Results 1 to 4 of 4
  1. #1
    Join Date
    Feb 2004
    Posts
    248

    Constant spam posted to my site

    On my site, I have a comment area for every page.

    Over the past month, people have been posting a lot of "comments" that are just mass links to porn sites, etc. The problem is accelerating, I'm getting several every day now.

    What can I do to stop this?

    My code is designed to make it hard to use an automated script, so I looked in my web log files to see how it's been added. There are no entries in the log for the form submissions that would have added the spam comments. That has me worried that my site has been hacked in some way.

    I log the IP address in my DB, and the IP's seem to come from all over the place; several different countries for an identical set of links. I do block the IP's subnet in my .htaccess file each time but it's always a new IP.


    I've already taken down a couple of my lower traffic sites because of lack of time to deal with deleting the comments.

  2. #2
    Join Date
    Sep 2000
    Location
    Alberta, Canada
    Posts
    3,109
    If you have a Shared Hosting account you should speak to your Hoster about this. There are security settings they can implement which should help.

    As to what you can do and presuming this problem is with a Forum/Blog script, make sure no one can post without first signing up and make sure every new Signup requires Admin Authorization. Also, enable CAPTCHA or download a CAPTCHA addon.
    PotentProducts.com - for all your Hosting needs
    Helping people Host, Create and Maintain their Web Site
    ServerAdmin Services also available

  3. #3
    Join Date
    Feb 2004
    Posts
    248
    It is shared hosting. What sort of settings should I ask them about?

    I hate the idea of requiring log-ins. Personally, there's very few sites I sign up for an account on, and for a site like mine it would severely cut down on users.

    Captchas are inherently flawed, and that site wants to either post ads or charge $130/year. My site should be forcing the users to download the form and either parse the downloaded form to automate submissions or fill it in and submit it normally. There's a unique one-time-use key on each form as a hidden input field. My site alone isn't worth the effort of writing a parser, so I still think these are being manually submitted. What worries me there though is why don't the submissions show up in my log? Even an automateds submitter should be leaving a trail in the log.

  4. #4
    Join Date
    Sep 2000
    Location
    Alberta, Canada
    Posts
    3,109
    They are leaving a trail but in the Server log, which you cannot see/access.

    We've noticed an increase in the type of postings you refer to and a few settings in mod_security gets rid of them quite nicely. A ServerAdmin sees many things that a Client would not, simply because they have access to the complete Server. Once your Hoster knows about your situation they should know what to do.

    Also, that CAPTCHA link I provided was one I quickly got from a Google and didn't really check it out. You should do your own Googling to see what is available.

    The days of open posting Forums/Blogs are behind us now. Spammers have made sure of that by having their Bots go out and make garbage postings wherever they can. Unless you want the garbage postings to continue you will need to setup some sort of "authorization required" before posting.
    PotentProducts.com - for all your Hosting needs
    Helping people Host, Create and Maintain their Web Site
    ServerAdmin Services also available

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •