Spam now coming via Trackbacks
czarphanguye - February 1, 2005 - 14:43
How about some online Poker? Lmao.
I just wanted to warn everyone that Poker spam is now getting past the spam.module via track backs. I guess that module just needs deactivated until reply.
Regards,
Me, too
And while I can manually mark them as spam, they seem to be bypassing the spam filter. I'm hoping this isn't the case, because so far I'm getting just the first drips, but if past experience is any indication, I can expect a deluge within 24 hours.
What a perfect time for my brand new iMac to die on me.
--
mediagirl.org
patch for trackback
Can you try this patch (from this issue) for the trackback module? It requires the latest CVS version of the spam module, and should allow the spam module to filter trackbacks.
In retrospect, there are no 'mark as spam' or 'mark as not spam' links for trackbacks -- still more for me to do. But as is, it should be able to detect and auto-unpublish any spam trackbacks it already recognizes.
more updates
I've fleshed out the _spam hook more, and updated the trackback patch. Find it now attached to this trackback issue. I'd be very interested to hear how it works for people.
Heavy trackback spam, too
Had over 200 spam trackback hits on Kairosnews. I've disabled the trackback module for the moment. If anyone finds a solution, let us all know.
i can't delete them all.
i can't delete them all. I'm not sure if anyone else has this problem. Areas of the site that have comments turned off are getting comments via trackback, but since comments are turned off I can't see them in the post, and thus mark them as spam. I can delete them, and i'm sure the spam module will learn that it's spam without 100% of them. Is anyone else experiencing this?
[]+][+][+[]
erik mallinson
http://coacalina.org
Sorry. Can't confirm.
I'm using the new version of the trackback module. Trackbacks are listed separately instead of as comments.
However, it's not just Drupal that's getting hit. MT users I know are reporting it, too. Personally, I've wondered how long it would take spammers to figure this out.
I have been getting a ton of
I have been getting a ton of Online Poker/Online Casino spam. Initially, I just deleted the 50 or so spam comments. After I saw that this was happening on a daily basis, I blocked the IPs of the spammer. Evidentially the spammer has too many IPs for me to block manually.
I installed spam.module and have not had any spam posted to the public since the module was activated. I get daily emails from spam.module showing me the spam comments that were removed.
I do not have trackback enabled on the site in question; however I am also seeing a lot of spam in the REFERER logs. This is quite annoying. I imagine if I had trackback enabled, the spam would appear.
the spam module is blocking
the spam module is blocking 100% of the comment spam for me too. the trackback spam is really the problem here. i posted a bug the other day for the trackback module regarding it posting a trackback even though i unchecked 'publish'. it seems that it's somewhat related, ie- trackback module needs to go through more security checks when sending and recieving trackbacks.
erik mallinson
http://coacalina.org
[]+][+][+[]
Same here.
Trackback Spam has forced me to disable trackback. Ah, well. Just need to figure out how to stem the flood...again.
---
Code Orange: Drink Your Juice
has anyone gone to the spammer site?
http://www.psxtreme.com/
There's a form underneath that registers complaints, but i'm very skeptical. Wondering what others thought.
On another note, can we please get a checkbox system for managing comments into 4.6? it's not in line with usability to
click delete
click delete again
go back to comments on the sidebar
Some sort of 'select all' and 'with selected: do this' would be super, like the content admin area. :) Apologies if it's already in the works, spend most of my time with theme development...
[]+][+][+[]
erik mallinson
http://coacalina.org
After deleting hundreds of
After deleting hundreds of spam comments from this one spammer, I would very much appreciate some kind of "check box" or "select all" type feature to mass delete comments from within Drupal.
This funtionality *does* exist already.
The Spam Module has a patch called "comment.module.patch" in the optional folder, it adds mass updating capabilities to the Administer >> Comments panel.
Also, for proper spam detection, you must mark comments as spam and unpublish them, not delete them.
Unfortunately, this does not work with trackback spam, since they are not comments.
---
Code Orange: Drink Your Juice
I wasn't aware of a comment
I wasn't aware of a comment patch, thank you.
[]+][+][+[]
erik mallinson
http://coacalina.org
re: delete functionality
I am tired of the mass amounts of spam in my comment and content tables, so I'm intending to finally add functionality into the core module to auto-delete/mass-delete spam. I hope to get to this this weekend.
(It is unlikely that the tokenizing logic will drastically change any time soon, so I'm less worried about that than I used to be. Besides, the custom filters catch most the spam, the Bayesian filter is now mainly just a backup - albiet an effective one, at least for me.)
MT Blacklist
I've just commited (I think) my spam-mtblacklist module to a subdirectory of your spam module (as you suggested). Should now allow you to get a much better custom filter by importing the MT masterlist on a regular basis.
re: delete functionality
It is now possible to auto-delete spam comments and other content that matches a given custom filter. For example, you could setup a filter /online poker/i, and then configure that filter so every comment that matches it is automatically deleted (rather than unpublished, etc).
As of Feb 8, 2005 this is only in the cvs version of the module. After more testing, it will be merged into the official 4.5 release of the module. Thus, if you wish to test this functionality grab the latest cvs version of the spam module. Check the changelog if you're unsure which version you have.
saw this
I saw this comming some time ago and file a feature request at http://drupal.org/node/15510. There wasnt relaly an itch for getting at it, maybe this tracebackspam thing will get some people to take a look at jeremys suggestion?
--
groets
bertb
I'm begging you please...
I wish I had some programming/coding skills to offer...alas, all I can do is plead that some kind developer will make it so that we can mass-delete comments and trackbacks. And make it so that trackbacks will go through spam.module (which is a fine, fine feature!! I love the custom filters option.).
See above.
This does exist. But we need to file a feature request to see if Jeremy will make this work for trackbacks.
---
Code Orange: Drink Your Juice
Done
Submitted it this morning (stateside).
--
mediagirl.org
Thanks Media Girl
I will voice my support for the issue...Although, this might require a request to the trackback module team as well...not sure yet.
---
Code Orange: Drink Your Juice
Status, AFAIK
It seems that http://drupal.org/node/16569 issue is considered a duplicate of http://drupal.org/node/15510 issue, which is not a priority to the current maintainer, who has other matters on his plate. So any ideas on how to address this might help abbreviate the development of a patch. FYI....
--
mediagirl.org
We need to talk to the Trackback people.
According to Jeremy's post other module developers, like the trackback module team, need to hook into the Spam module to get this functionality. If Jeremy is too busy right now, perhaps we could ask them if they could work on this.
---
Code Orange: Drink Your Juice
re: _spam hook
It looks like I will have some free time this weekend to update the spam module. I intend to do some general cleanup, and to add a _spam hook to allow other modules to utilize the spam filtering functionality. Perhaps as a demonstration I'll include a patch for the trackback module, as I have seen multiple requests for this. At first glance, it does not look to be a difficult addition.
re: _spam hook
Per my comment above, this hook is provided and a patch for the trackback module is available.
I'm Getting Hammered Too
Trackback spam pouring in. I've disabled Trackback too. I've found the trackback entries fairly easy to delete using phpMySQL, but still a pain.
---------------------------------------------------------------
developer.* - The Independent Magazine for Software Developers
http://www.developerdotstar.com
Delete via database
Yes, I have also been nailed by the comment spammers/scum. As indicated in other comments, this is particularly hard to avoid and clean up in Drupal when they come via trackbacks. Ultimately, I found that the easiest way to identify and remove these was directly in the "trackback_received" table in the database (assuming, of course, that you have access to it via phpmyadmin or shell etc.)
Installing the dba module
Installing the dba module allows you to do some basic database manipulations from within drupal, which is more comfortable, IHMO.
HTH, Uwe.
--
http://www.hermann-uwe.de
For those getting totally hammered
I haven't checked on this, but since moving URLs is a slower process, perhaps IP blocking in htaccess would help stem the flood.
I am delighted that jeremy is on this. Woohoo!
--
mediagirl.org
The spammer that was hitting
The spammer that was hitting me had dozens of IP addresses. He probably has more. Spam is steadily increasing again after blocking known IP addresses. The spam.module is doing a good job deleting (or unpublishing) spam from my sites. Drupal's referrer logs are full of spammer links, though. That is annoying.
Reading this thread made me go create a band-aid
I looked at trackback.module and changed the beginning of the trackback_receive() function:
<?php
...
function trackback_receive(&$node) {
// Process TrackBack post data.
$trackback->url = check_url($_REQUEST['url']);
// Quick fix on trackback spam.
$evil_words = array( 'poker', 'psxtreme', 'freaky', 'howtoplay', 'holdem', 'casino', 'terashells' );
$is_not_spam = 1;
foreach ($evil_words as $reject_word) {
$reject_pattern = '[[:print:]]*'.$reject_word.'[[:print:]]*';
// If reject word is in comment, url, or blog name, reject the trackback.
if (eregi($reject_pattern, $trackback->url) ||
eregi($reject_pattern, $_REQUEST['excerpt']) ||
eregi($reject_pattern, $_REQUEST['blog_name'])) {
$is_not_spam = 0;
break;
}
}
if ($is_not_spam && $trackback->url && valid_url($_REQUEST['url'], TRUE)) {
...
?>
I just turned back on my trackback module, so I'll see if it works. Add evil words to the array as necessary. You can modify the if statement to remove the excerpt if it's too stringent. I wonder how many days or hours it'll take until this is defeated. I look forward to the real patch routing trackback comments through spam.module. Regards.
very smooth
that is very smooth I am turning it on right now!!!!
Survived first night
So far no trackback spam made it through the patch. I'm adding "phentermine" to my reject word list and changing the pattern matching to use
stristr(), which should counter injection of non-printing (e.g. control) characters to get past the regexp.<?php
...
function trackback_receive(&$node) {
// Process TrackBack post data.
$trackback->url = check_url($_REQUEST['url']);
// Quick fix on trackback spam.
$evil_words = array( 'poker', 'psxtreme', 'freaky', 'howtoplay', 'holdem', 'casino', 'terashells', 'phentermine' );
$is_not_spam = 1;
foreach ($evil_words as $reject_word) {
// If reject word is in comment, url, or blog name, reject the trackback.
if (stristr($trackback->url, $reject_word) ||
stristr($_REQUEST['excerpt'], $reject_word) ||
stristr($_REQUEST['blog_name'], $reject_word)) {
$is_not_spam = 0;
break;
}
}
if ($is_not_spam && $trackback->url && valid_url($_REQUEST['url'], TRUE)) {
...
?>
---
www.billkatz.com
www.writertopia.com
it is relentless and coming from China
This is ridiculous.
I am in the same boat. I have turned off trackbacks at this point as well
100's of them
They must be targeting drupal, I see them going for direct nodes.
purging unpublished comment spam
Jeremy said:
Yes, that would be perfect...just something we can set to purge the unpublished spam comments at regular intervals.
Along with mediagirl, I am cheering!
trackback spam solution
the trackback.module offered by drupal 4 bloggers will stop trackback spams.
Spammers
I modified my comment module to duplicate the MovableType module that checks the ip address against the SORBS DNSDbl service. It's catching a large percentage of them now. You can also block most of it in your htaccess by adding:
RewriteCond %{HTTP:VIA} ^.+pinappleproxy
As most of the hits are coming through using pinappleproxy. I also modified the comment module to adhere to the naming rules I set up for new users with this code added to the comment_validate_form function :
$deny = db_result(db_query("SELECT COUNT(*) FROM {access} WHERE status = 0 AND type = 'user' AND LOWER('%s') LIKE LOWER(mask)", strip_tags($edit['name'])), 0);
if ($deny != 0) {
watchdog('warning', t('Comment: spammer %subject.', array('%subject' => ''. $edit["name"] .'')));
form_set_error('name', t('The name you used is reserved for spammers.'));
}
Blocking any names that contain: %gambl%, %hold%, %online%, %phenter%, %poker% and %texas% has been enough to catch all but two from getting through to my moderation queue.
problem implementing RewriteCond
I don't know much about mod_rewrite. I tried the RewriteCond above as written in my .htaccess file. That then makes the entire site unaccessible. Is there a RewriteRule that should follow this?
Thanks for any help!
One reason for this could be
One reason for this could be that your webserver doesn't allow or support mod_rewrite. Ask your webhoster.
Uwe.
--
http://www.hermann-uwe.de
Full rewrite rule
RewriteCond %{HTTP:VIA} ^.+pinappleproxy
RewriteRule .* - [L,F]
still errors
Thanks! But I typed in the two rules verbatim in .htaccess files on two Drupal 4.5.1 sites each on a different server (one commerical hosting through open source host, one personally administered on SUSE 9.1). I also tried the rewrite cond/rules before and after the existing one's in the .htaccess. Got server errors in both instances.
Any more suggestions anyone? I'm glad to keep trying it if anyone is willing to throw out suggestions. I'd love to get all of those spamming sites out of my referrers and stop their trackbacks.
did you got this working?..
did you got this working?..
Sadly
I've yet to get the spam module working :(
I just disabled anonymous commenting for now :s
re: Sadly
Have you filed a support request against the Spam project? Be sure to download the latest version of the module...
Also
It really does take marking 100 or so spam comments before the filter really gets smart enough. I'm not sure how much you've been running it, or even if it's running for you, but working properly you wouldn't know it's working at all, potentially, until you get over 50 spam comments marked,.
--
mediagirl.org
i dunno, i think i've had
i dunno, i think i've had really similar spam comments but it's worked quickly for me. Mainly it takes a little configuration to make it sensible. Anybody who would link their site five times is a jackass, so they're out, as well as anything more. Twice is enough usually.
[]+][+][+[]
erik mallinson
http://coacalina.org
Fight back
Oh, too many sites -including drupal.org- disabling anonymous commenting, that's too sad. :-( And it seems we all are getting the same kind of spam.
I will only tell you what a friend of mine did, ok? ;-)
As the domains advertised seem to take nowhere directly, he did a little research, mainly whois, and found that all the domains advertised had the same owner and email address as administrative contact. That's public information.
So he sent a polite e-mail to the guy saying something like ' do not spam my site nor other Drupal sites, please'.
Only he sent the message, instead of plain text, in a small 3 Mb bmp picture.
I'm sure you guys are creative people and can think of better ways of sending similar messages, or better ways of finding the 'target'.
And we are only a few thousand people!
Of course he only sent one e-mail, as he doen't want to become a spammer himself. Not even spamming spammers.
With the patch
It's all water off my back. I have better things to do than start hunting down spammers on Gibraltar or whereever. The patches work.
I'm now holding my breath, wondering what will happen when it comes time to jump to 4.6.
--
mediagirl.org
You're right...
...we all have better things to do.
That's why only one guy can be doing that to all of us. It's actually how the World works, anyway...
I'm not even using trackback... so it's not my problem.
Good luck with the patches... and the next spam... and the next patches... :-)
Somebody look at this
http://drupal.org/node/29792
Someone found a way to combat trackback spam.
I have 48 pages of trackback requests in my approval queue
Hence, this feature request: http://drupal.org/node/29969
- David Herron - http://7gen.com/