Posted 3 years ago #
This is bad! I have
Users must be registered and logged in to comment - checked,
Allow link notifications from other Weblogs (pingbacks and trackbacks - unchecked
Allow people to post comments on the article - unchecked
all three options checked in the Before a comment appears: section and STILL THERE IS SPAM COMING IN! HOW COME??!!
Trackbacks with spam, and this stuff kills me, i cant turn off comments all together from the admin panel?
i cant turn off comments all together from the admin panel?
no, you need to go to each post to turn off comments and trackbacks.
however, i created a plugin that will "turn off all comments" without touching each individual post's comments settings: switch-off-comments. this won't help with trackbacks, though.
Read this to solve all spam problems: http://wordpress.org/support/topic/72930
If you want an idea of the scale right now, yesterday Akismet stopped 2 MILLION spams. It has never had so many.
As I write, it's 1.5 million today.
Posted 3 years ago #
I think that there may be a genuine exploit here, even if the original post title sounds like a general whinge rather than a bug report.
I can confirm that, over the last two days, I (WP 2.0.2) have had a deluge of comment spam that has continued despite requiring commenters to be logged in. Since I set this, I have been checking and no new users have appeared.
My suspicion is that someone is POSTing direct and, by some means, the form processing isn't actually doing any user validation, or this is being bypassed.
I have my own anti-spam techniques (which I need to port from Perl) that I will be applying to fix the problem, but thought that I should flag a potential vulnerability to the WP developers.
I might even try writing a little Perl user agent to see if it can crack my own supposedly "locked down" 'blog; will report back to forum if I can find an obvious vulnerability.
examples please
Posted 3 years ago #
examples please
--- see above, I have the same thing at my 2.0.2 there is no way to post comments or trackback on my blog right now, but they do appear!
and the trackbacks, whats the point of in the admin menu --
"Allow link notifications from other Weblogs (pingbacks and trackbacks - unchecked"
??
so you unticked allow comments and allow pings for each post in your blog?
i'd like to see examples of the spam because i'd like to confirm whether the spam is a comment spam or trackback spam. some wp users don't know the difference. trackbacks can come thru even though you require a commenter to be registered and logged in.
"Allow link notifications from other Weblogs (pingbacks and trackbacks - unchecked"
that only changes the default for subsequent posts after the settings change is saved.
look at the subheading
Usual settings for an article:
think default.
While you guys weree writing these long posts - you could install the plugins recommended in the sticky on the frontpage and be a happy blogger.
This spam thing is always like the crime: the criminals are one step ahead of the police :)
As it was said million times, the registering requirements or whatever you change in the settings is effective against idiot humans.
But when the whole spamming became "industrialized" any kind of default protection is weak. The combination of 2-3 plugins does the job. Till lately I had a blog without those plugins, while the others were protected and spam free... the plugin-less blog was full of hundreds of spam comments/trackback.
And if you think I am exagerating about the spam industry, read this.
lol, i wouldn't trust akismet, bad behavior, and spam karma. they may do a fine job in curbing comment spam now, but they'll all eventually be defeated.
charle97, you just agreed to what I said comparing the situation with the criminals/police race :)
New spam techniques will lead to newer plugins... and so on.
i have a problem with people calling akismet, bad behavior, spam karma, and any other anti spam tool a "solution" for spam or "protection" against spam. they're all just temporary counter measures.
Posted 3 years ago #
this is not a point - there is no freaking way you can post a comment if you need to be registered to post and the registration is closed!
Still there is spamm coming in (not trackbacks)!
then there's probably a hole somewhere that the spammers are exploiting.
Posted 3 years ago #
"then there's probably a hole somewhere that the spammers are exploiting."
and will be exploiting! I think it should a priority issue and fixed asap!
So where's the hole? How can I recreate it?
don't know. he hasn't given additional info, so i have no clue what's wrong.
Posted 3 years ago #
I'm having this problem too. you must register to leave a comment. no new registrations. 100+ spam/day for each of the last couple of days. I have full console access to the server. any info I can provide to close this hole would be my pleasure. I'm not sure where to start. anbody have any suggestions?
a dump of the comments in question would be a nice start. examples, please.
Posted 3 years ago #
Hi,
may not be of interest, but I noticed on ALL php-scripts I maintain a SHARP rise of commentspam. And I don't mean WP, I literally mean ALL (like galleries, calendars, etc.), even where comments were turned off to start with.
From yesterday to tonite I had 500 spams in one gallery script.
Reads like a concrete exploit to me and yes, this will have to be fixed.
rstill - you probably missed this at the very top of the posts as big ol' sticky: http://wordpress.org/support/topic/72930
Posted 3 years ago #
I have it set to moderate first two posts by new members and all posts with more than 2 links, so the comments never actually get posted, I catch them in moderation, but here is the email notifications of the last two, modified I hope for obvious reasons. also the coresponding entries for the server stats.
A new comment on the post [removed] is waiting for your approval
http://www.[removed]
Author : poker sets (IP: 199.3.20.235 , 199.3.20.235)
E-mail :
URI : http://poker-sets[dot]yours-poker[dot]info/
Whois : http://ws.arin.net/cgi-bin/whois.pl?queryinput=199.3.20.235
Comment:
poker sets...
straw safeguard sightseeing triumphantly loads poker calculator http://poker-calculator[dot]completely-poker[dot]com/ ...
To approve this comment, visit: http://www.[removed]/blog/wp-admin/post.php?action=mailapprovecomment&p=168&comment=290
To delete this comment, visit: http://www.[removed]/blog/wp-admin/post.php?action=confirmdeletecomment&p=168&comment=290
Currently 1 comments are waiting for approval. Please visit the moderation panel:
http://www.[removed]/blog/wp-admin/moderation.php
-------------------
A new comment on the post [removed]" is waiting for your approval
http://www.[removed]/blog/?p=121
Author : how to play poker (IP: 219.22.232.128 , softbank219022232128.bbtec.net)
E-mail :
URI : http://how-to-play-poker[dot]poker-24x7[dot]us/
Whois : http://ws.arin.net/cgi-bin/whois.pl?queryinput=219.22.232.128
Comment:
how to play poker...
loves magnified farmhouse Latinizer stung duplicable biblically informality online poker http://online-poker[dot]tips-4poker[dot]com/ ...
To approve this comment, visit: http://www.[removed]/blog/wp-admin/post.php?action=mailapprovecomment&p=121&comment=292
To delete this comment, visit: http://www.[removed]/blog/wp-admin/post.php?action=confirmdeletecomment&p=121&comment=292
Currently 1 comments are waiting for approval. Please visit the moderation panel:
http://www.[removed]/blog/wp-admin/moderation.php
----------------------------------
IP pages hits bandwidth date/time
61.44.179.208 1 1 78 Bytes 19 May 2006 - 21:13
199.3.20.235 2 2 156 Bytes 19 May 2006 - 21:12
since more than one person seems to have experienced a problem with unwanted comments even though people must register to comment, please send your concerns to security@wordpress.org
Okay, I have been getting a ridiculous amount of spam lately on my blog as well. Akismet has caught nearly all of it (although 2 got through yesterday.. no biggie), but I have noticed that the amount is ramping up recently. Fortunately, I run my own server and maintain ridiculous amounts of logs, for entertainment value.
ALL of the recent spams, which do look like normal comments at first glance, have been coming in as trackbacks.
Example from my access.log:
24.123.76.219 - - [19/May/2006:23:00:41 -0500] "POST /blog/2006/02/05/new-day-new-look/trackback/ HTTP/1.0" 200 78
The spam (as shown in my Akismet panel):
Name: learn poker learn poker | URI: http://learn-poker.1free-poker.com/ | IP: 24.123.76.219 | Date: May 19, 2006
learn poker
wordiness!Redford redeeming trivial crown:hold em http://hold-em.yours-poker.info/ Scorpio refuted,empire poker http://empire-poker.all-4poker.com/
The point is that even though it LOOKS like a comment, it's still a trackback. Remember, things like name, uri, etc, these are just fields that can be filled in. It came in as a direct form submission, there was no load of the actual page before the POST query occurred. I've checked back for the last 20 spams I got, and every single one was a trackback.
Gentlemen, these are not comments, they are trackbacks.
Disabling comments is not going to help. Furthermore, disabling trackbacks will not help unless you edit every old post you have and disable trackbacks on all of those too, because both comments and trackbacks are a per-post setting. If you had comments on and then later turned them off, people can still comment on all the posts for which you had comments on. Same for trackbacks.
So really, install Akismet. It's not going to be worked around. Why? Because Akismet is a centralized system. Every comment, every trackback, these will go to Akismet's server and tell your blog if it's spam or not. If the spammer figures out how to get his spam through, then what will happen will be that Akismet updates their server code and that method stops working. One place to change things. It works. It will continue to work for the forseeable future. Use it. Be it. Love it.
tell that to resist.
How does resist know that these are comments and not trackbacks? Without the actual webserver's logs, there is no way to tell the difference.
look at the comments table, under comment type, or the use of the strong tag in the first line of the comment.
Posted 3 years ago #
otto42 seems to be right at least in my case. look at the bandwidth in the stats lines. 78 and 156 Bytes. I'll try Akismet and get back.
Posted 3 years ago #
Hi again,
I'm not so sure about this being trackbacks only. I just cleaned up 14 sites, 5 WP sites among them, these all have trackbacks turned off and Akismet installed. Conceded, there was less spam on them, than e.g. on some other sites (I just deleted way above 10.000 comments on a gallery site which allows comments only for registered users e.g.). I checked, all this SPAM stems from within the last 2-3 weeks, 4 at most, and the most SPAM happened during the last 4-5 days.
Thus to me it appears this is not specific to WP, someone must have "stepped up the game" and found some new general PHP code exploit.
Curiously, the spam I found from the last day includes URIs which point to official php-sites too. This special spam "feels" like very curious script kiddies. And once more: this is different domains, different scripts, everywhere with above standard spam protection. The amounts are equally ridiculous, I was notified by one host, that a script exceeded MySQL space allotment. There spam generated above 200 meg usage within one night, from the same spammer, which is pretty counter productive.
I've been checking the relevant support areas for all touched scripts, and this seems to be a netwide problem rising over the past days. All are PHP, most had medium to strict rules in place (including "reg users only" and antispam mods).
This topic has been closed to new replies.
