Recent Topics

1 Oct 14, 2005 20:28    

I've just moved my blog to a new server by taking a home directory backup and a DB backup. I reinstalled them both on the new server and all appeared to be fine. The domain has been pointed across to the new server and B2Evo was working fine.

Now whenever I open a bookmarked link to my site, or open any page within my site in a new window I get the following message:

403 Forbidden
Please stop referer spam.
We have identified that you have been refered here by a known or supposed spammer.

If you feel this is an error, please bypass this message and leave us a comment about the error. We are sorry for the inconvenience.

If you are actually doing referer spam, please note that this website/b2evolution no longer records and publishes referers. Not even legitimate ones! While we understand it was fun for you guys while it lasted, please understand our servers cannot take the load of all this cumulated spam any longer... Thank you.

Also, please note that comment/trackback submitted URLs will be tagged with rel="nofollow" in order to be ignored by search engines

I've checked file permission, the antispam tables, etc. and can't find what is casuing the headache.

Has anyone got any ideas on what might be up ?

The site is www.sirimo.co.uk and the install is b2evolution 0.9.1 "Dawn"

2 Oct 14, 2005 20:29

Note if you just click the link www.sirimo.co.uk you get the site, but if you open it in a new window you get the error.

3 Oct 15, 2005 03:08

Sirimo,

Tried the link (which opens by default in a new window), bookmarking your site, read the "new host" entry and linked to the photo that john had troubles with on the 14th ... it all looks good for me. (IE6)

Can't seem to duplicate the problem.

-stk

4 Oct 15, 2005 07:37

worked fine for me in a new window as well. I dunno.

5 Oct 15, 2005 11:21

What happens if you type the address in manually ? Or access the site from a bookmark ?

6 Oct 15, 2005 12:40

I've tried editing _main.php in /b2evocore from :

/**
 * Check for referer spam:
 *
 * (Inspired by Isaac's hack. Note: this is done differently in phoenix)
 */
if( empty($HTTP_REFERER) )
{	// There is no referer:
	if( $debug >= 2 ) echo '<!-- ash:no_ref -->';
}
else
{	// we have a referrer:
	if( strpos($HTTP_REFERER,$baseurl) === 0 )
	{	// We are referring from our own site:
		if( $debug >= 2 ) echo '<!-- ash:self_ref -->';
	}
	else
	{	// We're not referring from ourselves!
	 if( ! $DB->get_row( "SELECT aspm_ID, aspm_string
	  		 	FROM  $tableantispam
	       WHERE ".$DB->quote($HTTP_REFERER)." LIKE CONCAT('%',aspm_string,'%')
	       LIMIT 0, 1", OBJECT, 0, 'Advanced check for referer spam' ) )
		{	// Referer is not matched by antispam blacklist:
			if( $debug >= 2 ) echo '<!-- ash:ref_not_spam -->';
		}
		else
	  {	// THIS LOOKS LIKE REFERER SPAM!!
			require dirname(__FILE__).'/_referer_spam.page.php';	// error & exit
	  }
	}
}

To:

/**
 * Check for referer spam:
 *
 * (Inspired by Isaac's hack. Note: this is done differently in phoenix)
 */
if( empty($HTTP_REFERER) )
{	// There is no referer:
	if( $debug >= 2 ) echo '<!-- ash:no_ref -->';
}
else
{	// we have a referrer:
	if( strpos($HTTP_REFERER,$baseurl) === 0 )
	{	// We are referring from our own site:
		if( $debug >= 2 ) echo '<!-- ash:self_ref -->';
	}
	else
	{	// We're not referring from ourselves!
	 if( ! $DB->get_row( "SELECT aspm_ID, aspm_string
	  		 	FROM  $tableantispam
	       WHERE ".$DB->quote($HTTP_REFERER)." LIKE CONCAT('%',aspm_string,'%')
	       LIMIT 0, 1", OBJECT, 0, 'Advanced check for referer spam' ) )
		{	// Referer is not matched by antispam blacklist:
			if( $debug >= 2 ) echo '<!-- ash:ref_not_spam -->';
		}

	}
}

This solved the problem, but I guess will stop feeding the 403 page to the real spammers ?

7 Oct 15, 2005 17:17

I saved your file into "Favorites" and called it up from that. Also typed it in manually and also tried several internal links. All yielded your site without a glitch.

Guess I'm just not a spammer! ;)

Maybe your sitename is on the blacklist? (Or self referrals are not being identified as such?) Dunno.

Good luck.

Disabling the referral check for spammers would be one way of solving the problem! Don't know what we do, as the referral to "Phoenix" is doubtful any part of our current "Amsterdam" release. (Am waiting for stable Phoenix before we migrate up).

-stk

8 Oct 15, 2005 17:56

I removed the code above to stop the errors. I've had a number of people contact me regarding the errors, and I felt it was better to get the site back working for the visitors first.

The problem is still there if the code is put back.

9 Oct 15, 2005 18:21

Sirimo,

Sounds like you've identified WHERE the problem is, just not WHY. I agree. Do what's best for your visitors first.

Fighting SPAM is all good, but not when (1) you don't get much (any?) or (2) it gets in the way of the visitor's experience.

Based on the comment in the code you posted (that it's handled differently in the upcoming "phoenix" release), I'd say leave things as they are till the new release and *hope* that, when you upgrade, the issue (whatever it is) has been resolved.

In the meantime, hopefully you won't get much referral SPAM.

Cheers,

-stk

10 Nov 17, 2005 16:06

Sirimo wrote:

I removed the code above to stop the errors. I've had a number of people contact me regarding the errors, and I felt it was better to get the site back working for the visitors first.

The problem is still there if the code is put back.

Same problem here - I cannot post or edit posts without having all URLs labelled as invalid. Users and admins are getting the 403 referred by spammer error.

Ryan

http://realflorists.flowerchat.com

11 Nov 17, 2005 17:14

flowerchat,

flowerchat wrote:

I cannot post or edit posts without having all URLs labelled as invalid.

12 Nov 17, 2005 17:21

flowerchat wrote:

Sirimo wrote:

I removed the code above to stop the errors. I've had a number of people contact me regarding the errors, and I felt it was better to get the site back working for the visitors first.

The problem is still there if the code is put back.

Same problem here - I cannot post or edit posts without having all URLs labelled as invalid. Users and admins are getting the 403 referred by spammer error.

Ryan

http://realflorists.flowerchat.com

I blew out the entire antispam list, and that seemed to do it. I'll rebuild the list slowly and see what tag causes the problem.

13 Nov 17, 2005 17:23

flowerchat,

flowerchat wrote:

I cannot post or edit posts without having all URLs labelled as invalid.

First, are you sure that it's "all" URL's, or just some? I don't think that the system really says WHICH URLs are causing the problem, just that there IS a problem. Big difference.

Try this hack I made. For your post editing, IF you get an "invalid URL" warning from the HTML-checker, it'll tell you WHICH URL is causing the problem. That might help.

Here's the link ... [url=http://forums.b2evolution.net/viewtopic.php?t=5291]http://forums.b2evolution.net/viewtopic.php?t=5291[/url]

I'm still not certain about the spammer referral thing. It *might* be that your users are coming from a domain that has been included in the blacklist, so the system *thinks* they're spammers and denies them access. I'm not certain how you can track that, but if you could ... you could delete that one entry (or more) entries from the blacklist and the problem would go away.

Another thought ... you could test by flushing the anti-spam blacklist so that it doesn't contain ANYTHING ... then try to access the site and see if that makes a difference. If yes, then it's a blacklist entry issue. If no, then it's something else. EDIT - ACK ... my reading comprehension must suck, as I see you've already done this!

Another thought - my hack above will also identify URLs in your posts that are blacklisted, showing you exactly WHICH blacklisted word it's barfing on. Maybe you can use this in a backwards sense ... type in a website of one of the users that's getting the referral spam notice, into an entry, and see WHICH blacklisted word it corresponds to. -- *might* -- beat having to build the list from scratch?! :)

Don't forget to clear your cookies too, as I've often found that that helps the situation.

These are all just some IDEAS, as I've not had this problem before, so don't know the root cause.

Hope this helps.

-stk :D

14 Nov 17, 2005 18:01

Thanks - I'll try the hack this afternoon and see what that tells me.

Ryan


Form is loading...