Welcome to Geeklog, Anonymous Saturday, October 05 2024 @ 11:55 am EDT
Geeklog Forums
My first ever Geeklog e-mail spam
Page navigation
LWC
Message #1:
X-Originating-IP: 203-144-144-163.static.asianet.co.th
[203.144.144.163]
A little more than an hour later, I got message #2:
X-Originating-IP: browster.com
[72.32.59.213]
Is it standard to get this via Geeklog because it never happened to me before? And does the new beta version deal with this further?
ironmax
Michael
ironmax
http://www.spacequad.com/forum/viewtopic.php?showtopic=49&lastpost=true#50
Michael
LWC
Unless you just meant you manually add bad links to Spam-X, which is a pretty Sisyphean task if you ask me.
ironmax
It sounds to me you did some manual (and pretty crippling) hack to disable links sent in forms. If so, it's something personal you've done and has nothing to do with the official code of Geeklog and Spam-X, which I've asked about.
Unless you just meant you manually add bad links to Spam-X, which is a pretty Sisyphean task if you ask me.
Ummm....actually...I have not touched the code. Maybe you should get a fresh copy of geeklog without all YOUR hacks into it and see if it works as intended. And NO, I did not manually put links into spam-x for filtering.
oskay
So far as I can see, Spam-X does not block plain-text URLs written in an e-mail message. I tested this by sending myself e-mail through my user page that said "hello! http://www.evilmadscientist.com/" (my own URL!), and it got to me just fine.
So... I imagine that there's no good way to stop this type of e-mail, short of deleting all e-mail that contains a URL, which is not something that I want to do in general.
ironmax
You keep saying if only I didn't change stuff...but I didn't change anything in Spam-X. If you have the beta version and not what I stated above, that's a whole different story.
I am currently running the beta, however, nothing had changed from 1.4.0 versions in how it operates. Atleast nothing noticeable from my view point. Did you update your spam-x blacklist? How about perhaps giving bad behavior a run...see if that'll take care of your problem. I've seen alot of entries for the BB and alot of it was nonsense robot hits. Sure I had to play with the settings for a few users that were blocked, but they are coming thru just fine after the tweaks in BB on the whitelist for them. If a user is having issues, they let me know and I fix it for them.
ironmax
I've been getting these as well.
So far as I can see, Spam-X does not block plain-text URLs written in an e-mail message. I tested this by sending myself e-mail through my user page that said "hello! http://www.evilmadscientist.com/" (my own URL!), and it got to me just fine.
So... I imagine that there's no good way to stop this type of e-mail, short of deleting all e-mail that contains a URL, which is not something that I want to do in general.
Okay, after reading this. I decided to check my email server after a test to discover the email server was was tossing them in the bit can cuz it thinks its spam. I did not realize this cuz I was getting a error back from spam-x stating that it was spam. So I thought nothing further about it until a second report came up on this issue. So, what is the likelyhood of 2 or more of the same thing happening. I guess I have some more testing to do and figure this out.
ironmax
Thanks, Dirk! See, Ironmax? You could have saved a lot of writing...
LWC
What you said is exactly right - this question was meant for those who do know.
But here we go again - those spammers were not registered users so it has nothing to do with the registration script.
LWC
Most subjects are no longer "hello" but "some sites" and contain what should be censored words in their URLs or the words they throw around besides the URLs.
Some recent spammers, well, spammer (same e-mail address in all of them):
X-Originating-IP: 200-138-44-185.ctame705.dsl.brasiltelecom.net.br
X-OS: Opera/9.0 (Windows NT 5.1; U; en)
X-Originating-IP: 201-27-49-217.dsl.telesp.net.br
[201.27.49.217]
X-OS: Opera/9.0 (Windows NT 5.1; U; en)
X-Originating-IP: c95119ac.virtua.com.br
[201.81.25.172]
LWC
A screenshot of a typical spam that gets through Geeklog v1.4.1's forms.
Dirk
Emails sent through the contact form are run through Spam-X in 1.4.1. If spam still gets through, then you'll have to adjust Spam-X, i.e. add keywords and URLs from that spam.
Exactly the same as with comment spam ...
bye, Dirk
LWC
Also, what I wonder is how come the same spam doesn't reach my comments? It makes no sense. Why would the spammers choose just e-mail forms? How can they even tell the difference? So I was thinking maybe it's a specific bug in forms/Spam-X, which again leads me to the first request.
But in case there's no problem, I get so many of these things that I wonder how come the SLV database doesn't recognize these links as known spam.
ironmax
LWC
So the spammers took another step. They've started writing their spam in the "from" header and profiles.php just uses Spam-X to scan the subject and body...
It doesn't even make sense. The message contains no links or bad words in the body and subject, just a "buy X" in the "from" header. Even if I wanted to buy X, how do I do it...?
Be it as it may, can please you add the "from" header to the scanning in the next version?
Page navigation
- Normal Topic
- Sticky Topic
- Locked Topic
- New Post
- Sticky Topic W/ New Post
- Locked Topic W/ New Post
- View Anonymous Posts
- Able to post
- Filtered HTML Allowed
- Censored Content