Recent Topics

Spam comment

Started by on Jul 25, 2007 – Contents updated: Jul 25, 2007

Jul 25, 2007 08:15    

Hi,

I installed b2evo a month ago and now I'm receiving the first spam comments!

Here is a notification example:


Blog: Blog1 ( http://www.mydomain.it/myblog/index.php?blog=2 )
Mesaggio: Title1 ( http://www.myadomain.it/myblog/index.php?blog=2&p=43&more=1&c=1&tb=1&pb=1 ) Sito Web: tbass (IP: 67.38.9.127, adsl-67-38-9-127.dsl.sfldmi.ameritech.net)
Url: http://www.sportsguns.co.uk/adminSite/userimages/tbass.html
Commento: http://www.mydomain.it/myblog/index.php?blog=2&p=43&more=1&c=1&tb=1&pb=1#c148
<strong>tbass</strong><br />Welcome!!! tbass

Modifica/Cancella: http://www.mydomain.it/myblog/admin.php?ctrl=browse&tab=posts&blog=2&p=43&c=1

Modifica sottoscrizioni/notificazioni: http://www.mydomain.it/myblog/index.php?blog=2&disp=subs

This url is fake: http://www.sportsguns.co.uk/adminSite/userimages/tbass.html, it just redirecto to porno site.

I put the word "tbass" in my local list of banned words, but they changed it. The turingtest doesn't work! Why?

Please help me!

Thanks,
Nino

Jul 25, 2007 08:48

1) What version of B2evo do you have. If it is in the 1.9+ range you should be fine, if it is older, please upgrade. There is a lot of improvement in antispam measures in recent versions.

2) Is the Turing Test plugin activated? Check the plugin setting in the backoffice. The dot before the plugin's name should be black.

3) If the TuringTest plugin doesn't wok properly, you might consider the Captcha plugin.

4) The links does work, remove the trailing comma. It is an interesting exploit. The site sportsguns.co.uk has been hacked. But this is of no interest to you.

In B2evo you have enough possibilities to counter spam. Unfiortunately there will always be new methods that require new solutions.

Good luck

Jul 25, 2007 09:03

Afwas wrote:

1) What version of B2evo do you have. If it is in the 1.9+ range you should be fine, if it is older, please upgrade. There is a lot of improvement in antispam measures in recent versions.

It is 1.9+, but it's not fine :(

Afwas wrote:

2) Is the Turing Test plugin activated? Check the plugin setting in the backoffice. The dot before the plugin's name should be black.

It's activated. But how do they skip it?

Afwas wrote:

3) If the TuringTest plugin doesn't wok properly, you might consider the Captcha plugin.

It seems to me that they don't use the form to post comment. :?:

Afwas wrote:

4) The links does work, remove the trailing comma. It is an interesting exploit.

Yes it does, but somebody couldn't like it! :oops:

Afwas wrote:

The site sportsguns.co.uk has been hacked. But this is of no interest to you.

Anyway I've informed them.

Afwas wrote:

In B2evo you have enough possibilities to counter spam.

Which ones? I only know the banning of keywords!

Afwas wrote:

Unfiortunately there will always be new methods that require new solutions.
Good luck

Thanks!

Jul 25, 2007 09:20

Is this the sender?

Sito Web: tbass (IP: 67.38.9.127, adsl-67-38-9-127.dsl.sfldmi.ameritech.net)


or is it you?

You can ban it's IP in .htaccess and probably in the spamlist. Under 'Protect your blog' in the [url=http://manual.b2evolution.net/Main_Page]manual[/url] and on this forum you'l find a lot of information.

They probably did use the form because you received a notification (and I haven't heard of any exploits, so your the first or they did use the form, I go for the latter). Can he have done it by hand? No Turing or Captcha is going to fool a human.

Good luck

Jul 25, 2007 09:36

Afwas wrote:

Is this the sender?

Sito Web: tbass (IP: 67.38.9.127, adsl-67-38-9-127.dsl.sfldmi.ameritech.net)

Yes, but it's a dinamic IP so I suppose that it is not of much use to ban it.

Afwas wrote:

Under 'Protect your blog' in the [url=http://manual.b2evolution.net/Main_Page]manual[/url]

I didn't find very much help :( , I'll go back to it!

Afwas wrote:

and on this forum you'l find a lot of information.

I'll try to find that information :(
Thanks.

Afwas wrote:

They probably did use the form because you received a notification (and I haven't heard of any exploits, so your the first or they did use the form, I go for the latter). Can he have done it by hand? No Turing or Captcha is going to fool a human.

They could, but it sounds strange to me because the time and the content let me not to think of a human, but I'm not sure.

Thanks a lot,
Nino

Jul 25, 2007 15:23

Another strange thing is that they send this comment always to the same two posts!

Any other tips?

Jul 25, 2007 16:09

Click the ban symbol instead of choosing which words you will ban - ESPECIALLY don't choose words that do not have punctuation! You will one day block someone who is innocent because of a match you didn't foresee, and you'll probably never know about it.

If by "the turing test" you mean my STT plugin I can promise you for a fact that it works. It takes a human to know what to put in the field, and if a robot tries to comment without that info then the comment will be rejected. The only way an installed turing test plugin will pass spam is if a human is sitting at a computer sending you spam.

Latching on to one or two posts is normal for spammers. They find us by different methods, but whatever method they end up with a specific collection of links to send spam to. Sometimes it's google, sometimes it's other methods. Doesn't matter to them as long as they have what they consider a spammable link.

So how about a link to YOUR blog instead of the spam?

Jul 25, 2007 16:32

EdB wrote:

Click the ban symbol instead of choosing which words you will ban...

What will be banned? The entire comment? The url?

EdB wrote:

If by "the turing test" you mean my STT plugin I can promise you for a fact that it works.

No. I mean "Touring Test" by you. I tested it and it seems to work. What's the difference with STT?

EdB wrote:

The only way an installed turing test plugin will pass spam is if a human is sitting at a computer sending you spam.

Really a human can spend is time sitting at a computer at definite times just to send spam? 8|

EdB wrote:

So how about a link to YOUR blog instead of the spam?

Here it is: www.vessella.it/silvia. The spam goes only to the posts "Tanzania" (07/07/07) and "Famiglia Asai" (05/07/07).

Thanks for helping me!

Ciao,
Nino

Jul 25, 2007 19:26

Nino wrote:

Another strange thing is that they send this comment always to the same two posts!

Any other tips?

Did you do the captcha to accompany Turing? Can he have captured some input and send it over & over?

Jul 25, 2007 19:30

No, but I installed the Turing plugin after his first spam. Does that information help?

Jul 25, 2007 19:34

Hi, EdB.

Is it possible to modify your code so that the question and its answer can change and displayed randomly?

I did that for another site and it works well, but I wasn't able to hack your code!

Thanks,
Nino

Jul 26, 2007 00:13

The ban symbol will ban the domain name AND report it to central. Getting the updates from central will give you a headstart against spammers who have hit other b2evolution users. THAT is step one in the fight against spam! So click the ban symbol, then click 'submit' on the next page to clean up your hitlog and comments, and to report it to central, and to ban it forever from your blog.

"Simple Turing Test" is the only plugin I've written to fight comment spam. I left a test comment on your blog and see where you do not give the answer to people who have already commented. Therefore the only way spam passes it is if the source of the spam is actually a human sitting at a computer typing in their stuff. Part of accepting the comment is to require the correct answer, so injected comments (like how spam-bots do it) will not pass.

A collection of questions and answers is a possibility that I hadn't thought of, but why? Note that if your problem is due to someone actively spamming you (instead of a robot) then it won't help because all STT does is attempt to verify that a person is sitting at a computer. It is basically a captcha that uses words instead of text warped into an image. It uses the same exact hooks as captcha, but puts text there instead of an image. In fact, STT was made by looking at captcha and converting it to "question and answer instead of random text in image". BOTH will suffer the same utter failure IF the spammer is a person sitting at a computer.

ANTISPAM will block it - as long as they are pushing the same domain name, so get onboard with step #1 and ban/delete/report spam that hits you.

Oh and by the way once upon a time I made someone in the forums mad. Well, I've done that a few times, but once the person decided to reward me by being my personal spammer. Tons of stupid hitlog spam, and nothing consistent to ban. So I banned the IP address range for a week. Problem solved. :)

Jul 27, 2007 10:11

¥åßßå wrote:

I'd just ban the whole domain : http://www.sportsguns.co.uk/adminSite/userimages/ :|

¥

I've read the manual, but I didn't succeed to do that! Can you help me?

I would like to ban the IP, too. In the manual is said that I have to go to Stats click on "Referers" and so on, but I don't see in the list the IP I would like to ban :'(

Any help?

Thanks,
Nino

Jul 27, 2007 11:21

Thanks!

What about the IP?

Why isn't it in the stats?

Ciao,
Nino

Jul 27, 2007 17:55

Yeah you can type it in, but when you're in your back office looking at comments you should have a "ban" symbol next to each commenter's URL. Assuming it's there if you deem something spam clicking the ban symbol will take you to your antispam tab filled in with the offending URL. 3 or 4 boxes will be checked for "delete the hits" and "delete the comments" and "ban the URL" and "report the URL", so you uncheck what you don't want to do then click the submit button.

For future spammers eh?

I'm still a bit concerned about spam getting through STT though. Gotta be a human I think. I guessed at the word but since I don't read your language I knew it was possible the answer wasn't even on the page, so how could a spam-bot know what to put?

Jul 28, 2007 07:53

Hi all!

I found how to ban the sender (just as you said). I wasn't able to do that before, because I was deleting the comments. And because, without deleting them, I was trying to find IP in "Stats" following the manual!

Now I put the IP in .htaccess, but it doesn't seem to me a very easy method because I have to wait a spam and then put its IP in .htaccess, which could become very long!

EdB, I'm shocked... I cannot understand how can humans waste this way! I would like to have the same amount of time to waste!

The other thing I don't understand is why that person sends spam commenting always the same two old posts? I would have done that with the last post! Is there any technical reason?

Thanks for helping me.

Ciao,
Nino

Jul 28, 2007 10:15

No "technical" reason that I know of, other than (I guess) those are what are bookmarked. Total guess. I have no actual idea how that stuff happens, but it's almost always the same couple of posts. It changes over time too.


Form is loading...

Online manual generator – This forum is powered by b2evolution CMS, a complete engine for your website.