Welcome to Geeklog, Anonymous Sunday, October 13 2024 @ 04:33 am EDT
Geeklog Forums
Phantom comments?
rv8
I've got something strange going on that has me very puzzled.
I'm running GL 1.3.11SR1, Spam-X is enabled. Everything has been working great. I've got one or more jerks who keep trying to post comment spam, but I add the new domains to Spam-X's personal blacklist, do a Mass Delete, and they are stopped until they get a new domain.
I've got the site set up to e-mail whenever a comment is posted, so I have a quick warning if new comment spam is happening. Yesterday I started getting a few e-mail messages from the site saying that a new comment had been posted. The messages had very little info - the body was like:
Title: post a comment
Username: Anonymous (68.40.230.56)
aldara <a href="http://pomm.arca
Read the full article at <http://www.kilohotel.com/rv8/comment.php?mode=view&cid=206>
------------------------------
End of Message
But, if clicked on the URL for the comment given in the e-mail, I got an Access Denied page from GL. If I went to the site, there would be no comment, nor would the Spam-X log show that a spam comment had been found and deleted. The IP addresses do not match any of the ones my comment spammers usually use.
I wondered if there could perhaps be a new problem with anonymous comments, so I used a different browser that hasn't memorizied my site login, and posted an anonymous comment OK. I looked at the GL log, and it has no entries at the times when the phantom comment e-mails are sent.
As near as I can tell, my site hasn't lost any of the desired functionality, so I am not too worried. But I am wondering what is going on, and if it is a symptom of some bigger problem that may bite me.
My site is at Kevin Horton's RV-8 Project.
Kevin Horton
rv8
bye, Dirk
I hadn't checked before, but that was a good thought.
Those comments are in the database, but the sid is not valid - i.e. that sid does not appear in the gl_stories table. It looks like a correct sid got truncated.
Looking at the comments, it seems clear that they are all intended to be spam comments. Maybe someone has some sort of automated comment spamming system that has a messed up story ID.
I'll delete the entries in the database and stop worrying about them.
Thanks for your help.
Kevin Horton
Dirk
That calls for a code review then, since that shouldn't happen ...
Can you provide more details about those sids? Are they empty?
bye, Dirk
rv8
I have several comment spammers who keep trying to post comments. One of them seems to post comments to the same list of stories, and the comments appear in bursts in a very short period. E.g., the Spam-X log shows one occasion where three spam comments were made in one second from the same IP. I assume there must be an automated system to make those comments, unless this guy is a world record typist.
Kevin Horton
- Normal Topic
- Sticky Topic
- Locked Topic
- New Post
- Sticky Topic W/ New Post
- Locked Topic W/ New Post
- View Anonymous Posts
- Able to post
- Filtered HTML Allowed
- Censored Content