Hacker / Spammer with Comments

boo

Hi,
We have recently taken comments off albums (removed the form etc) but someone is managing to post comments into the database with lots of links.

The comments do not appear in admin under "comments" but if we use the direct link to the comment from the confirmation email we get the output below.

--------------------

Warning: extract() [function.extract]: First argument should be an array in /home/users/username/html/domainname/gallery/zp-core/admin-comments.php on line 119

Notice: Undefined variable: custom_data in /home/users/username/html/domainname/gallery/zp-core/admin-comments.php on line 151

Notice: Undefined variable: inmoderation in /home/users/username/html/domainname/gallery/zp-core/admin-comments.php on line 167

Etc...

------------------
We are able to delete them so it's not a great problem but we are concerned that they may be able to corrupt the database.

Thanks

acrylian

You have still comments on the images enabled (if it is the site on your profile). Are you sure that does not get posted over those?

boo

Hi, yes I'm that is how they are posting, is this an attempt at sql injection ?
Is there any risk of them causing harm to the database ?

Many thanks.

acrylian

That might be an attempt or just spam. Seems you don't have any spam filter active and do you use Captcha (I know can be annoying for uses and of course bypassed by spammer, too)?

Actually we clear (sanitize) everything that is posted by our forms so that should not do any harm. Except they hack the db directly of course.

sbillard

If you turn off the "allow comments" option, no processing of comment posts will occur.

boo

Hi, ok we do want comments on images, so maybe we should consider enabling the spam filter, I've never really been a fan of anti-spam filters in case they block real comments.

We have had bulk spamming even wuith the capture enabled, it's been no problem deleting them tho so far, but what if they posted thousands of comments.

Ok, how does the simple filter work, on what criteria does it mark comments as spam ?

Many thanks.

sbillard

If you use one of the "none" filter you can force all comments to be placed in moderation for your review. The "simple" filter will also place questionable messages in moderation. That way no comments will be thrown away. "Simple" is a pattern matching filter. You supply the words you want it to detect.

The other thing is to use the Captcha.

boo

Hi, ok where can I set the words to filter for the simple filter ?

Thanks

acrylian

On the comments options.

boo

Oh sorry I didn't realise that you have to enable it first before the options appear.

Thankyou for your help.

boo

Hi, ok this is very confusing.
If I set excessive URL count 0 it blocks any comment regardless of the content.

Comments containing text such as www.testing.com is not marked as spam.

So I guess we need to use regular expressions in the blacklist section.

This is too complex for me, we want to mark any comment containing any form of web address as spam. (http) (a href) (www.)

Can you please provide the expressions, I'm sure it would be usefull for many other people as well.

Many thanks.

acrylian

If you have that lot problems with spammer you might consider to use something like Akismet. The plugin has been updated by a user to work again and can be found on our plugins page. However, you will need to create a Akismet account for that.

boo

Hi, ok would prefer not to rely on any external services although we may need to go the akismet route in the future.

What about spam assassin you used to include that, is that no longer working / supported ?

Thanks

acrylian

All except the simple filter are not officially supported as we don't use them ourselves (I don't use comments actually) and do not sign up to services we don't use (privacy concerns and the like)

These also were actually contributions by users who are no longer active and who did not updated them for a long time, so we took them out of the official release as we can't test them. The Akismet is reported to work again after the update.

boo

Hi, ok thanks for the info, I've enabled the simple filter for now and will be adding the spammers ip's, I think that's our best option for now.

It's been no problem deleting the spam them so far.

I take it the \[url=.*\] expression blocks a href tags, is that correct ?

Spammer's must be very sad and lonely people : - )

Many Thanks.

acrylian

Well, mostly these spam mails are generated automatically. Not really human resource involved..:-)

procoderstl

I am using:
* Zenphoto version 1.2.5 [4022] (Official Build)
* Current gallery theme: default
* PHP version: 4.4.9
* Graphics support: PHP GD library bundled (2.0.28 compatible)
* PHP memory limit: (Note: Your server might allocate less!)
* MySQL version: 4.1.22
* Database name: XXXXXX_zenphoto
* Table prefix: zp_
* Spam filter: simple
* Captcha generator: zenphoto
Active plugins:
* class-video v1.0.0
* filter-zenphoto_seo v1.0.0
Active filters:
* none

Here is the problem: I have comments enabled, but set to moderation so I can catch and block ip's related to spammers. A spambot is getting past the moderation routine and comments are appearing on photos now. Has anyone had this happen to them yet? Is there a patch somewhere that could help stop this?

sbillard

Have you made modifications to the simple spam filter? Out of the box there is nothing that will "set to moderation" for all messages--only those that it suspects as spam. In this case all the spambot has to do is out guess whatever you have setup as the spam triggers.

This filter is called "simple" for a reason--if you need more complex spam fitering you will need either to enhance the filter or use one of the third party spam filters from the WEB site. Alternatively you can use the "none" filter and set every post to moderation.