. It was the first time I've seen this. I have a lot of hits in my http_referrer from britneyspears and paris hilton nudeceleb blogs hah
Spam / Porno Comments
Posted on: 04/13/04 07:54am
By: inspiremin
I had the same thing happen: "incest" related comments.
It seems our mystery commenter is hitting GL sites.
Blessings!
inSPIREmin
Spam / Porno Comments
Posted on: 04/13/04 09:22am
By: Limynali
Thanks for your suggetions! I'm going to try out that ban plugin since it seems to be the same person hitting all my sites.
Spam / Porno Comments
Posted on: 04/13/04 11:09am
By: tonylinde
We're getting hit with this as well (using Geeklog v1.3.6). How do I disable anonymous comments?
Thanks.
Spam / Porno Comments
Posted on: 04/13/04 11:54am
By: Turias
[QUOTE BY= tonylinde] We're getting hit with this as well (using Geeklog v1.3.6). How do I disable anonymous comments?
Thanks.[/QUOTE]
It's a setting in the
config.php[*2] file.
Spam / Porno Comments
Posted on: 04/14/04 10:52am
By: Anonymous (dkaplowitz)
Count me in as another victim of this spam attack. It must be a script that's running.
Spam / Porno Comments
Posted on: 04/16/04 02:41pm
By: inspiremin
I tracked down the perp! I matched the comment time to my site logs and got the address. Doing a quick search in Google, I found out that he/she/it has been very naughty and busy.
I am going to install the ban plug-in so I can keep my comments open to the public.
Any suggestions on what to do with the address? Turn him/her/it in to someone?
Blessings!
inSPIREmin
Spam / Porno Comments
Posted on: 04/16/04 03:55pm
By: geKow
[QUOTE BY= tonylinde] We're getting hit with this as well (using Geeklog v1.3.6). How do I disable anonymous comments?
Thanks.[/QUOTE]
And, btw: I would strongly recommend to upgrade your geeklog!
geKow
Spam / Porno Comments
Posted on: 04/16/04 04:31pm
By: scroff
Any suggestions on what to do with the address? Turn him/her/it in to someone?
I was being spammed by parishilton blogger, among others. I wrote to blogger and they said they have no control over content. I told them I was being spammed and they never replied, despite writing to them a few times... that's when I put in the ban plugin. It's working very well.
Spam / Porno Comments
Posted on: 04/20/04 11:52am
By: Anonymous (Rob)
Same problem, but how does one go about getting the ip address or http-referrer to ban them??
-Rob
Spam / Porno Comments
Posted on: 04/20/04 12:37pm
By: geKow
Try the visitor stats plugin from
gplugs[*3]
geKow
Spam / Porno Comments
Posted on: 04/20/04 12:39pm
By: Anonymous (tokyoahead)
[QUOTE BY= Rob] Same problem, but how does one go about getting the ip address or http-referrer to ban them??[/QUOTE]
Insert something like
<? if ($_SERVER['REMOTE_ADDR']=='111.111.111.111') {exit;} ?>
as first line into you header.thml
Spam / Porno Comments
Posted on: 04/20/04 01:48pm
By: jnordquist
Quote by: Rob] Same problem, but how does one go about getting the ip address or http-referrer to ban them??
Insert something like
Problem with this is if the jerk is using dynamic IP. Dialup customers rarely get the same IP twice. I had a vandal take down my pollbooth recently and had to ban his entire domain for a couple weeks till it stopped.
Requiring login for comments is the only real solution I see. I had the pornspam coments start a couple days ago too.
Spam / Porno Comments
Posted on: 04/20/04 02:30pm
By: Anonymous (ironmax)
I gues I have been fortunate of not having this problem. I run the comments with the users logged in only and they can only read and not post until the register. The only thing I have open with some limitations, for the most part is the downloads. I have not yet had a poster that abused my system here. Lucky I guess. Who knows after this post though.
Spam / Porno Comments
Posted on: 04/20/04 02:35pm
By: Anonymous (Rob)
Well this thing is pretty obviously a bot, so how do I use the ban plugin to ban bots?? Or how do I FIND out where this stuff is coming from so I can block it??
-Rob
Spam / Porno Comments
Posted on: 04/20/04 03:50pm
By: tomw
The ban plugin has apparently made the porno/spammer mad because he regularly spams the ban plugin article on gplugs. Here are three things you can do to make life harder for him.
1) use the ban plugin and ban 69.93.237.84 This will ban the bot that spams your referer list.
2) make a slight change to your lib-common.php to make sure the ban plugin is called before anything else like the stats plugin. At the very end of lib-common.php you will find the following sql statement which sets up calling each plugin:
$result = DB_query( "SELECT pi_name FROM {$_TABLES['plugins']} WHERE pi_enabled = 1" );
Change it to read:
$result = DB_query( "SELECT pi_name FROM {$_TABLES['plugins']} WHERE pi_enabled = 1 order by pi_name" );
3) Add the following sql statment to run from a chron job to delete comments with the inappropriate websites:
delete from gl_comments where comment like "%www.bad.site%"
replacing www.bad.site with the site he/she/it is advertising. I have this set to run every thirty minutes. You could make it part of geeklog and run it everytime a page is fetched if you wanted. Of course you may have to change this, add to it when he figures out what you are doing.
If I get around to it or the porno/spammer makes me madd enough I will write an extension to the ban plugin to handle comments also.
TomW
Spam / Porno Comments
Posted on: 05/07/04 12:53am
By: Anonymous (rob)
Is there some way to make it so that I can authenticate that a poster is a human, like ask people to input a series of numbers that is written elsewhere on the page before it will actually save the comment?? If so what would be the overall gist of the code (I'm new to php and a little help with psuedocode goes a long way) It seems like our spammer keeps changing thier IP address, thereby getting around our ban. Also is it normal for the ban log to never get anything in it?? Ours remains empty even though it seems like it is stopping some unwanted traffic.
Thanks,
-Rob
Spam / Porno Comments
Posted on: 05/07/04 02:28am
By: Anonymous (Jag)
I got hit with this on two seperate sites (each using GL) as well.
I to had to shut off Anymous comments, as well as setting up an .htaccess to ban the IPs (three different IPs).
Spam / Porno Comments
Posted on: 05/07/04 12:19pm
By: Anonymous (Rob)
What were the Ip's you banned, if you don't mind me asking??
-Rob
Spam / Porno Comments
Posted on: 05/10/04 10:24am
By: emasters
I got hit with this hard over the weekend. I've seen one or two here and there over the past couple of months, but this got ever post on the site. Looks like someone has written a bot that scans the site for posts and then injects the comments. The hit on my site lasted about 20 minutes and appeared to come from 6 different IP addresses, though the initial scan seems t ohave originated from a single IP.
I've since set Geekog to not allow anonymous comments, which is fine for the sites I run.
I know there is a way to set a sppedlimit for posts, can the same be done for comments? That might slow this down.
Thanks.
Elmer
Spam / Porno Comments
Posted on: 05/10/04 12:25pm
By: ScurvyDawg
You know my site has never been hit by this bot. A number of the ones I have installed have, however. The reason I think mine has been left alone is because in the language file I changed the name of Comments to Barks.
I think the script is looking for comments and leaves me alone because I do not use the default language.
Just an idea.
Spam / Porno Comments
Posted on: 05/10/04 01:58pm
By: Dirk
[QUOTE BY= emasters] I know there is a way to set a sppedlimit for posts, can the same be done for comments? That might slow this down.[/QUOTE]
In config.php:
$_CONF['commentspeedlimit'] = 45;
bye, Dirk
Spam / Porno Comments
Posted on: 05/12/04 12:28pm
By: Anonymous (Rob)
Well I got fed up with this, so I hacked geeklog a bit. Basically if you change around COM_checkwords to return a flag if it finds what the guy is posting (I changed it to any word on my censored list)
if ( $EditedMessage == $Message)
return ($EditedMessage);
else
return($Replacement);
Then change Comment.php to check for this(change in the save comment function):
if (!empty ($title) && !empty ($comment) && ($comment != '*censored*')) {
This will prevent anything from posting a comment with censored words (and cramp someone's style if they try to submit a story with censored words too.) It's unfortunate but I found this may be the best way to deal with this.
-Rob
Spam / Porno Comments
Posted on: 05/26/04 09:08am
By: Anonymous (jadiepoo)
someone posted this idea as a separate thread but it has no replies yet...
There's a content-based comment/trackback spam blocking for Movable Type
here[*4] . Does anyone know if it works with GL or if there is an integration?
I've been getting hit with the stupid comment spammers too.
Spam / Porno Comments
Posted on: 05/26/04 01:09pm
By: Anonymous (ironmax)
I myself would like to know how they are getting thru in posting anonomously. I have been lucky so far as to not get such a posting from this group of bandits. Maybe its because I have things secured. If anyone wishes to take a crack at posting to my site the way that they are posting to your site (the one's that are being abused), please do so and put in the msg that you are testing for security. Click
here[*5] or goto http://www.spacequad.com to make your posts.
Spam / Porno Comments
Posted on: 05/27/04 09:52pm
By: Anonymous (BBall)
I have had a bunch of anonymous spam links on a couple of sites. The sites have anonymous comment posting turned off and have no signed up users (I do all the publishing).
The spam I got was pointing to pharma related links hosted at 01j.com - a domain registered in Russia.
Spam / Porno Comments
Posted on: 05/29/04 05:24pm
By: drkrum
I've had this happen too. This morning I had about a hundred of them that that I had to clean up. Now I've got a patched geeklog which requires a 10 second delay between hitting 'reply to this' and hitting submit, and disallows anonymous comments with more than 2 links in them. Logged in users can still post as many links as they like. This is a much better solution than IP banning.
I've got a patch against 1.3.9[*6] . I'd like to see it incorporated into the actual geeklog distribution.
Spam / Porno Comments
Posted on: 06/01/04 12:52am
By: JohnVanVliet
happy to say that i have missed all this . from day 1 i have not allowed an annonm. to post
but i do get people trying to dl the same file 50 times
i just put this into the httpd.conf
AllowOverride None
#
# Controls who can get stuff from this server.
#
Order allow,deny
Allow from all
Deny from 193.108.227.235 24.232.176.49
</Directory>
#