Welcome to Geeklog, Anonymous Friday, November 08 2024 @ 10:08 pm EST
Geeklog Forums
Spammers have beat the new patch
The spammers have beat the new patch already on version 1.3.7. I installed the patch yesterday and it was working fine.
In the last half hour it has started again and the comments are formed differently this time. They have garbage text in between the links.
You can see them here. Just click on the link in the What's New block.
I fixed all the NFL and MLB sites on our network and most of the NHL yesterday. The comments are now on about 15 NFL sites and just started showing up on the MLB sites. This is a network with 6M page views per month.
In the last half hour it has started again and the comments are formed differently this time. They have garbage text in between the links.
You can see them here. Just click on the link in the What's New block.
I fixed all the NFL and MLB sites on our network and most of the NHL yesterday. The comments are now on about 15 NFL sites and just started showing up on the MLB sites. This is a network with 6M page views per month.
8
11
Quote
Status: offline
keystone430
Forum User
Chatty
Registered: 01/28/04
Posts: 68
I don't have control over that site. It is a network of independent publishers and I can only change my own. I have posted it and sent the info out to all of the affiliates and the network director. Until they give me the go ahead I cannot go in and change anything.
Most of the sites have their comments turned off. The first one to get hit with the spam today was one with anonymous comments turned off and the new patch applied. That is the Yankees site on the baseball network.
Most of the sites have their comments turned off. The first one to get hit with the spam today was one with anonymous comments turned off and the new patch applied. That is the Yankees site on the baseball network.
16
11
Quote
Status: offline
JohnVanVliet
Forum User
Full Member
Registered: 10/09/03
Posts: 161
i was able to post and was not logged in
this is a test from johnscelestiapage via geeklog
this is a test from johnscelestiapage via geeklog
13
12
Quote
Status: offline
Dirk
Site Admin
Admin
Registered: 01/12/02
Posts: 13073
Location:Stuttgart, Germany
Before this gets too confusing:
The patch only helps against anonymous posts if (and only if) you have anonymous posts turned off. There's no way to prevent anyone from spamming if you allow anonymous posts or if they log in (other than the speed limit).
Speaking of the speed limit: The patch for the missing speed limit is only included in the 1.3.9sr1 upgrade. I guess retrofitting this patch into earlier versions would also help somewhat. I'll look into that ...
[edit: Got confused there myself - the speed limit patch is included in 1.3.9sr1 and 1.3.8-1sr5, but not in the patches for earlier versions.]
So, if you have a site that's still being spammed after the upgrade, please tell us
bye, Dirk
The patch only helps against anonymous posts if (and only if) you have anonymous posts turned off. There's no way to prevent anyone from spamming if you allow anonymous posts or if they log in (other than the speed limit).
Speaking of the speed limit: The patch for the missing speed limit is only included in the 1.3.9sr1 upgrade. I guess retrofitting this patch into earlier versions would also help somewhat. I'll look into that ...
[edit: Got confused there myself - the speed limit patch is included in 1.3.9sr1 and 1.3.8-1sr5, but not in the patches for earlier versions.]
So, if you have a site that's still being spammed after the upgrade, please tell us
- the exact version of Geeklog you're running
- whether anonymous posts are allowed or not
- whether the spam is posted anonymously or using a registered account (and which one)
bye, Dirk
10
13
Quote
Status: offline
keystone430
Forum User
Chatty
Registered: 01/28/04
Posts: 68
Thanks Dirk. When I checked they had re-enabled the comments. I fixed it again and will keep an eye on it.
My sites on 1.3.7 and 1.3.8sr4 and 1.3.9sr1 are all spam free as of this morning so it looks like it is working fine.
My sites on 1.3.7 and 1.3.8sr4 and 1.3.9sr1 are all spam free as of this morning so it looks like it is working fine.
10
18
Quote
geeklog-fan
Anonymous
dirk.. i have a problem with newest update.. on the index page the name of the author is gone.. i think it's in index.php, because when I replace it with the old index file.. the authors name is back..
and is it right the size of the comment.php file has become much smaller? (from 35KB to 22K
and is it right the size of the comment.php file has become much smaller? (from 35KB to 22K
12
10
Quote
Status: offline
LWC
Forum User
Full Member
Registered: 02/19/04
Posts: 818
They're baaack...
I've upgraded from 1.3.9 to 1.3.9sr1 last week and hoped it would stop the spam comments insanity.
Alas, today I've surfed to my site to find they came back
(their newest comment is from yesterday).
I'm sorry to inform you all that I guess that SR1 didn't do
the job.
And yes, I allow anonymous comments and that's what
they use.
What will be the end of this?
I've upgraded from 1.3.9 to 1.3.9sr1 last week and hoped it would stop the spam comments insanity.
Alas, today I've surfed to my site to find they came back
(their newest comment is from yesterday).
I'm sorry to inform you all that I guess that SR1 didn't do
the job.
And yes, I allow anonymous comments and that's what
they use.
What will be the end of this?
16
12
Quote
Status: offline
Dirk
Site Admin
Admin
Registered: 01/12/02
Posts: 13073
Location:Stuttgart, Germany
Quote by LWC: I'm sorry to inform you all that I guess that SR1 didn't do the job.
And yes, I allow anonymous comments and that's what they use.
And yes, I allow anonymous comments and that's what they use.
Then you misunderstood what the sr1 update does. It fixed a bug that let those spammers post even when anonymous commenting was off. Nothing else.
Geeklog doesn't currently include any spam protection (other than the speed limit).
bye, Dirk
12
14
Quote
Status: offline
Dirk
Site Admin
Admin
Registered: 01/12/02
Posts: 13073
Location:Stuttgart, Germany
Quote by LWC: Actually, I was talking about the speed limit. I thought it would stop their spiders.
The previous spam runs came from lots of different IPs (probably hijacked PCs), so the speed limit doesn't apply
bye, Dirk
14
18
Quote
Status: offline
nytephal
Forum User
Junior
Registered: 07/01/04
Posts: 16
In order to turn off anonymous comments in 1.3.9sr1...do you have to set it in each story? Or is there a global ANONYMOUS COMMENTS ALLOWED = NO somewhere? I don't allow posting in the forum as anonymous...is that different?
Nytephal
The Game Machine Admin
Nytephal
The Game Machine Admin
12
13
Quote
Status: offline
jmichael
Forum User
Chatty
Registered: 04/08/04
Posts: 47
in your geeklog config.php, find
$_CONF['commentsloginrequired']
Make sure it is set to 1 and users will need to login before posting story comments. And yes, the forum setting about anonymous posts is different and only applies to the forum.
HTH
$_CONF['commentsloginrequired']
Make sure it is set to 1 and users will need to login before posting story comments. And yes, the forum setting about anonymous posts is different and only applies to the forum.
HTH
14
12
Quote
Status: offline
Elegantly
Forum User
Junior
Registered: 08/13/04
Posts: 15
See also the thread Anonymous posters must enter a security code from a randomly generated image on these forums.
15
14
Quote
All times are EST. The time is now 10:08 pm.
- Normal Topic
- Sticky Topic
- Locked Topic
- New Post
- Sticky Topic W/ New Post
- Locked Topic W/ New Post
- View Anonymous Posts
- Able to post
- Filtered HTML Allowed
- Censored Content