Server Abuse - Please watch your comments!

**Kayla** · June 19th, 2007, 1:15 PM

If you have guestbooks installed, photo galleries, basically anything that can receive a comment by a third party - please keep an eye on them!

I am writing this because SH104 was just running very slowly - and Dan noticed many connections to a certain database. It turns out that an install of Gallery was receiving thousands of spam comments on all of the images. Right now there must be almost 50,000 spam messages on these photos - dealing with watches, insurance, etc. This was causing the server to run slowly due to all of those constant connections.

Please lock down comment areas on your site!

**MarkRH** · June 19th, 2007, 7:34 PM

I noticed a comment on my Gallery installation that was just full of spammage and other crap. It must have been a person since it has a Captcha test they have to get by. That probably saved me from getting comments on everything but the main gallery page.

But yeah, my other Guestbook script gets around 150-200 attempts a day to fill it with crud from 827 different IP addresses so far... and that's in only 12 days.

Thought about changing my guestbook pages to randomly generated characters or something. Not sure what the best method is to use the least system resources.

**Kayla** · June 20th, 2007, 12:28 AM

It is really sad how these bots ruin perfectly normal applications.

**David** · June 20th, 2007, 3:02 AM

12000 views? That's about how many views pictures of me get hourly.

**Edwin** · June 20th, 2007, 3:07 AM

Will check my gallery installation. But I agree on the comment by Kayla.

Too bad some people find it fun to do this kind of things

**markscns** · June 20th, 2007, 7:15 AM

I checked a gallery that I use very little a few days ago Kayla, and could not believe the amount of spam posts. i just ended up deleting all comments using mySQL. Of course after that as you mentioned, I turned off the ability to add comments.

At least with my blog Akismet, is doing a good job keeping it spam free.

**Dan** · June 20th, 2007, 8:05 AM

I just took the shoutbox off my site because it's too easily exploitable and I dont want to have to deal with that eventually

**GamingHybrid** · June 20th, 2007, 5:56 PM

Na, you can have comments on your site.... just ensure it requires registration or at least uses one of those "type the rods from the picture above" things... or a trick question thing.

**David** · June 20th, 2007, 7:37 PM

I've been getting fake hosting orders recently. I wonder if it's the same thing that's going on here.

June 19th, 2007, 1:15 PM	#1 (permalink)
Kayla Marketing Maven Surpass Staff Joined in May 2003 Lives in Orlando 24,749 posts Gave thanks: 946 Thanked 806 times	Server Abuse - Please watch your comments! If you have guestbooks installed, photo galleries, basically anything that can receive a comment by a third party - please keep an eye on them! I am writing this because SH104 was just running very slowly - and Dan noticed many connections to a certain database. It turns out that an install of Gallery was receiving thousands of spam comments on all of the images. Right now there must be almost 50,000 spam messages on these photos - dealing with watches, insurance, etc. This was causing the server to run slowly due to all of those constant connections. Please lock down comment areas on your site! __________________ Follow Surpass on Twitter and Facebook Check out the Surpass Blog

June 19th, 2007, 7:34 PM	#2 (permalink)
MarkRH Race Surpass Super #1 Joined in Jul 2006 Lives in Oklahoma City, OK Hosted on sh102 1,222 posts Gave thanks: 18 Thanked 86 times	I noticed a comment on my Gallery installation that was just full of spammage and other crap. It must have been a person since it has a Captcha test they have to get by. That probably saved me from getting comments on everything but the main gallery page. But yeah, my other Guestbook script gets around 150-200 attempts a day to fill it with crud from 827 different IP addresses so far... and that's in only 12 days. Thought about changing my guestbook pages to randomly generated characters or something. Not sure what the best method is to use the least system resources. __________________ SH102 : Mark Headrick - Blog - Gallery Pelicar \| Company of Valor \| Mysstie Wolfestar

June 20th, 2007, 12:28 AM	#3 (permalink)
Kayla Marketing Maven Surpass Staff Joined in May 2003 Lives in Orlando 24,749 posts Gave thanks: 946 Thanked 806 times	It is really sad how these bots ruin perfectly normal applications. __________________ Follow Surpass on Twitter and Facebook Check out the Surpass Blog

June 20th, 2007, 3:07 AM	#5 (permalink)
Edwin Surpassing Dutch Super #1 Joined in Sep 2004 Hosted on SH98 2,548 posts Gave thanks: 188 Thanked 45 times	Will check my gallery installation. But I agree on the comment by Kayla. Too bad some people find it fun to do this kind of things __________________ sh98

June 20th, 2007, 7:15 AM	#6 (permalink)
markscns 01101100 Super #1 Joined in Jan 2006 Lives in West Michigan Hosted on SH92 1,613 posts Gave thanks: 49 Thanked 114 times	I checked a gallery that I use very little a few days ago Kayla, and could not believe the amount of spam posts. i just ended up deleting all comments using mySQL. Of course after that as you mentioned, I turned off the ability to add comments. At least with my blog Akismet, is doing a good job keeping it spam free. __________________ twinlakeweather.us SH92

June 20th, 2007, 8:05 AM	#7 (permalink)
Dan Staff of Surpass Super #1 Joined in Apr 2007 2,744 posts Gave thanks: 152 Thanked 184 times	I just took the shoutbox off my site because it's too easily exploitable and I dont want to have to deal with that eventually __________________ D4nz Net - Surpass Help Desk - NES Forever Use the thanks button. It works! AIM: dansorl

June 20th, 2007, 5:56 PM	#8 (permalink)
GamingHybrid Bow before Surpass! Super #1 Joined in Sep 2004 1,547 posts Gave thanks: 91 Thanked 49 times	Na, you can have comments on your site.... just ensure it requires registration or at least uses one of those "type the rods from the picture above" things... or a trick question thing. __________________ Wii Hotspot - Upcoming project! -http://www.wiihotspot.com Make a cPanel Login Form \| Why is my Account Suspended?

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search