ya know, what was wrong with the first thread you started? sheesh.
its not a security hole, and you havent provided enough details for anyone, atleast not me, to advise you -- you have just said the same thing as before.

so lets go through it ...

you were getting comment spam, correct?
you fixed it so that only registered users can comment, correct?

"your still being spammed"

thats all well and fine, what kind of spam? comment spam? referer spam? youre absolutely 100% positive that you did the hack correctly? Youre willing to provide a url to your blog so that someone here can actually see for themselves that they are unable to comment w/o registering?

I dont mean to be short, but if you want help, you need to help us.

Comment spam, yes I changed the things correctly as were given to me in the other post. Sorry if I wasnt clear enough, thought I was though.

An example of the spam -->http://www.serbia-today.com/blog/index.php?blog=7&p=135&more=1&c=1&tb=1&pb=1

Thnx for any help.

if you check your apache logs (raw server logs) and look for those ips, whatever they are..my guess is that they are bypassing the permalink page all together.. they are calling your omment_post.php directly.. do this..

im assuming you have an .htaccess on your server in your b2evolution directory, that the server is apache, and that you understand how .htaccess is used.

open your .htaccess ..make sure somewhere in that file you have the following all ready

RewriteEngine On

that enables mod_rewrite. If thats not in your .htaccess put iit somewhere near the top..

then .. add the following somewhere under that line that was or is now there.

RewriteCond %{HTTP_REFERER} "!^http://www.serbia-today.com/.*$" [NC]
RewriteCond %{REQUEST_URI} ".*comment_post.php$"
RewriteRule .* - [F]

those 3 lines will prevent anyone from directly using an http_post to insert comments. It is NOT a sure-fire fix, as referers can be spoofed, however it will stop the dumbest of the lot.

By the way, what they are doing is not evidence of a security hole. Its simply the nature of http_post.. they are basically submitting a form, a form that can be submitted remotely or locally.. thats just the way it works.

you might need to use :

RewriteCond %{REQUEST_URI} "*comment_post.php$"

since comment_post.php iisnt in the root directory, or you could just use the path to the file -- hopefully you get the idea

Hi,

Thnx, I have 1 htacces in the root of my domain, I put another one in the blog directory with the info you mentioned. Dont know if that is ok or not.

If this person uses a form, can I completely disable comments? I didnt advertise yet through my mailing list about the blog but I expect a lot of Bloggers. The last thing I want is this. I would regret removing commenting but if they find their way around this then I most likely spend more time deleting spam comments then I do anything else.

THnx

the first thing to check is to make regged users can comment .. check that

Damn this is a disaster. The guy who does it is andrewsaluk.com
I dont think I am the only who can expect this. I got more then 55 spam comments and its rising. Anyway I can clean this up since I am getting complaints now.

Thnx.

Yes, reg users can post.

well, youre htaccess is working as it should ..

http://www.serbia-today.com/blog/htsrv/comment_post.php

i cannot access that directly, which is exactly what you want.

you might also add the domain that hes spamming to the blacklist in the admin area.

The domain was already added a long time ago. Its on the black list.
Thnx for the help, I hope he stops. But it wasnt me who added him om the black list so he might start annoying other people. Is there a way for the next update or so to change the commenting system?

Again thnx for the help.

PS Did the owner of this site ever thing to use Phorum ?

by the way, that little htaccess trick should allow you to open back up commenting to anonymous users.. obviously they (anons) could still post comment spam, but they can no longer do it remotely as is most often the case.

I have a whole sleeve full of tricks to combat spam, I guess I never shared that .htaccess/referer one before. You will have to let me know how that works out.

if you check your logs, you will prolly see that hes still trying .. and should be getting a forbidden (403) page

Yea he is(was) trying. It seems to work. Thnx a million :)
I will let you know if anything else happens. Again thnx.

Please excuse my drunken stupefaction, but, the hack you initially referenced ONLY refered to civilized humans who might attempt to comment. Whoo's advice, despite my inability to understand it, is (probably) spot-on. She ("she he or it" for those not into gender-specific terminology) knows what's going down at the server level.

*we now return you to the originally slibjabbed whamma blamma thread*

EdB wrote:

Please excuse my drunken stupefaction, but, the hack you initially referenced ONLY refered to civilized humans who might attempt to comment. Whoo's advice, despite my inability to understand it, is (probably) spot-on. She ("she he or it" for those not into gender-specific terminology) knows what's going down at the server level.

*we now return you to the originally slibjabbed whamma blamma thread*

8| You lost me.

BTW, new feature, trackback : http://www.serbia-today.com/blog/index.php?p=29&tb=1 Just got spam trackbacks but no comments.

yeap, you sure did. I can tell you what fixed that for me ...

I got 2 or 3 spam trackbacks, and immediately changed the filename responsible for accepting trackbacks..

Its a little harder for you to do than it was for me, but I can give you details on how to do it, if you like, tommorow.. For now, make sure that domain gets added to the spam list, if you havent already.

trackback spam seems to be the new way to spam, since most people have taken control of comment spam.

Ok I am adding the domains. I will be online tomorrow.
Does adding the domain the blacklist also block it from the trackback?

Ah yes, when I block a domain, why doesnt it block automatically the subdomains either?

Thnx

Hajduk,

Was that trackback spam advertising or originating from the same domain as the earlier comment spam? Or is this another spam domain? Also, how long have you had your blog up and working, is it new, older, medium?

You have a popular blog, I guess? Or no?

Last, and most importantly, so I make sure to give you the correct file edits, what version of b2evolution are you using?

Hi,

I run 0.9.0.11 "Paris" 2004-09-22
The Blog has been running since last December or so. It is getting more and more visitors and posters I dont complain on that :D Its not like wauw popular but not doing bad. I have my gaming clan members post on there as well and tend to use this Blog system for a new gaming comm. site.

I think this time it was a different spammer that posted twice a trackback. Its not just in this case but also in other cases when I use the blacklist. I ad someone and then they create a new subdomain. Might be the way I submit spammers-->url.

ok, after looking, I have to admit i've found a seemingly easier way to do this then doing all of the file edits for trackback.php

1. rename your htsrv dir. leave all the files inside it intact, and unchanged -- just rename the directory itself, calling it whatever you like.

2. Inside conf/_advanced.php find this:

* Location of the HTml SeRVices folder.
 * @global string $htsrv_subdir
 */
$htsrv_subdir = 'htsrv';                     // Subdirectory relative to base

change that variable : htsrv to whatever you renamed the directory to in step 1.

after doing so, you have changed the URL for your trackbacks, and comments, btw, in one quick switch.

The last thing you prolly want to doublecheck is that if you have referenced that directory in any .htaccess's that you change that also.

Let me know how this works out for you :)

Hhhm ok, I changed it as you said. All seems to work in good order so I am very happy :D

Thnx apreciate the help. :D