51
RealyRoten
Re: To Admin - Spammer Targeting Xoops sites
  • 2007/6/18 7:02

  • RealyRoten

  • Just popping in

  • Posts: 63

  • Since: 2005/8/18


I have been getting hit my this spam on two of my XOOPS site, on one of them were the news comments were switched on they hit big time.
They all seem to be random IP from around the globe.
There registration is getting around the form some how because my requirement for age and place are not filled in and when i got to edit them i have to add that info my self before it will re save them.
change my email address please to pattang2008@hotmail.com so i can get update notifications...

52
Anonymous
Re: To Admin - Spammer Targeting Xoops sites
  • 2007/6/18 7:59

  • Anonymous

  • Posts: 0

  • Since:


Does your set-up allow for anonymous comments, either within the system istelf or within an individual module?

53
FaYsSaL
Re: To Admin - Spammer Targeting Xoops sites
  • 2007/6/18 8:50

  • FaYsSaL

  • Not too shy to talk

  • Posts: 115

  • Since: 2006/1/2 2


[bad english]hi,i've got the same problem too(still) but inactive
well actually there is somebot that register on XOOPS sites and they spam the news mod comment .
solution :
install protector 3.X
there is an option that doesnt allow users to post more then X urls per post change it and it will work .
[/bad English]

cheers

54
Anonymous
Re: To Admin - Spammer Targeting Xoops sites
  • 2007/6/18 9:00

  • Anonymous

  • Posts: 0

  • Since:


Quote:
FaYsSaL wrote:

install protector 3.X


Good advice - I'd assumed that this had already been done

Do this (enabling the RBL filtering as per the instructions) and ban anonymous comments from your site and your problems will be much reduced (maybe even eliminated)

Google search on "peak xoops" and you'll find GIJoe's site, the download for Protector 3.04 and MadFish's excellent installation instructions.

55
nachenko
Re: To Admin - Spammer Targeting Xoops sites
  • 2007/6/18 9:06

  • nachenko

  • Quite a regular

  • Posts: 356

  • Since: 2005/1/18


Both DuGris and phppp's CAPTCHA have demonstrated to be effective tools for stopping SPAM in my sites. Highly recommended.

56
Dhurgan
Re: To Admin - Spammer Targeting Xoops sites
  • 2007/6/20 16:12

  • Dhurgan

  • Just popping in

  • Posts: 68

  • Since: 2004/2/11


Well,

He has spammed my site a few times now, I have removed the spam and tried to backtrack him for abuse reports...

He think he spammed me from 72.36.233.67 although he masks his spam from many different IP's, I see some strange behaviour from another IP in the apache log.

this is an excerpt from ONE spam post...
72.36.233.67 - - [20/Jun/2007:03:55:45 +0200"GET /modules/news/article.php?storyid=28 HTTP/1.1" 200 10547 "http://www.imagine3d.org/modules/news/article.php?storyid=28" "Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)"

72.36.233.67 - - [20/Jun/2007:03:55:46 +0200"GET /modules/news/comment_new.php?com_itemid=28 HTTP/1.1" 200 34074 "http://www.imagine3d.org/modules/news/comment_new.php?com_itemid=28" "Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5
.0)"

61.232.61.43 - - [20/Jun/2007:03:55:55 +0200"POST /modules/news/comment_post.php HTTP/1.0" 200 779 "http://www.imagine3d.org/modules/news/comment_post.php" "Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)"

61.232.61.43 - - [20/Jun/2007:03:56:00 +0200"POST /modules/news/comment_post.php HTTP/1.0" 200 779 "http://www.imagine3d.org/modules/news/comment_post.php" "Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)"


basically you see him accessing the article from 72.36.233.67 and then posting two comments from 61.232.61.43 which is a fake address...

His ISP has left no comment...

this pattern repeats for every spam on my site btw, access from .67 post from a fake a few seconds after

The user was registred as zxc10109 with email zxc10109@felissilvestriscatus.info and weburl same as mentioned before

added info...
He has already tried to access my site a few times since the block... I hope I havent blocked an innocent user, but such is luck...

.67 and .69 used for GET and POST logins from .70
all posts from random addresses...
/Dhurgan ...

57
draj
Re: To Admin - Spammer Targeting Xoops sites
  • 2007/7/2 6:51

  • draj

  • Quite a regular

  • Posts: 271

  • Since: 2005/6/23


Hi,
Quote:

Dhurgan wrote:
He has spammed my site a few times now, I have removed the spam and tried to backtrack him for abuse reports...


Actually there are some more patterns as well. However the best form of protection you can have is what I described here:

http://sourceforge.net/forum/forum.ph ... d=1756756&forum_id=347994

Do the following:

1. Change the configuration of comments so that they are not given free automatically and only registered users could pot them.

2. Wait and watch for the spammers. See the ip addresses and block the entire ip address block through your protector.

3. Keep on changing the login/signup/register php script names to any other you prefer.

58
BDW
Re: To Admin - Spammer Targeting Xoops sites
  • 2007/7/3 18:41

  • BDW

  • Quite a regular

  • Posts: 280

  • Since: 2002/9/28


Heres something for you to ponder on.

Ive been testing something out on 2 of my sites.

Site 1:

Has Captcha on registration
Has not banned the list of email addresses from abuser
Has RBL plugin for protector running

Site 2:

Doesnt not have captcha
Has banned the list of email addresses from abuser
RBL plugin for protector disabled



The abuser we have all been talking about has managed to sign up to Site 2 even with all the email address banned.

So here is a list of things I would apply (this is only my opinion tho, what you do is up to you).

1. Install Protector
2. Enable RBL plugin for protector (may slow site down, if its impairs your site performance the simply disable)
3. Install Captcha on registration (Also have a form available that people with Visual Impairement can fill in to sign up)
4. If a Spammer signs up, check the IP address of the sender in the email you get when a user signs up and ban the IP block using .htaccess file. In the case we have been talking about the senders IP address always matches the main IP used to spam and not the multiple addresses.
5. You may want to consider using .htaccess to ban ip adresses instead of protector as protector uses your MySQL database (dont know if it uses it when checking banned IP's, can someone confirm). You may not want unwanted IP's to make queries to your database especially if they are bots.

59
Anonymous
Re: To Admin - Spammer Targeting Xoops sites
  • 2007/7/3 19:10

  • Anonymous

  • Posts: 0

  • Since:


Quote:
BDW wrote:

5. You may want to consider using .htaccess to ban ip adresses instead of protector as protector uses your MySQL database (dont know if it uses it when checking banned IP's, can someone confirm). You may not want unwanted IP's to make queries to your database especially if they are bots.


I thought that Protector 3.0x uses the "badip" file in the "trust-path" configs directory?

Perhaps enquiries should be made of GIJoe to ask how it works (by someone who know more about it than me )?

60
BDW
Re: To Admin - Spammer Targeting Xoops sites
  • 2007/7/3 19:19

  • BDW

  • Quite a regular

  • Posts: 280

  • Since: 2002/9/28


aye, but when the bot/spammer comes to the site they are access your XOOPS site and queries are being made already.

with .htaccess file the bot/spammer is blocked before XOOPS is is even accessed thus not using XOOPS and making queries.

Less usage of the database from bots is much better in my opinion.

Login

Username:
Password:

Lost Password? Register now!

Who's Online

44 user(s) are online (22 user(s) are browsing Support Forums)


Members: 0


Guests: 44


more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: Jun 30
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits