Textpattern CMS support forum
You are not logged in. Register | Login | Help
- Topics: Active | Unanswered
Pages: 1
comment spam attack
I just had ~20 spam comments posted to my site today. I am running the 4.0.4 release version which I recently updated to. This is more comment spam in one day than I’ve gotten the entire time I’ve used TXP. I had been periodically updating my install from SVN. The last time I did was probably a couple months ago.
Here are my diagnostics:
====================================
Textpattern version: 4.0.4 (r1956)
Last Update: 2006-10-19 01:03:25/2006-10-19 01:01:31
Document root: /xxxx/public_html
$path_to_site: /xxxx/public_html
Textpattern path: /xxxx/public_html/textpattern
Permanent link mode: section_id_title
open_basedir: /xxxx/:/usr/lib/php:/usr/local/lib/php:/tmp
Temporary directory path: /xxxxpublic_html/textpattern/tmp
Site URL: www.wilshireone.com
PHP version: 4.4.4
Server Local Time: 2006-11-04 23:26:12
MySQL: 4.1.21-standard
Locale: en_US.UTF-8
Server: Apache/1.3.37 (Unix) mod_auth_passthrough/1.8 mod_log_bytes/1.2 mod_bwlimited/1.4 PHP/4.4.4 FrontPage/5.0.2.2635.SR1.2 mod_ssl/2.8.28 OpenSSL/0.9.6b
Apache version: Apache/1.3.37 (Unix) mod_auth_passthrough/1.8 mod_log_bytes/1.2 mod_bwlimited/1.4 PHP/4.4.4 FrontPage/5.0.2.2635.SR1.2 mod_ssl/2.8.28 OpenSSL/0.9.6b
PHP Server API: apache
RFC 2616 headers:
Server OS: Linux 2.4.30.dn1.p4.u
Active plugins: rss_admin_quikpik-0.6, rss_suparchive-0.18m, rss_admin_show_adv_opts-0.3, ob1_title-1.4m, rss_posted-0.1m, PFA_Beginning-0.2m, ajw_comment_alt-0.2m, ajw_comment_num-0.2m, ajw_if_comment_owner-0.2, czg_if_comment_cookies-0.1, glx_gravatar-0.2m, dru_random_text-0.1m, ptv_if-0.3b, mdn_if_section-2.1m, zem_contact-0.6, mic_permlink-0.3, sgb_url_handler-0.1.5m, ako_nav-0.2, rss_admin_resize-0.2m, rsx_plugins_list-1.0m, rss_thumbpop-0.7, ajw_plugin_info-0.2m, sgb_error_documents-0.1.1m, glx_admin_image-0.5b, glx_code-0.3m, tfu_linklog-0.1m, mdn_count-1.4, bas_img_selector-0.3m, poe_bbclone-0.4m, rss_bbclone_popular-0.1m, rss_linkcat_list-0.1, rss_spread_firefox-0.2, rei_show_custom-0.4, dak_categories_edited-0.4m, rss_live_search-0.6, rss_calendar-0.1m, mem_glinklist-0.8.1, rss_link_date-0.1, rss_live_archive-0.5, mem_online_users-0.1, hpw_most_popular_articles-0.2m, rss_admin_db_manager-4.1, zem_dropcash-0.1, rss_article_edit-0.1, rss_googlemap_stats-0.2m, rss_google_map-0.3, rss_unlimited_categories-0.6, rss_if_search_results-0.1, rss_auto_excerpt-0.2, rss_feed_images-0.1, rss_category_cloud-0.1
Pre-flight check:
————————————
some_php_functions_disabled: system,exec,passthru,shell_exec,chgrp,chown,dl,proc_open,proc_close
————————————
.htaccess file contents:
————————————
#DirectoryIndex index.php index.html
#Options +FollowSymLinks
#RewriteBase /relative/web/path/
DefaultType application/x-httpd-php
AddType application/x-httpd-php .html .htm
php_value auto_prepend_file /xxxxx/xxxxxx/mint/config/auto.php
php_flag zlib.output_compression On
php_value zlib.output_compression_level 9
ErrorDocument 401 /stats/onerror.html
ErrorDocument 403 /stats/onerror.html
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} -f [OR]
RewriteCond %{REQUEST_FILENAME} -d
RewriteRule ^(.+) – [PT,L]
RewriteRule ^(.*) index.php
</IfModule>
php_value register_globals 0
————————————
Last edited by wilshire (2006-11-05 04:34:07)
Offline
#2 2006-11-05 18:45:53
- NyteOwl
- Member
- From: Nova Scotia, Canada
- Registered: 2005-09-24
- Posts: 539
Re: comment spam attack
The single biggest step to preventing comment spam imho is to require preview before submit. If you have then it would seems tronger emasures are in order.
Obsolescence is just a lack of imagination. / 36-bits Forever! / #include <disclaimer.h>;
Offline
Re: comment spam attack
Had a similar problem sorted with mrw_spamkeywords and its’ mod by sencer.
Yiannis
——————————
NeMe | hblack.art | EMAP | A Sea change | Toolkit of Care
I do my best editing after I click on the submit button.
Offline
Re: comment spam attack
NyteOwl wrote:
The single biggest step to preventing comment spam imho is to require preview before submit. If you have then it would seems tronger emasures are in order.
i require preview before submit but nonetheless i got hit with about 60 spam comments yesterday. running 4.0.3, i installed the aforementioned plugin and hope that this will fix the problem.
Offline
Re: comment spam attack
Had a similar problem sorted with mrw_spamkeywords and its’ mod by sencer.
I’ll try the plugin. Looks like it should do the trick. Thanks.
Last edited by wilshire (2006-11-05 21:31:41)
Offline
#6 2006-11-06 16:53:04
- Mary
- Sock Enthusiast
- Registered: 2004-06-27
- Posts: 6,236
Re: comment spam attack
What IP(s) did they come from and what does your logs say about them?
Offline
#7 2006-11-06 20:05:37
- zem
- Developer Emeritus
- From: Melbourne, Australia
- Registered: 2004-04-08
- Posts: 2,579
Re: comment spam attack
i require preview before submit but nonetheless i got hit with about 60 spam comments yesterday. running 4.0.3
Please upgrade to 4.0.4. It includes improved spam protection.
Alex
Offline
#8 2006-11-06 20:17:18
- zem
- Developer Emeritus
- From: Melbourne, Australia
- Registered: 2004-04-08
- Posts: 2,579
Re: comment spam attack
Wilshire and Colak: can you confirm whether you had altered or removed Textpattern’s comment preview mechanism please? (Colak: which txp version?) We need to know if this is a problem against a stock 4.0.4 release.
Last edited by zem (2006-11-06 20:18:03)
Alex
Offline
Re: comment spam attack
This appears to have been a tough weekend for several of us. I had nearly a hundred spam comment messages get through. I had none before this weekend. Comment Preview is required. Version 4.04. Fixing a typo on my blacklist helped… some. Using the urlcount plugin already mentioned helped tremendously.
Sources include:
81.177.15.xxx
81.177.14.xxx
193.93.237.xxx
Offline
Re: comment spam attack
zem- I am using a stock 4.0.4 install. No mods at all.
mary- I got 30+ comments from these 4 IPs (81.177.15.81, 81.177.15.64, 81.177.15.82, 81.177.22.216).
But I haven’t received any since I installed the plugin.
Offline
Re: comment spam attack
zem wrote:
Wilshire and Colak: can you confirm whether you had altered or removed Textpattern’s comment preview mechanism please? (Colak: which txp version?) We need to know if this is a problem against a stock 4.0.4 release.
Zem I am using 4.0.3 with preview always enabled. Spam has stopped sinc I installed the plugin.
Last edited by colak (2006-11-07 07:35:33)
Yiannis
——————————
NeMe | hblack.art | EMAP | A Sea change | Toolkit of Care
I do my best editing after I click on the submit button.
Offline
Re: comment spam attack
Mary wrote:
What IP(s) did they come from and what does your logs say about them?
here are of the first ips which I have banned. After the 2nd day I gave up as the spam was too much and from ips not starting with 84, 221 or 220. Installing the plugin was a life saviour.
84.110.248.84
84.110.252.134
84.110.243.59
84.110.227.249
84.110.247.94
84.110.248.106
84.110.236.27
84.110.252.215
84.110.241.98
84.110.244.9
84.110.227.245
84.110.251.85
84.110.246.121
201.20.114.84
221.10.55.227
84.110.233.140
84.110.236.93
84.110.246.225
84.110.226.204
211.7.20.173
61.72.241.27
84.110.248.139
84.110.240.233
84.110.243.110
220.81.12.240
218.235.110.77
220.237.249.240
84.110.245.154
84.110.233.177
84.110.225.61
84.110.244.201
220.121.235.251
221.152.208.242
211.183.140.30
221.138.90.224
84.110.231.200
Yiannis
——————————
NeMe | hblack.art | EMAP | A Sea change | Toolkit of Care
I do my best editing after I click on the submit button.
Offline
Pages: 1