Spammers posting to forum containers - how? how to stop them?
On a high-traffic Drupal 5.18 site, for the past few days spammers (with authenticated accounts) have been posting to our forum containers. The resulting posts don't show up in the forum hierarchy because they're not in actual forums, but they do generate email notifications via the Subscriptions module, so that our users are clicking the links and seeing the spam. The volume of spam is not high -- a few posts a day -- but we'd like it to stop.
I can't figure out how the posts are getting into our system, because if you try to post to a container you get a message saying you can't do it. Any ideas? We are already using Mollom on both the registration form and the node form, but the spammers are getting through in both places.
Thanks in advance for any help you can offer.
Ben Stallings
Web Developer
Smartphone & Pocket PC magazine
Bad Behaviour module
Have you tried the bad behavior module http://drupal.org/project/badbehavior? Also install the captcha module to prevent bots from creating accounts on your site http://drupal.org/project/captcha
Hope this helps
Mollom does those things
Thanks for the suggestions, gmasky, but we're already running Mollom, which does both of those things. The spammers are getting past the captcha to create accounts (again, not many, but a handful per week), and their posts don't look like spam to a program. If they were posting to a forum, I'd just consider them part of the cost of doing business. But the fact that they're posting to a container, which they shouldn't be able to do at all, makes me think there's a vulnerability in Drupal that needs to be patched.
Any news on this?
Have you been able to find out how the forum container posts are created?
I'm an author of Subscriptions and maintainer of Forum Access, and I'm very interested in this issue, but I can't think of what is happening here...
hasn't happened since
This problem seems to have gone away since I posted, so no, I never found out how it was happening. Mysterious!