PEAK XOOPS - See this xoops.org forum topic 
See this xoops.org forum topic
- You cannot open a new topic into this forum
- Guests cannot post into this forum
Previous post
-
Next post
|
Parent
-
Children.1
|
Posted on 2007/6/3 4:36
jseymour
From: Gainesville Florida, USA
Posts: 40
From: Gainesville Florida, USA
Posts: 40
Hi again GIJOE,
Seems to be something new going on with registrations. Seems even with e-mail activation that some are able to get by.
Would be interested in hearing your ideas on this, either with protector or another solution.
The link is: To Admin - Spammer Targeting Xoops sites
TIA
Seems to be something new going on with registrations. Seems even with e-mail activation that some are able to get by.
Would be interested in hearing your ideas on this, either with protector or another solution.
The link is: To Admin - Spammer Targeting Xoops sites
TIA
Votes:1
Average:10.00
GIJOE
Posts: 4110
Posts: 4110
hi seymour.
I was depressed by elimination of Utah Jazz
BTW,
I've just read the topic, but I cannot understand why the spam is caught by Protector's check.
It sounds a module specific problem.
I was depressed by elimination of Utah Jazz
BTW,
I've just read the topic, but I cannot understand why the spam is caught by Protector's check.
It sounds a module specific problem.
Votes:4
Average:7.50
jseymour
From: Gainesville Florida, USA
Posts: 40
From: Gainesville Florida, USA
Posts: 40
Very sorry to hear about the Jazz (Football time very soon though).
Thanks for looking at the topic. It is not caught by protector. Seems to be something new to do with xoops in general, and register.php.
Was just checking to see if you had any ideas for blocking this type of problem without going to a full admin approval system. I cannot understand how a bot can click a registration e-mail, but this one seems to.Quote:
Thanks for looking at the topic. It is not caught by protector. Seems to be something new to do with xoops in general, and register.php.
Was just checking to see if you had any ideas for blocking this type of problem without going to a full admin approval system. I cannot understand how a bot can click a registration e-mail, but this one seems to.Quote:
GIJOE wrotes:
hi seymour.
I was depressed by elimination of Utah Jazz
BTW,
I've just read the topic, but I cannot understand why the spam is caught by Protector's check.
It sounds a module specific problem.
Votes:1
Average:10.00
bdw
Posts: 14
Posts: 14
Hi folks,
I was the one that started the post, and ive been investigating the problem.
Its definately a bot thats signing up and posting comments. It aims specifically on the comments rather than actual posts.
I cought it before it started posting comments on my sites.
Was wondering though, surely there should be a way to catch the bot crawling the site before it registers? Protector can tell if a search bot is crawling so maybe something can be be added so it can detect wether a bot is looking specifically for regiser.php.
Just a though.
I was the one that started the post, and ive been investigating the problem.
Its definately a bot thats signing up and posting comments. It aims specifically on the comments rather than actual posts.
I cought it before it started posting comments on my sites.
Was wondering though, surely there should be a way to catch the bot crawling the site before it registers? Protector can tell if a search bot is crawling so maybe something can be be added so it can detect wether a bot is looking specifically for regiser.php.
Just a though.
Votes:1
Average:10.00
GIJOE
Posts: 4110
Posts: 4110
hi bdw.
Thank you for the reporting.
Some questions.
Is this a comment-spam?
Or formmail-spam?
Which modules are targetted?
Which kind of body?
Many URLs or not?
Quote:It is impossible to protect regitering by crawling patterns.
If you want to stop regitering from such a bot, you'd better try some kind of hacks of register.php like captcha.
Though I don't like captcha which is not gentle with visual handicapped people.
I think the best way is protecting via IP.
Any spammers have limitted IPs.
making RBL for XOOPS site will move such bots away.
although just a plan...
Thank you for the reporting.
Some questions.
Is this a comment-spam?
Or formmail-spam?
Which modules are targetted?
Which kind of body?
Many URLs or not?
Quote:
bdw wrotes:
Was wondering though, surely there should be a way to catch the bot crawling the site before it registers? Protector can tell if a search bot is crawling so maybe something can be be added so it can detect wether a bot is looking specifically for regiser.php.
If you want to stop regitering from such a bot, you'd better try some kind of hacks of register.php like captcha.
Though I don't like captcha which is not gentle with visual handicapped people.
I think the best way is protecting via IP.
Any spammers have limitted IPs.
making RBL for XOOPS site will move such bots away.
although just a plan...
Votes:1
Average:10.00
bdw
Posts: 14
Posts: 14
Your Absolutely right GI, I didnt want to add captcha because of the same reason. But i have added it temporarly while this vulnerability is being exploited. Going to add an option to my website problem emailer for people who have visual impairment to email me to sign up.
I have also already enabled the RBL plugin (although my knowledge on how to use this is limited), didnt know about it until I upgraded to 3.03. thanks for adding this.
It is comment spam.
If you type "george-walker-bush.info" into google you will see the amount of Xoops sites its registered with, sometimes more than once. It looks as though its exploiting the news module though as i've not seen it posting comments on other modules.
Sometimes it post a list of URL's (around 20)
Sometimes it posts a story with many URL's (around 20)
Once I have seen it posting an anti-gay comment.
Thanks
Barry
I have also already enabled the RBL plugin (although my knowledge on how to use this is limited), didnt know about it until I upgraded to 3.03. thanks for adding this.
It is comment spam.
If you type "george-walker-bush.info" into google you will see the amount of Xoops sites its registered with, sometimes more than once. It looks as though its exploiting the news module though as i've not seen it posting comments on other modules.
Sometimes it post a list of URL's (around 20)
Sometimes it posts a story with many URL's (around 20)
Once I have seen it posting an anti-gay comment.
Thanks
Barry
Votes:2
Average:10.00
GIJOE
Posts: 4110
Posts: 4110
hi Barry.
I mean RBL only for XOOPS.
There are just RBLs targetting spam-mail or spam-comment for general.
Anyway,
Quote:These pattern should be caught by Protector.
Preferences -> anti-SPAM: URLs for normal users
0 means disable.
Turn it 5 or 10.
Did they enable it?
I mean RBL only for XOOPS.
There are just RBLs targetting spam-mail or spam-comment for general.
Anyway,
Quote:
It is comment spam.
(snip)
Sometimes it post a list of URL's (around 20)
Sometimes it posts a story with many URL's (around 20)
Preferences -> anti-SPAM: URLs for normal users
0 means disable.
Turn it 5 or 10.
Did they enable it?
Votes:1
Average:10.00
bdw
Posts: 14
Posts: 14
I think some of them said they had protector on but i dont know what their anti-spam settings where. I hadnt set mines but I didnt wait long enough for the bot to post anything anyway. set my spam settings to 5 straight away after finding out about the bot.
What is RBL only for Xoops?
What is RBL only for Xoops?
Votes:1
Average:10.00
GIJOE
Posts: 4110
Posts: 4110
Quote:
There are famous RBL servers which is oriented for specific purposes.
My personal judgement...
A spammer targeting XOOPS has little IPs than the other spammers.
Then all XOOPS users report spammers IP to the new RBL.
This is the most effective way to preventing SPAM targeting XOOPS.
What is RBL only for Xoops?
There are famous RBL servers which is oriented for specific purposes.
My personal judgement...
'niku.2ch.net' <= against bbs spam
'sbl-xbl.spamhaus.org' <= against trackback spam
'list.dsbl.org' <= against spam mail
'bl.spamcop.net' <= against spam mail
'all.rbl.jp' <= against spam mail
'opm.blitzed.org' <= against spam mail
'bsb.empty.us' <= against spam mail
'bsb.spamlookup.net' <= against spam mail
A spammer targeting XOOPS has little IPs than the other spammers.
Then all XOOPS users report spammers IP to the new RBL.
This is the most effective way to preventing SPAM targeting XOOPS.
Votes:2
Average:10.00
info
Posts: 16
Posts: 16
I was getting this same spammer on one of my sites. Registered twice. Then posted. I removed it all. Then they registered again, but didn't confirm. I almost also want both a registration message as well as a confirmation message to watch these guys. I haven't played around with the RBL lists yet. Anything to worry about implementing that?
Votes:2
Average:5.00
GIJOE
Posts: 4110
Posts: 4110
RBL system is just a plan, sorry.
Votes:1
Average:10.00
bdw
Posts: 14
Posts: 14
Hi, i'd say enable the RBL plugin and see if it has any adverse affect on your site. if it does then disable it.
I've had it running on my site for nearly a month now and my site is running perfectly and it has managed to stop spammers.
I've had it running on my site for nearly a month now and my site is running perfectly and it has managed to stop spammers.
Votes:1
Average:10.00
GIJOE
Posts: 4110
Posts: 4110
I cannot understand what you mean.
Was the spammer rejected by RBL filter plugin of Protector?
Was the spammer rejected by RBL filter plugin of Protector?
Votes:1
Average:10.00
bdw
Posts: 14
Posts: 14
Ive been using the RBL plugin for Protector 3.x and it has been rejecting spammers listed in niku.2ch.net and sbl-xbl.spamhaus.org
So it works for me and doesnt slow down my site as far as im aware.
I have yet to see it reject the spammer that we are all trying to fight (havent been able to test it out yet), but im certain that captcha has done that.
So it works for me and doesnt slow down my site as far as im aware.
I have yet to see it reject the spammer that we are all trying to fight (havent been able to test it out yet), but im certain that captcha has done that.
Votes:4
Average:2.50
herve
From: France
Posts: 25
From: France
Posts: 25
Hello,
I have a client where on his website, the spamer :
1/ Have his IP changing every 3 seconds ...
2/ Can post spams in the comments on modules where there are no items and where the comments are even disactivated !
If you have any idea, I'd like to read it
I have a client where on his website, the spamer :
1/ Have his IP changing every 3 seconds ...
2/ Can post spams in the comments on modules where there are no items and where the comments are even disactivated !
If you have any idea, I'd like to read it
Votes:0
Average:0.00
GIJOE
Posts: 4110
Posts: 4110
It sounds some manual processes should be inserted.
Captcha - I don't like it because of lack of regardings for visible handicapped.
I'll check Recaptha
http://recaptcha.net/
another solutions:
"riddle authentication" is implemented in xpWiki.
"JavaScript authentication" is implemented in d3forum.
"ChineseCaracter authentication" is implemented in d3forum.
Captcha - I don't like it because of lack of regardings for visible handicapped.
I'll check Recaptha
http://recaptcha.net/
another solutions:
"riddle authentication" is implemented in xpWiki.
"JavaScript authentication" is implemented in d3forum.
"ChineseCaracter authentication" is implemented in d3forum.
Votes:0
Average:0.00
Draj
Posts: 2
Posts: 2
Hi Herve and GIJOE,
Interesting!
The non-profits I am supporting as an admin have similar pattern with a difference as following:
1. The spammer is able to register while email verification is activated.
2. The spammer is able to activate his email address even if there are no MX entries of that email-domain!
3. The spammer is able to use news module to insert comments.
Could it be that the registration and login areas of 2.2.5RC2 has some weaknesses?
Interesting!
The non-profits I am supporting as an admin have similar pattern with a difference as following:
1. The spammer is able to register while email verification is activated.
2. The spammer is able to activate his email address even if there are no MX entries of that email-domain!
3. The spammer is able to use news module to insert comments.
Could it be that the registration and login areas of 2.2.5RC2 has some weaknesses?
Votes:0
Average:0.00
GIJOE
Posts: 4110
Posts: 4110
hi Draj.
It looks some "manual" process is wanted into registration process.
It can be achieved a hack into register.php and modification of some templates.
It looks some "manual" process is wanted into registration process.
It can be achieved a hack into register.php and modification of some templates.
Votes:0
Average:0.00
Draj
Posts: 2
Posts: 2
Hi GIJOE,
Quote:Thanks for your attention. Your module is one of the very best and that what I have been advocating to the core developers to include in the CORE and integrate it into such a manner that the security is enhanced.
However, the Nursery of Core Developers is currently going through a communist wave and this fever will last for sometime.
BTW, I am using 2.2.5RC2.
In the meantime there are further problems:
After I updated the Protector i.e. from 2.57 to 3.04, the loginname is not being shown anywhere, i.e. in the templates, I print like "Hello loginname", etc. This is gone after the upgrade. Also the CBB module in the version 3.05 does not show any name as a user in all the forums. People can write the posts though.
I checked the template_c and found out the following:
Hi <?php echo $this->_tpl_vars['xoops_uname']; ?>
This was and is the same, i.e. xoops_uname is not displayed after the protector update anywhere!
Do you have any suggestions? I have kind of tried to put the module to a minimum security level and there is no change.
There was some logging as to spam comments showing as follows:
URI SPAM /modules/news/comment_post.php SPAM POINT:19
Further, regarding the bots signing, I placed a thought for your consideration as below @ SF.net. If this could be a solution, it would be possible to have the protector responsing to it...
My recommendation...
Quote:
GIJOE wrotes:
It looks some "manual" process is wanted into registration process.
It can be achieved a hack into register.php and modification of some templates.
However, the Nursery of Core Developers is currently going through a communist wave and this fever will last for sometime.
BTW, I am using 2.2.5RC2.
In the meantime there are further problems:
After I updated the Protector i.e. from 2.57 to 3.04, the loginname is not being shown anywhere, i.e. in the templates, I print like "Hello loginname", etc. This is gone after the upgrade. Also the CBB module in the version 3.05 does not show any name as a user in all the forums. People can write the posts though.
I checked the template_c and found out the following:
Hi <?php echo $this->_tpl_vars['xoops_uname']; ?>
This was and is the same, i.e. xoops_uname is not displayed after the protector update anywhere!
Do you have any suggestions? I have kind of tried to put the module to a minimum security level and there is no change.
There was some logging as to spam comments showing as follows:
URI SPAM /modules/news/comment_post.php SPAM POINT:19
Further, regarding the bots signing, I placed a thought for your consideration as below @ SF.net. If this could be a solution, it would be possible to have the protector responsing to it...
My recommendation...
Votes:1
Average:0.00
Previous post
-
Next post
|
Parent
-
No child
|
Posted on 2007/7/13 4:27
GIJOE
Posts: 4110
Posts: 4110
Quote:Protector never touches outputs from any templates.
You'd better check another hacks.
Quote:I cannot understand what you mean.
Draj wrotes:
After I updated the Protector i.e. from 2.57 to 3.04, the loginname is not being shown anywhere, i.e. in the templates, I print like "Hello loginname", etc. This is gone after the upgrade. Also the CBB module in the version 3.05 does not show any name as a user in all the forums. People can write the posts though.
I checked the template_c and found out the following:
Hi <?php echo $this->_tpl_vars['xoops_uname']; ?>
This was and is the same, i.e. xoops_uname is not displayed after the protector update anywhere!
You'd better check another hacks.
Quote:
There was some logging as to spam comments showing as follows:
URI SPAM /modules/news/comment_post.php SPAM POINT:19
Further, regarding the bots signing, I placed a thought for your consideration as below @ SF.net. If this could be a solution, it would be possible to have the protector responsing to it...
My recommendation...
Votes:0
Average:0.00
GIJOE
Posts: 4110
Posts: 4110
I've implemented anti-registering-bots into Protector.
http://xoops.peak.ne.jp/md/news/index.php?page=article&storyid=434
Try it.
http://xoops.peak.ne.jp/md/news/index.php?page=article&storyid=434
Try it.
Votes:0
Average:0.00
Login