Textpattern CMS support forum
You are not logged in. Register | Login | Help
- Topics: Active | Unanswered
#1 2010-10-25 06:57:26
- roelof
- Member
- Registered: 2005-03-27
- Posts: 647
zem reborn security problem
Hello,
Since yesterday I get a lot of spam send by zem reborn.
The wierdest is that on the logs nothing can be found about visit that page.
Anyone a idea what happen now.
Roelof
Offline
Re: zem reborn security problem
If you can give me a login and send me a few complete spam mail headers, I can try to investigate it.
Receiving spam typically isn’t a security problem with ZCR. Did you install any anti-spam plugins for ZCR?
Last edited by ruud (2010-10-25 10:01:16)
Offline
#3 2010-10-25 10:13:25
- roelof
- Member
- Registered: 2005-03-27
- Posts: 647
Re: zem reborn security problem
Hello,
I can give you a login but to which mail adress.
Would you recieve the spam headers on the same adress ?
I did only install ZRC and no anti spam plugins. Only ZCR and the language files ?
Which anti spam plugin do you recommend.
Roelof
Offline
Re: zem reborn security problem
Try pap_contact_cleaner
If that doesn’t help, collect a large set of spam messages sent through the ZCR form and based on that a anti-spam filter can be developed targeting that specific type of spam (assuming they have things in common).
PS. you can email me on the left side of my posts.
Offline
Re: zem reborn security problem
Having looked at the logs it’s just a normal spambot problem, not a security issue with the plugin itself.
Offline
#6 2010-10-25 11:59:08
- roelof
- Member
- Registered: 2005-03-27
- Posts: 647
Re: zem reborn security problem
Oke,
Then I overlooked the right entry’s.
But pap-contact-cleaner link does not work.
I’m thinking about one of these 2 plugins :
mrw_spamkeywords_urlcount – acts on number of links in comment field, and certain, definable keywords.
asy_stopdude – totally transparent to users. Specifically targetted against the current spam-bots/tools
because the spam is a lot of yahoo links.
Roelof
Offline
#7 2010-10-25 12:35:52
- net-carver
- Archived Plugin Author
- Registered: 2006-03-08
- Posts: 1,648
Offline
#8 2010-10-25 16:41:05
- els
- Moderator
- From: The Netherlands
- Registered: 2004-06-06
- Posts: 7,458
Re: zem reborn security problem
Roelof, pap_contact_cleaner still works very well against spam. You can grab a copy here. (Maybe someone can put it on textpattern.org?)
Last edited by els (2010-10-25 16:41:44)
Offline
Re: zem reborn security problem
The pap_contact_cleaner link on TXP.org works just fine.
Offline
#10 2010-10-25 16:57:42
- roelof
- Member
- Registered: 2005-03-27
- Posts: 647
Re: zem reborn security problem
Oke,
I will try pap-contact cleaner and if that’s not working I will try the other
Everyone thanks for the help.
Roelof
Offline
#11 2010-10-25 19:47:56
- roelof
- Member
- Registered: 2005-03-27
- Posts: 647
Re: zem reborn security problem
Hello,
pap-contact-cleaner does not the job.
Still the same spam messages like this :
Naam: jonn1
Email: email@gmail.com
Bericht: comment5, <a
href=“http://pulse.yahoo.com/_2QF2DNTLEXS43SJZYSOG5ZVKUQ/blog/articles/218551”>pamela
anderson porn video for free</a>,
[url=“http://pulse.yahoo.com/_2QF2DNTLEXS43SJZYSOG5ZVKUQ/blog/articles/218551”]pamela
anderson porn video for free[/url],
http://pulse.yahoo.com/_2QF2DNTLEXS43SJZYSOG5ZVKUQ/blog/articles/218551 pamela
anderson porn video for free, 507629, <a
href=“http://pulse.yahoo.com/_G5VDI7SUMK2FJ2ZX22BX6Z67WA/blog/articles/227160”>intitle
index of sex movies</a>,
[url=“http://pulse.yahoo.com/_G5VDI7SUMK2FJ2ZX22BX6Z67WA/blog/articles/227160”]intitle
So I will try the other plugins
Roelof
Offline
#12 2010-10-25 19:55:42
- roelof
- Member
- Registered: 2005-03-27
- Posts: 647
Re: zem reborn security problem
Hello,
I have another problem too.
I have this .httaccess :
#DirectoryIndex index.php index.html
#Options +FollowSymLinks
#Options -Indexes
<IfModule mod_rewrite.c> RewriteEngine On #RewriteBase /relative/web/path/
RewriteCond %{REQUEST_FILENAME} -f [OR] RewriteCond %{REQUEST_FILENAME} -d RewriteRule ^(.+) – [PT,L]
RewriteCond %{REQUEST_URI} !=/favicon.ico RewriteRule ^(.*) index.php
RewriteCond %{HTTP:Authorization} !^$
RewriteRule .* – [E=REMOTE_USER:%{HTTP:Authorization}]
</IfModule>
#php_value register_globals 0
order allow,deny
deny from 79.142.67.109
allow from all
But now I get a 403 and no site.
Anyone who can help me ?
Roelof
Last edited by roelof (2010-10-26 06:39:19)
Offline