Album spam in gallery 2

mherbold

Joined: 2008-07-08
Posts: 1
Posted: Tue, 2008-07-08 04:15

I am using the latest version of Gallery 2 as of the time of this posting. Just recently all of a sudden I'm getting spam - not comment spam... but somehow someone is creating new albums on my Gallery 2 installation (without a user and password) at the top level and naming them like CheapCialiasBlah, etc... how is this happening and what can I do to stop it? I'm deleting 2-3 a day now.
 
floridave
floridave's picture

Joined: 2003-12-22
Posts: 27300
Posted: Tue, 2008-07-08 05:12

Change your username and password.
Are permisisons set to allow users to add albums?
Can users regiseter? Do those registered users get a album? the user album has a setting for this.

Dave
_____________________________________________
Blog & G2 || floridave - Gallery Team
 
alindeman
alindeman's picture

Joined: 2002-10-06
Posts: 8194
Posted: Tue, 2008-07-08 12:42

Also, might be a good idea to nuke all the user sessions in 'Site Admin' -> 'Maintenance' in case someone stays logged in after you've changed your passwords.

--Andy
Consider giving back to Gallery
 
jtoce

Joined: 2009-01-25
Posts: 2
Posted: Sun, 2009-01-25 10:04

I had the same problem, when a friend created an unsecure album with no restrictions on people creating albums and items. I had 50k+ comments, albums, and items that were SPAM.

So here's my solution:

CREATE TEMPORARY TABLE tmptable
SELECT g_id
FROM g2_Comment
WHERE g_commenterId = 5;

DELETE g2_Entity
FROM g2_Entity
INNER JOIN tmptable ON g2_Entity.g_id = tmptable.g_id;

DELETE g2_ChildEntity
FROM g2_ChildEntity
INNER JOIN tmptable ON g2_ChildEntity.g_id = tmptable.g_id;

DELETE g2_Comment
FROM g2_Comment
INNER JOIN tmptable ON g2_Comment.g_id = tmptable.g_id;

DROP TEMPORARY TABLE tmptable;

CREATE TEMPORARY TABLE tmptable
SELECT g_id
FROM g2_Item
WHERE g_OwnerId = 5;

DELETE g2_Entity
FROM g2_Entity
INNER JOIN tmptable ON g2_Entity.g_id = tmptable.g_id;

DELETE g2_ChildEntity
FROM g2_ChildEntity
INNER JOIN tmptable ON g2_ChildEntity.g_id = tmptable.g_id;

DELETE g2_FilesystemEntity
FROM g2_FilesystemEntity
INNER JOIN tmptable ON g2_FilesystemEntity.g_id = tmptable.g_id;

DELETE g2_ItemAttributesMap
FROM g2_ItemAttributesMap
INNER JOIN tmptable ON g2_ItemAttributesMap.g_id = tmptable.g_id;

DELETE g2_AlbumItem
FROM g2_AlbumItem
INNER JOIN tmptable ON g2_AlbumItem.g_id = tmptable.g_id;

DELETE g2_DataItem
FROM g2_DataItem
INNER JOIN tmptable ON g2_DataItem.g_id = tmptable.g_id;

DELETE g2_Item
FROM g2_Item
INNER JOIN tmptable ON g2_Item.g_id = tmptable.g_id;

DROP TEMPORARY TABLE tmptable;

I won't pretend it's perfect- but it cleaned up the majority of my SPAM. The total item counts are still a bit off, but otherwise it's fine. NOTE- it deletes everything posted by the Guest user. So if you have the good mixed in with the bad, it ain't gonna separate the two.
 
jtoce

Joined: 2009-01-25
Posts: 2
Posted: Mon, 2009-01-26 17:41

BTW- In case it bears repeating- anytime you modify the database directly, it's dangerous and can have unforeseen consequences. I'm by no means a Gallery developer so follow my advice at your own risk.