Welcome to Geeklog, Anonymous Thursday, March 28 2024 @ 10:42 am EDT

Geeklog Forums

Phantom comments?


Status: offline

rv8

Forum User
Regular Poster
Registered: 10/10/02
Posts: 105
Location:Ottawa, Canada

I've got something strange going on that has me very puzzled.

I'm running GL 1.3.11SR1, Spam-X is enabled. Everything has been working great. I've got one or more jerks who keep trying to post comment spam, but I add the new domains to Spam-X's personal blacklist, do a Mass Delete, and they are stopped until they get a new domain.

I've got the site set up to e-mail whenever a comment is posted, so I have a quick warning if new comment spam is happening. Yesterday I started getting a few e-mail messages from the site saying that a new comment had been posted. The messages had very little info - the body was like:

Text Formatted Code

Title: post a comment
Username: Anonymous (68.40.230.56)
aldara <a href="http://pomm.arca

Read the full article at <http://www.kilohotel.com/rv8/comment.php?mode=view&cid=206>

------------------------------

End of Message

 

But, if clicked on the URL for the comment given in the e-mail, I got an Access Denied page from GL. If I went to the site, there would be no comment, nor would the Spam-X log show that a spam comment had been found and deleted. The IP addresses do not match any of the ones my comment spammers usually use.

I wondered if there could perhaps be a new problem with anonymous comments, so I used a different browser that hasn't memorizied my site login, and posted an anonymous comment OK. I looked at the GL log, and it has no entries at the times when the phantom comment e-mails are sent.

As near as I can tell, my site hasn't lost any of the desired functionality, so I am not too worried. But I am wondering what is going on, and if it is a symptom of some bigger problem that may bite me.

My site is at Kevin Horton's RV-8 Project.


Kevin Horton
 Quote

Status: offline

Dirk

Site Admin
Admin
Registered: 01/12/02
Posts: 13073
Location:Stuttgart, Germany
Hmm. Did you check if those "phantom comments" are in the database?

bye, Dirk
 Quote

Status: offline

rv8

Forum User
Regular Poster
Registered: 10/10/02
Posts: 105
Location:Ottawa, Canada
Quote by Dirk: Hmm. Did you check if those "phantom comments" are in the database?

bye, Dirk

I hadn't checked before, but that was a good thought.

Those comments are in the database, but the sid is not valid - i.e. that sid does not appear in the gl_stories table. It looks like a correct sid got truncated.

Looking at the comments, it seems clear that they are all intended to be spam comments. Maybe someone has some sort of automated comment spamming system that has a messed up story ID.

I'll delete the entries in the database and stop worrying about them.

Thanks for your help.


Kevin Horton
 Quote

Status: offline

Dirk

Site Admin
Admin
Registered: 01/12/02
Posts: 13073
Location:Stuttgart, Germany
Quote by rv8: Those comments are in the database, but the sid is not valid - i.e. that sid does not appear in the gl_stories table. It looks like a correct sid got truncated.

That calls for a code review then, since that shouldn't happen ...

Can you provide more details about those sids? Are they empty?

bye, Dirk
 Quote

Status: offline

rv8

Forum User
Regular Poster
Registered: 10/10/02
Posts: 105
Location:Ottawa, Canada
The sids were numerical, 10 digits long, and those 10 digits do happen to be the first 10 digits of a valid sid (i.e. an sid that is in gl_stories).

I have several comment spammers who keep trying to post comments. One of them seems to post comments to the same list of stories, and the comments appear in bursts in a very short period. E.g., the Spam-X log shows one occasion where three spam comments were made in one second from the same IP. I assume there must be an automated system to make those comments, unless this guy is a world record typist. Smile
Kevin Horton
 Quote

All times are EDT. The time is now 10:42 am.

  • Normal Topic
  • Sticky Topic
  • Locked Topic
  • New Post
  • Sticky Topic W/ New Post
  • Locked Topic W/ New Post
  •  View Anonymous Posts
  •  Able to post
  •  Filtered HTML Allowed
  •  Censored Content