71
peterr
Re: To Admin - Spammer Targeting Xoops sites
  • 2007/7/4 11:25

  • peterr

  • Just can't stay away

  • Posts: 518

  • Since: 2004/8/5 9


Quote:

BDW wrote:
The abuser is now using another IP address to sign up.

82.208.60.42


Yes, that is the IP address used several times on another site. It resolves to http://www.network.upl.cz/ , which is listed as a Spamming Domain

Another interesting 'factor' is that it is taking 2 seconds between the GET of /register.php and the POST of /register.php

Now, .... no-one can type that fast.

An attempt is also being made to do this after registering ..

Quote:

GET /modules/profile/register.php


which results in a 404. Is there a 'profile' module ??
NO to the Microsoft Office format as an ISO standard.
Sign the petition

72
Gredenko
Re: To Admin - Spammer Targeting Xoops sites
  • 2007/7/4 11:49

  • Gredenko

  • Just popping in

  • Posts: 25

  • Since: 2007/3/15


Quote:

draj wrote:
Quote:

Gredenko wrote:
In my website he,she doesn't matter use this
"randon" ip
127.0.0.1|59.93.213.93|


It would not be very effective.

Better is the following:

59.93.213.$|,59.93.213.$|,


Thanks my friend
i forget to remove the 127.0.0.1

and now i put $ in the end of all IP adress.

[size=xx-small]sorry my pooor english[/size]

73
peterr
Re: To Admin - Spammer Targeting Xoops sites
  • 2007/7/4 12:30

  • peterr

  • Just can't stay away

  • Posts: 518

  • Since: 2004/8/5 9


The IP 82.208.60.42 was posting to /modules/news/archive.php every 1 or 2 seconds, anything from 62K to 120K of data, so, yes, some automatted tool.

However, they were a 'guest' by then, as they had been 'removed', so obviously guests can post if the 'admin' let's them.

But how can anyone post to an archive, it is 'past date'. Is this a bug in the news module ??
NO to the Microsoft Office format as an ISO standard.
Sign the petition

74
Anonymous
Re: To Admin - Spammer Targeting Xoops sites
  • 2007/7/4 18:20

  • Anonymous

  • Posts: 0

  • Since:


Quote:
peterr wrote:

But how can anyone post to an archive, it is 'past date'. Is this a bug in the news module ??


Which version of the News module are you using?

The latest is 1.54, available from http://xoops.instant-zero.com/

75
peterr
Re: To Admin - Spammer Targeting Xoops sites
  • 2007/7/5 6:36

  • peterr

  • Just can't stay away

  • Posts: 518

  • Since: 2004/8/5 9


Quote:

JAVesey wrote:
Which version of the News module are you using?

The latest is 1.54, available from http://xoops.instant-zero.com/


Thanks, the owner of the website must have only just updated it last night, as the news module 'xoops_version.php' has

$modversion['version'] = 1.54;


So, it should be okay now, thanks.
NO to the Microsoft Office format as an ISO standard.
Sign the petition

76
Dhurgan
Re: To Admin - Spammer Targeting Xoops sites
  • 2007/8/6 8:20

  • Dhurgan

  • Just popping in

  • Posts: 68

  • Since: 2004/2/11


Hmm, i just figured what addresses he came from, two so far, and denied them in the webserver...
Order allow,deny
    Allow from all
    Deny from 72.36.233
    Deny from 82.208.60

I must look into these protection modules...

I assume they check to see that the session is using the login ip at all times?

also, som kind of imagecheck on registration might slow them down a bit...
/Dhurgan ...

77
MorelyDotes
Re: To Admin - Spammer Targeting Xoops sites

Quote:

An attempt is also being made to do this after registering ..

Quote:

GET /modules/profile/register.php


which results in a 404. Is there a 'profile' module ??


Hmmm.

Well, I created a "profiles" folder and put two files in it whic hhave identical conent; they are named "index.php" and "register.php"

The content is (with pointy brackets replaced by curly braces to prevent activation):
Quote:

{html}
{head}
{meta http-equiv="refresh" content="0;url=http://www.fbi.gov"}
{/head}
{body}
Bye!
{/body}
{/html}


Perhaps our spammer will enjoy loading the FBI's Web site repeatedly every time he spams. I wonder though.

78
tom
Re: To Admin - Spammer Targeting Xoops sites
  • 2007/9/8 18:29

  • tom

  • Friend of XOOPS

  • Posts: 1359

  • Since: 2002/9/21


I've not read the whole thread so this suggestion may of been made I don't know.

I'm starting to get spammers too and was thinking of a way to cut down on it, now we could use capatcha images, but some bots can crack this too, we could also consider another joint options.

Capatcha +

A hidden field titled something like username, password, something which the user doesn't see and doesn't have to fill in, I believe it could be done so these automate bots do see detect the field and fill it in, so you apply this rule:

If field contains data refuse submission, else allow.

because this field is invisible to humans on site, the field should not be filled, but when bots detect the field and fill it in, the system would know it was spam, the spam bot would think it's submitted when in fact it isn't.

Could this work?

And if so could it be implement in core registration and perhaps modules?

79
McDonald
Re: To Admin - Spammer Targeting Xoops sites
  • 2007/9/8 19:03

  • McDonald

  • Home away from home

  • Posts: 1072

  • Since: 2005/8/15


Protector offers protection against spammers by counting the amount of urls, which can be set, submitted in the message.
It also offers protection against register bots, see here.

For I while a monitor through PHP-Stats the referers of spammers trying to spam my guestbook and contact form.
If you know the referer you can block them in the .htaccess file, see example below:
RewriteEngine on
# Options +FollowSymlinks
RewriteCond %{HTTP_REFERERviagra-buy.gotelli.cn [NC,OR]
RewriteCond %{HTTP_REFERERniched-movies.odpv.cn [NC,OR]
RewriteCond %{HTTP_REFERERmedic911.xoomwebs.com [NC,OR]
RewriteCond %{HTTP_REFERERfree-porno-links.orgfree.com [NC,OR]
RewriteCond %{HTTP_REFERERpillsius.t35.com [NC,OR]
RewriteCond %{HTTP_REFERERsearchpharm2.t35.com [NC,OR]
RewriteCond %{HTTP_REFERERt35.com [NC,OR]
RewriteCond %{HTTP_REFERERtoday-free-movies.orkeor.cn
RewriteRule 
.* - [F]

80
suman4u
Re: {merge request] To Admin - Spammer Targeting Xoops sites - duplicate material
  • 2007/11/13 14:00

  • suman4u

  • Just popping in

  • Posts: 5

  • Since: 2005/4/23


I think this is really a big problem as the e targeted user ids are numerical one. Please let me know what the other members are thinking regarding the 'xoops kind of SPAM'.
Regards,
suman4u

Login

Who's Online

439 user(s) are online (338 user(s) are browsing Support Forums)


Members: 0


Guests: 439


more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: Nov 30
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits