1
Marco
Spam through comments made by registrered users on unknown modules
  • 2009/12/29 15:22

  • Marco

  • Home away from home

  • Posts: 1256

  • Since: 2004/3/15


I've found some recently huge strange comments on my sites : a registrered users (a spammer) was able to post many comments on a unknown module from my XOOPS site (on download module, that was not installed at all). How is it possible ? Anyone ever experienced this too?
i had to delete those through system admin (modules/system/admin.php?fct=comments)

2
ghia
Re: Spam through comments made by registrered users on unknown modules
  • 2009/12/29 16:17

  • ghia

  • Community Support Member

  • Posts: 4953

  • Since: 2008/7/3 1


Use the date and time of the comments to find the actions taken in the Apache logs.

3
Marco
Re: Spam through comments made by registrered users on unknown modules
  • 2009/12/30 19:53

  • Marco

  • Home away from home

  • Posts: 1256

  • Since: 2004/3/15


yep, i'll analyse deeply next time, but what was surprising is that i run the protector module.
i wonder if anyone experienced this before...

4
djynnius
Re: Spam through comments made by registrered users on unknown modules
  • 2009/12/30 20:17

  • djynnius

  • Just popping in

  • Posts: 59

  • Since: 2006/10/21


what version of XOOPS was this?

5
Marco
Re: Spam through comments made by registrered users on unknown modules
  • 2009/12/30 20:21

  • Marco

  • Home away from home

  • Posts: 1256

  • Since: 2004/3/15


2.4.2, but i experienced this with 2.3 too before

6
ghia
Re: Spam through comments made by registrered users on unknown modules
  • 2009/12/30 20:44

  • ghia

  • Community Support Member

  • Posts: 4953

  • Since: 2008/7/3 1


Protector protects only in some cases when 'regular' users start to post. There is the number of requests, but limiting it too far will harm access to modules with rich content.
And there is the number of links in a post, but limiting it too far will harm regular article posting.

You must seek your Apache logs for repeating patterns, typical originating from several IP addresses when a bot net is used. If you have them still available from the week where the postings were done, I could take a look at them.

Login

Username:
Password:

Lost Password? Register now!

Who's Online

69 user(s) are online (42 user(s) are browsing Support Forums)


Members: 0


Guests: 69


more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: May 31
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits