Comment spamming - Captcha mechanism defeated?

Lapinoo
Lapinoo's picture

Joined: 2004-05-08
Posts: 378
Posted: Wed, 2008-08-27 10:32

Since a few days, my Gallery 2 gallery gets spammed all day long.

I receive some lenghty comment spams every minute or so, although the captcha is activated.

So I guess, it has been defeated or there is a way to get arround it.

For the moment, I had to :

- Modify the .htaccess file to block several machines :

order deny,allow
deny from 74.55.143.210, 75.125.222.242, 74.55.30.18
</Files>

- Use the SQL requests from http://thedesignspace.net/MT2archives/000495.html to remove thousands of spam.

Am I the only one to be attacked recently or some of you have the same problem?

 
valiant

Joined: 2003-01-04
Posts: 32509
Posted: Wed, 2008-08-27 18:46

what version of g2 / captcha / comment modules are you using?
things have improved in G2.3. there's akismet, a slightly improved captcha, comment moderation, and you could also consider the 3rd party recaptcha module.

--------------
Documentation: Support / Troubleshooting | Installation, Upgrade, Configuration and Usage

 
Lapinoo
Lapinoo's picture

Joined: 2004-05-08
Posts: 378
Posted: Wed, 2008-08-27 19:58

Right now I am using 2.2.5.

If things get worse, I'll upgrade to G2 2.3 RC1. But I prefer to stay on stable releases.

 
valiant

Joined: 2003-01-04
Posts: 32509
Posted: Wed, 2008-08-27 22:07

Yes, 2.2.x's image captcha has probably been broken. Given that it's much simpler than Google's or Yahoo's captcha which both have been broken already, it's no surprise that image captcha's don't stop a determined spammer anymore.
G2.3's akismet support (built into the comment module) is addressing the problem by employing a different technique which seems to yield satisfactory results.

--------------
Documentation: Support / Troubleshooting | Installation, Upgrade, Configuration and Usage

 
igs165

Joined: 2008-08-28
Posts: 3
Posted: Thu, 2008-08-28 18:30
Lapinoo wrote:
Am I the only one to be attacked recently or some of you have the same problem?

On my Gallery it started today in the morning too. So it seems, you're right...

 
Lapinoo
Lapinoo's picture

Joined: 2004-05-08
Posts: 378
Posted: Thu, 2008-08-28 19:26
igs165 wrote:
On my Gallery it started today in the morning too. So it seems, you're right...

Too bad...

The modification of the .htaccess + cleaning via SQL worked fine for me ! I get one hit that is banned every 30 seconds ;)

 
igs165

Joined: 2008-08-28
Posts: 3
Posted: Fri, 2008-08-29 08:31
Lapinoo wrote:
The modification of the .htaccess + cleaning via SQL worked fine for me ! I get one hit that is banned every 30 seconds ;)

I've disabled comments for the moment.

But I think about something like that:

httpd.conf:
RewriteCond %{REMOTE_ADDR} ^bad.ip.address$
RewriteRule ^.*CaptchaImage.*$ http://myserver/a_nice_picture.jpg [P,L]

I'm looking for a special JPEG file. It could be completely single colored, 10.000.000 by 10.000.000 pixels in size or so...
Somebody knows how to create such an image?

Or give them a 1GB random file. Let's see who has more bandwidth...

 
igs165

Joined: 2008-08-28
Posts: 3
Posted: Fri, 2008-08-29 11:28

Here is the complete code to deliver another captcha image to special IP addresses:

# Apache configuration file to prevent special IP addresses from
# getting the Gallery captcha image

RewriteCond %{REMOTE_ADDR} ^74.55.30.18$ [OR]
RewriteCond %{REMOTE_ADDR} ^74.55.143.210$
RewriteCond %{QUERY_STRING} ^.*captcha.*
RewriteRule /gallery2/.* http://upload.wikimedia.org/wikipedia/commons/3/36/The_gesture02.jpg [L,P]

# vim:set ft=apache:

This code is tested.
Maybe it works if the P in the RewriteRule is replaced by R (redirect instead of proxy). Maybe then it is possible to redirect the bot to a very large file on a very fast server...

 
Lapinoo
Lapinoo's picture

Joined: 2004-05-08
Posts: 378
Posted: Fri, 2008-08-29 12:29

Very nice ;)

 
cehartley

Joined: 2008-07-19
Posts: 3
Posted: Wed, 2008-09-03 17:59

Got hit with an ongoing comment spam attack this morning. It had been running about 5 hours when I shut off comments - haven't totaled up the messages yet.