Spam through comments made by registrered users on unknown modules [Xoops Bug Reports]

1

Spam through comments made by registrered users on unknown modules

2009/12/29 15:22
Marco
Home away from home
Posts: 1256
Since: 2004/3/15

I've found some recently huge strange comments on my sites : a registrered users (a spammer) was able to post many comments on a unknown module from my XOOPS site (on download module, that was not installed at all). How is it possible ? Anyone ever experienced this too?
i had to delete those through system admin (modules/system/admin.php?fct=comments)

2

Re: Spam through comments made by registrered users on unknown modules

2009/12/29 16:17
ghia
Community Support Member
Posts: 4953
Since: 2008/7/3 1

Use the date and time of the comments to find the actions taken in the Apache logs.

3

Re: Spam through comments made by registrered users on unknown modules

2009/12/30 19:53
Marco
Home away from home
Posts: 1256
Since: 2004/3/15

yep, i'll analyse deeply next time, but what was surprising is that i run the protector module.
i wonder if anyone experienced this before...

4

Re: Spam through comments made by registrered users on unknown modules

2009/12/30 20:17
djynnius
Just popping in
Posts: 59
Since: 2006/10/21

what version of XOOPS was this?

5

Re: Spam through comments made by registrered users on unknown modules

2009/12/30 20:21
Marco
Home away from home
Posts: 1256
Since: 2004/3/15

2.4.2, but i experienced this with 2.3 too before

6

Re: Spam through comments made by registrered users on unknown modules

2009/12/30 20:44
ghia
Community Support Member
Posts: 4953
Since: 2008/7/3 1

Protector protects only in some cases when 'regular' users start to post. There is the number of requests, but limiting it too far will harm access to modules with rich content.
And there is the number of links in a post, but limiting it too far will harm regular article posting.

You must seek your Apache logs for repeating patterns, typical originating from several IP addresses when a bot net is used. If you have them still available from the week where the postings were done, I could take a look at them.

Stats
Goal:	$100.00
Due Date:	Nov 30
Gross Amount:	$0.00
Net Balance:	$0.00
Left to go:	$100.00

Spam through comments made by registrered users on unknown modules

Re: Spam through comments made by registrered users on unknown modules

Re: Spam through comments made by registrered users on unknown modules

Re: Spam through comments made by registrered users on unknown modules

Re: Spam through comments made by registrered users on unknown modules

Re: Spam through comments made by registrered users on unknown modules

Login

Search

Recent Posts

XOOPS MyMenus 1.54.0 Beta 10

Re: XOOPS MyMenus 1.54.0 Beta 7

Re: XOOPS MyMenus 1.54.0 Beta 7

Re: XOOPS MyMenus 1.54.0 Beta 7

Re: XOOPS MyMenus 1.54.0 Beta 7

Re: XOOPS MyMenus 1.54.0 Beta 7

Re: XOOPS MyMenus 1.54.0 Beta 7

Re: XOOPS MyMenus 1.54.0 Beta 7

Re: XOOPS MyMenus 1.54.0 Beta 7

Re: XOOPS MyMenus 1.54.0 Beta 7

Who's Online

Donat-O-Meter

Latest GitHub Commits

{{ record.sha.slice(0, 7) }} - {{ record.commit.message | truncate }}