Textpattern CMS support forum
You are not logged in. Register | Login | Help
- Topics: Active | Unanswered
#25 2005-12-23 16:16:59
- studiozoe
- New Member
 
- From: Göteborg, Sweden
- Registered: 2004-11-14
- Posts: 8
Re: Textile formatted comment spam
I’ve already deleted the spam, but I’ll post the logs just in case it helps someone determine a fix or whatever…
Date banned ip Name used Banned for
2005-12-23  	adsl-68-248-197-42.dsl.milwwi.ameritech.net  	virtual casino  	1977  	
2005-12-23 	d150-124-81.home.cgocable.net 	                     nextel ringtones 	  1978 	
2005-12-23 	pcp08334418pcs.puntag01.fl.comcast.net 	         flexeril 	           1975 	
2005-12-23 	49.86.171.66.subscriber.vzavenue.net 	           VasaMom 	        1972 
2005-12-23 	ool-182d6ea7.dyn.optonline.net 	                       lipitor 	                 1973 	
2005-12-23 	adsl-70-233-182-4.dsl.okcyok.sbcglobal.net 	  lotto 	            1974
Offline
Re: Textile formatted comment spam
Here’s a preliminary plugin that should help for a while. Install and activate.
—
YTo5OntzOjc6InZlcnNpb24iO3M6MzoiMC4xIjtzOjY6ImF1dGhvciI7czoxNjoiU2VuY2Vy
IFl1cmRhZ8O8bCI7czoxMDoiYXV0aG9yX3VyaSI7czoyMDoiaHR0cDovL3d3dy5zZW5jZXIu
ZGUiO3M6MTE6ImRlc2NyaXB0aW9uIjtzOjYzOiJUZW1wb3JhcnkgcGx1Z2luIHRvIHN0b3Ag
dGhhdCBmaXJzdCBzcGFtYm90IHRoYXQncyBnb2luZyBhcm91bmQiO3M6NDoidHlwZSI7aTow
O3M6NDoibmFtZSI7czoxMjoiYXN5X3N0b3BkdWRlIjtzOjQ6ImhlbHAiO3M6MzU6IgoJPHA+
Tm90IG11Y2ggaGVyZSwgc29ycnkuPC9wPgoKCgogIjtzOjQ6ImNvZGUiO3M6Mzk2OiIKaWYg
KGdwcygncGFyZW50aWQnKQoJJiYgZ3BzKCdzdWJtaXQnKQoJJiYgc3Ryc3RyKHNlcnZlclNl
dCgnUkVRVUVTVF9VUkknKSwgJyNjJykgKQp7CglnbG9iYWwgJHByZXRleHQsICRwcmVmczsK
CSRwcmV0ZXh0WydyZXF1ZXN0X3VyaSddID0gJy8jc3RvcGR1ZGUtYmxvY2tlZC1jb21tZW50
LW9uLScuaW50dmFsKGdwcygncGFyZW50aWQnKSk7CgkkcHJldGV4dFsnc2l0ZW5hbWUnXSA9
ICRwcmVmc1snc2l0ZW5hbWUnXTsKCWxvZ2l0KCk7Cgl0eHBfZGllKCdVbmFibGUgdG8gcmVj
b3JkIHRoZSBjb21tZW50LiBQbGVhc2UgY29udGFjdCB0aGUgcHVibGlzaGVyIG9mIHRoaXMg
c2l0ZSwgaWYgdGhpcyBwcm9ibGVtIHBlcnNpc3RzLicKCQkJLCc0MTIgUHJlY29uZGl0aW9u
IGZhaWxlZCcpOwp9CgoiO3M6MzoibWQ1IjtzOjMyOiJkNzhjYWEzYTNmZjczMDY5NGYzMDU4
YmEwZmFkN2JlOCI7fQ==—
Last edited by wet (2008-07-28 08:40:41)
Offline
#27 2005-12-24 03:19:32
- zem
- Developer Emeritus
 
- From: Melbourne, Australia
- Registered: 2004-04-08
- Posts: 2,579
Re: Textile formatted comment spam
Can someone who’s being hit by spam please test a current copy from http://svn.textpattern.com/development/4.0/, and see if it stops the bot (without using Sencer’s plugin).
Alex
Offline
Re: Textile formatted comment spam
> Sencer wrote:
> Here’s a preliminary plugin that should help for a while. Install and activate.
Cool! So far so good.
thanks
Alan
Alan Macdougall — http://halfpie.net/
Offline
Re: Textile formatted comment spam
Okay, I have the SVN version up, and I’ve turned off the blacklist. I was hit hard yesterday and today. What was the change?
Offline
Re: Textile formatted comment spam
I installed the plugin and turned logging back on:
12/24 8:44 am ool-4352e7ef.dyn.optonline.net generic/205/scriptaculous#comment
12/24 8:44 am 24-183-41-57.dhcp.mdsn.wi.charter.com #stopdude-blocked-comment-on-205
12/24 8:44 am ool-182ed855.dyn.optonline.net generic/205/scriptaculous#comment#cpreview
12/24 8:44 am 12-221-121-109.client.insightBB.com generic/205/scriptaculous#comment
12/24 12:57 pm 68-65-74-141.lmdaca.adelphia.net generic/205/scriptaculous#comment
12/24 12:57 pm ip68-3-170-229.ph.ph.cox.net #stopdude-blocked-comment-on-205
12/24 12:57 pm cpe-68-173-27-170.nyc.res.rr.com generic/205/scriptaculous#comment#cpreview
12/24 12:56 pm spc1-burn2-3-0-cust130.bagu.broadband.nt…
l.com generic/205/scriptaculous#comment
It definitely appears to be working.
Offline
Re: Textile formatted comment spam
How does this plugin work? I was getting hit with about 2 spams and hour on 1 article only until I installed this plugin and they’ve stopped. What does it do to stop them because I can still see them trying through my referer logs, it shows them going to url+#cpreview but no comment showing up. I’m just interested.
Offline
Re: Textile formatted comment spam
Looks like the SVN version works, too. I see a few attempts in my log, but nothing’s going through (this is from my Apache log):
Host: 67-20-45-18.chvlva.adelphia.net
/blog/merry-christmas Http Code: 200 Date: Dec 24 14:39:59 Http Version: HTTP/1.1 Size in Bytes: 26114 Referer: http://utopianhell.com/blog/merry-christmas Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
Host: ppp-70-226-17-124.dsl.toldoh.ameritech.net
/blog/nude-dwarves—gross- Http Code: 200 Date: Dec 24 14:39:56 Http Version: HTTP/1.1 Size in Bytes: 13659 Referer: http://utopianhell.com/blog/nude-dwarves—gross- Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
Host: pcp01639459pcs.levtwn01.pa.comcast.net
/blog/merry-christmas#cpreview Http Code: 404 Date: Dec 24 14:39:55 Http Version: HTTP/1.1 Size in Bytes: 983 Referer: http://utopianhell.com/blog/merry-christmas Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
Host: cpe-24-166-68-201.neo.res.rr.com
/blog/nude-dwarves—gross-#cpreview Http Code: 404 Date: Dec 24 14:39:53 Http Version: HTTP/1.1 Size in Bytes: 983 Referer: http://utopianhell.com/blog/nude-dwarves—gross- Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
Host: 24-171-6-39.dhcp.stls.mo.charter.com
/ Http Code: 200 Date: Dec 24 14:39:51 Http Version: HTTP/1.1 Size in Bytes: 36168 Referer: http://utopianhell.com/ Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
Host: ppp-70-128-225-166.dsl.austtx.swbell.net
/blog/merry-christmas Http Code: 200 Date: Dec 24 14:39:49 Http Version: HTTP/1.1 Size in Bytes: 26114 Referer: http://utopianhell.com Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) | | |
/blog/breaking-news-mmogs-not-games#cpreview Http Code: 404 Date: Dec 24 14:39:50 Http Version: HTTP/1.1 Size in Bytes: 983 Referer: http://utopianhell.com/blog/breaking-news-mmogs-not-games Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
Host: ppp-69-237-236-238.dsl.irvnca.pacbell.net
/blog/nude-dwarves—gross- Http Code: 200 Date: Dec 24 14:39:47 Http Version: HTTP/1.1 Size in Bytes: 13659 Referer: http://utopianhell.com Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
Host: adsl-68-72-160-142.dsl.chcgil.ameritech.net
/blog/puzzle-games-and-people-eating-snakes Http Code: 200 Date: Dec 24 14:39:46 Http Version: HTTP/1.1 Size in Bytes: 21197 Referer: http://utopianhell.com Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
Host: 82-40-164-193.cable.ubr09.azte.blueyonder.co.uk
/blog/breaking-news-mmogs-not-games Http Code: 200 Date: Dec 24 14:39:45 Http Version: HTTP/1.1 Size in Bytes: 16122 Referer: http://utopianhell.com Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
Host: ool-43541677.dyn.optonline.net
/blog/holiday-skin—-yule-2005#cpreview Http Code: 404 Date: Dec 24 14:39:44 Http Version: HTTP/1.1 Size in Bytes: 983 Referer: http://utopianhell.com/blog/holiday-skin—-yule-2005 Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
Host: ool-44c2256f.dyn.optonline.net
/blog/holiday-skin—-yule-2005 Http Code: 200 Date: Dec 24 14:39:42 Http Version: HTTP/1.1 Size in Bytes: 12635 Referer: http://utopianhell.com Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
Offline
Re: Textile formatted comment spam
The plugin works on mine. Thanks, Sencer!
Offline
Re: Textile formatted comment spam
That plugin works fine, but it is only a temporary solution. Since I’ve installed it almost every spam have been blocked. Yet this morning 6 comments surpassed the filter and entered in the moderation queue (who knows if it was automatic – there have been only 2 different IPs). That is very, very few in view of the massive attack that is still going on. But maybe there will be more.
In any case: thanks!
Offline
#35 2005-12-27 13:57:55
- davidm
- Member
 
- From: Paris, France
- Registered: 2004-04-27
- Posts: 719
Re: Textile formatted comment spam
I’ll try out this plugin and report, thanks Sencer !
I desperatly need it… been hit 120 spam comments yesterday…
.: Retired :.
Offline
Re: Textile formatted comment spam
hiya, thanks for the plug-in, but how do I configure that thing?
not a coder here, but I hates the spams.
Fine then, I’ll just make a hit counter myself.
Offline




