Comment spamming - Captcha mechanism defeated?
Lapinoo
Joined: 2004-05-08
Posts: 378 |
Posted: Wed, 2008-08-27 10:32 |
Since a few days, my Gallery 2 gallery gets spammed all day long. I receive some lenghty comment spams every minute or so, although the captcha is activated. So I guess, it has been defeated or there is a way to get arround it. For the moment, I had to : - Modify the .htaccess file to block several machines : order deny,allow deny from 74.55.143.210, 75.125.222.242, 74.55.30.18 </Files> - Use the SQL requests from http://thedesignspace.net/MT2archives/000495.html to remove thousands of spam. Am I the only one to be attacked recently or some of you have the same problem? |
|
Posts: 32509
what version of g2 / captcha / comment modules are you using?
things have improved in G2.3. there's akismet, a slightly improved captcha, comment moderation, and you could also consider the 3rd party recaptcha module.
--------------
Documentation: Support / Troubleshooting | Installation, Upgrade, Configuration and Usage
Posts: 378
Right now I am using 2.2.5.
If things get worse, I'll upgrade to G2 2.3 RC1. But I prefer to stay on stable releases.
Posts: 32509
Yes, 2.2.x's image captcha has probably been broken. Given that it's much simpler than Google's or Yahoo's captcha which both have been broken already, it's no surprise that image captcha's don't stop a determined spammer anymore.
G2.3's akismet support (built into the comment module) is addressing the problem by employing a different technique which seems to yield satisfactory results.
--------------
Documentation: Support / Troubleshooting | Installation, Upgrade, Configuration and Usage
Posts: 3
On my Gallery it started today in the morning too. So it seems, you're right...
Posts: 378
Too bad...
The modification of the .htaccess + cleaning via SQL worked fine for me ! I get one hit that is banned every 30 seconds ;)
Posts: 3
I've disabled comments for the moment.
But I think about something like that:
I'm looking for a special JPEG file. It could be completely single colored, 10.000.000 by 10.000.000 pixels in size or so...
Somebody knows how to create such an image?
Or give them a 1GB random file. Let's see who has more bandwidth...
Posts: 3
Here is the complete code to deliver another captcha image to special IP addresses:
This code is tested.
Maybe it works if the P in the RewriteRule is replaced by R (redirect instead of proxy). Maybe then it is possible to redirect the bot to a very large file on a very fast server...
Posts: 378
Very nice ;)
Posts: 3
Got hit with an ongoing comment spam attack this morning. It had been running about 5 hours when I shut off comments - haven't totaled up the messages yet.