Results 1 to 13 of 13
  1. #1
    Join Date
    Dec 2006
    Posts
    149

    Drupal website under attack by spammer

    Hi,
    I have a Drupal based website which allows comments on posts after validating through CAPTCHA.
    Someone has been using a robot to bypass Image CAPTCHA and spam my site by posting hundreds of comments each day.
    I use Google Analytics and Statcounter counters on my site. But I haven't been able to find spammer's IP address from visitor logs as the spammer comes directly to my site without any referral.
    Is there a way to find spammer's IP address and block it in the .HTACCESS file?

    I don't think I can stop the spammer just by applying CAPTCHA on comments.

  2. #2
    Join Date
    Dec 2007
    Posts
    63
    I'd check the Drupal logs, I would hope it records the IP address used to post a comment.

  3. #3
    Join Date
    Apr 2009
    Posts
    839
    check your apache log on a specific requests like "&addcomment" or anyway how it is working in drupal

  4. #4
    Join Date
    Aug 2004
    Location
    Indonesia
    Posts
    31
    use mollom modules this will reduce your spam issue
    Wowtutorial.org | IT Server Tutorials For Dummies

  5. #5
    Join Date
    Nov 2001
    Location
    Vancouver
    Posts
    2,416
    Anti-spam advice: While chanting "umm umm boogaloo" in a soft yet insistent voice, spin quickly around 10 times whilst holding plastic bag containing a) a clove of garlic, b) a sprig of rosemary, and c) a leg of lamb, preferably already butchered and ready for the barbecue, and d) a cup of good quality red wine with a tablespoon of dijon mustard mixed in.

    Let sit in the bag, refrigerated, for at least 8 hours. Then cook until just pink inside. Enjoy.

    Oh, the spam? Who cares when you have bbq'd leg of lamb!
    “Even those who arrange and design shrubberies are under
    considerable economic stress at this period in history.”

  6. #6
    Try using RECAPTCHA. It's more effective.
    http://www.recaptcha.net/

  7. #7
    Make sure that your modules is updated to the latest version and be sure that Mod_security is installed on your server. Also keep your eye on the website logs. There are the fingerprints left from the hacking attempts, and that could be early warning that somebody is testing your scripts.
    Support Facility | 24/7 web hosting technical support services
    Technical support | Server management | Data migration

    Technical Articles

  8. #8
    Join Date
    Jun 2009
    Location
    Kochi,India
    Posts
    177
    which version of Drupal have you installed?
    Ezeelogin -
    The ultimate multiple server administration software.
    *Parallel shell *rm -rf protection *SSH logging*automated password changes*encrypted storage*
    AdMod.com -Delivering innovative web hosting solutions

  9. #9
    Join Date
    Dec 2006
    Posts
    149
    Thanks everyone for your suggestions,

    I have Drupal 6.4 but I don't want to go through the trouble of updating it.

    I have been able to find spammer's IP addresses from Drupal's logs. But that is not useful as he is not using a static IP. One set of posts come from an IP that is located in Germany, the second set of posts come from an IP in Sweden. He is spamming with different IPs. But I'm sure it's the same person.

    Let me try advanced modules of Drupal, that's my only hope.

  10. #10
    Join Date
    Oct 2007
    Location
    India
    Posts
    429
    Use drupal's captcha modules. Change your captcha to math captcha/identify missing letter captcha/choose the odd word captcha/random captcha.

    This will stop spam.
    "For I know the plans I have for you" declares our Lord Jesus Christ, "they are plans to prosper you, to give you a hope and a future and not to destroy you." - Jeremiah 29:11

  11. #11
    Join Date
    Dec 2006
    Posts
    149
    Quote Originally Posted by technichristian View Post
    Use drupal's captcha modules. Change your captcha to math captcha/identify missing letter captcha/choose the odd word captcha/random captcha.

    This will stop spam.
    That's exactly whats failing me.

  12. #12
    Join Date
    Oct 2007
    Location
    India
    Posts
    429
    Uh, I thought image captcha was failing you?
    "For I know the plans I have for you" declares our Lord Jesus Christ, "they are plans to prosper you, to give you a hope and a future and not to destroy you." - Jeremiah 29:11

  13. #13
    Join Date
    Dec 2006
    Posts
    149
    Quote Originally Posted by technichristian View Post
    Uh, I thought image captcha was failing you?
    All of the CAPTCHAs are failing: Image, text, math

Similar Threads

  1. Looking to host drupal website.
    By keyo in forum Web Hosting
    Replies: 5
    Last Post: 11-26-2008, 11:09 AM
  2. Drupal website need new design
    By ystanley in forum Design Requests
    Replies: 3
    Last Post: 11-21-2008, 07:04 AM
  3. Replies: 0
    Last Post: 08-22-2008, 11:35 PM
  4. Offering free: Complete Drupal Installation (website)
    By Blueheaven in forum Employment / Job Offers
    Replies: 2
    Last Post: 04-10-2005, 08:56 PM
  5. Replies: 8
    Last Post: 11-13-2003, 10:14 PM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •