Welcome to Geeklog Tuesday, May 21 2019 @ 04:34 pm EDT

Geeklog Forums

Spammers have beat the new patch


Status: offline

keystone430

Forum User
Chatty
Registered: 28/01/04
Posts: 68
angry
The spammers have beat the new patch already on version 1.3.7. I installed the patch yesterday and it was working fine.
In the last half hour it has started again and the comments are formed differently this time. They have garbage text in between the links.

You can see them here. Just click on the link in the What's New block.

I fixed all the NFL and MLB sites on our network and most of the NHL yesterday. The comments are now on about 15 NFL sites and just started showing up on the MLB sites. This is a network with 6M page views per month.

Status: offline

jmichael

Forum User
Chatty
Registered: 08/04/04
Posts: 47
that site allows anonymous comments. might want to turn that off!

Status: offline

keystone430

Forum User
Chatty
Registered: 28/01/04
Posts: 68
I don't have control over that site. It is a network of independent publishers and I can only change my own. I have posted it and sent the info out to all of the affiliates and the network director. Until they give me the go ahead I cannot go in and change anything.
Most of the sites have their comments turned off. The first one to get hit with the spam today was one with anonymous comments turned off and the new patch applied. That is the Yankees site on the baseball network.

Status: offline

JohnVanVliet

Forum User
Full Member
Registered: 09/10/03
Posts: 161
i was able to post and was not logged in

this is a test from johnscelestiapage via geeklog

Status: offline

Dirk

Site Admin
Admin
Registered: 12/01/02
Posts: 13073
Location:Stuttgart, Germany
Before this gets too confusing:

The patch only helps against anonymous posts if (and only if) you have anonymous posts turned off. There's no way to prevent anyone from spamming if you allow anonymous posts or if they log in (other than the speed limit).

Speaking of the speed limit: The patch for the missing speed limit is only included in the 1.3.9sr1 upgrade. I guess retrofitting this patch into earlier versions would also help somewhat. I'll look into that ...

[edit: Got confused there myself - the speed limit patch is included in 1.3.9sr1 and 1.3.8-1sr5, but not in the patches for earlier versions.]

So, if you have a site that's still being spammed after the upgrade, please tell us
  • the exact version of Geeklog you're running
  • whether anonymous posts are allowed or not
  • whether the spam is posted anonymously or using a registered account (and which one)

bye, Dirk

Status: offline

keystone430

Forum User
Chatty
Registered: 28/01/04
Posts: 68
Thanks Dirk. When I checked they had re-enabled the comments. I fixed it again and will keep an eye on it.

My sites on 1.3.7 and 1.3.8sr4 and 1.3.9sr1 are all spam free as of this morning so it looks like it is working fine.


geeklog-fan

Anonymous
dirk.. i have a problem with newest update.. on the index page the name of the author is gone.. i think it's in index.php, because when I replace it with the old index file.. the authors name is back..

and is it right the size of the comment.php file has become much smaller? (from 35KB to 22KCool

Status: offline

LWC

Forum User
Full Member
Registered: 19/02/04
Posts: 818
They're baaack...

I've upgraded from 1.3.9 to 1.3.9sr1 last week and hoped it would stop the spam comments insanity.

Alas, today I've surfed to my site to find they came back
(their newest comment is from yesterday).

I'm sorry to inform you all that I guess that SR1 didn't do
the job.

And yes, I allow anonymous comments and that's what
they use.

What will be the end of this?

Status: offline

Dirk

Site Admin
Admin
Registered: 12/01/02
Posts: 13073
Location:Stuttgart, Germany
Quote by LWC: I'm sorry to inform you all that I guess that SR1 didn't do the job.

And yes, I allow anonymous comments and that's what they use.

Then you misunderstood what the sr1 update does. It fixed a bug that let those spammers post even when anonymous commenting was off. Nothing else.

Geeklog doesn't currently include any spam protection (other than the speed limit).

bye, Dirk

Status: offline

LWC

Forum User
Full Member
Registered: 19/02/04
Posts: 818
Actually, I was talking about the speed limit. I thought it would stop their spiders.

Status: offline

Dirk

Site Admin
Admin
Registered: 12/01/02
Posts: 13073
Location:Stuttgart, Germany
Quote by LWC: Actually, I was talking about the speed limit. I thought it would stop their spiders.

The previous spam runs came from lots of different IPs (probably hijacked PCs), so the speed limit doesn't apply

bye, Dirk

Status: offline

nytephal

Forum User
Junior
Registered: 01/07/04
Posts: 16
In order to turn off anonymous comments in 1.3.9sr1...do you have to set it in each story? Or is there a global ANONYMOUS COMMENTS ALLOWED = NO somewhere? I don't allow posting in the forum as anonymous...is that different?
Nytephal The Game Machine Admin

Status: offline

jmichael

Forum User
Chatty
Registered: 08/04/04
Posts: 47
in your geeklog config.php, find

$_CONF['commentsloginrequired']

Make sure it is set to 1 and users will need to login before posting story comments. And yes, the forum setting about anonymous posts is different and only applies to the forum.

HTH

Status: offline

Scorpion

Forum User
Chatty
Registered: 25/04/04
Posts: 39
Lol it redirected me to microsoft.com

Status: offline

Elegantly

Forum User
Junior
Registered: 13/08/04
Posts: 15

All times are EDT. The time is now 04:34 pm.

  • Normal Topic
  • Sticky Topic
  • Locked Topic
  • New Post
  • Sticky Topic W/ New Post
  • Locked Topic W/ New Post
  •  View Anonymous Posts
  •  Able to post
  •  Filtered HTML Allowed
  •  Censored Content