My Coppermine has been SPAMMED ! My Coppermine has been SPAMMED !
 

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Main Menu

My Coppermine has been SPAMMED !

Started by ABQMark, April 28, 2009, 04:30:33 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

ABQMark

Hi,

I noticed that my Coppermine ver 1.4.1 has been spammed. They are getting for trickier by the day.
I have it set to Registration Authorization Required in the Config.
When i recieve an email, i get new-user-requests from names like tuvw345, abcde123, etc. Those I can catch, and not allow them access.
Some names get thru. They use regular first names.

The SPAM comes in the way of the Comments for the photos. I had to delete 3000 comments. People were complaining of the long comments.
I just set the comment max characters to Zero, and max lines to Zero.

It would be nice to have, in the Config, an option for  "NO COMMENTS".

Also, DEFINATELY needs a CAPTCHA routine in the registration process!

Thanks, Mark

Nibbler

Both of these things already exist. Please update your gallery to the current version, read about group permissions in the manual and search the board for "CAPTCHA".

Joachim Müller

Out of the box, comments are disabled for guests, so you must have deliberately enabled them once, using the groups control panel... ::)

Anderl

Hello Mark,

I made similar experience with spam comments. With an update and captcha code you make it more difficult to spam your gallery but not impossible at all.

I go different ways now. On my website I have the gallery and also a forum. Inside the forum php code I implemented a direct spam checker. It means the user name, e-mail and IP is compared with a black list. But this prevent only the forum....

So I created by my own a .htaccess file which refuse all "black list" IP's in general. If they try to open the website they receive the Error Code 403, Forbidden! So the spammer (hacker) have no access to the domain/website at all.

In another thread I already offered this solution, but Joachim does not see the sense why to do it in this way.... :D

I use the new .htaccess since a few days and Spam is going down to Zero.... but in my logfiles the Erorr Code 403 is recoreded very often :)

My file have around 5700 lines (140 kb) but this is no problem and doesn't increase the time to load the website. I even checked this with my provider. I blocked single IP's and even a range of IP's. Actually I blocked over 200.000 IP's. The Anti-Spam community is well organized and the IP's of possible spammers are submitted and available within hours in simple text listings which you can download and implement into your htaccess file.

This is in my point of view the most effective way to "kill" the spammers before they can open your website. If you like to know more, then please contact me by PM.

Regards

Anderl





Hein Traag

Quote1.4.1
<-- if that part of your post is true then you need to u-p-g-r-a-d-e asap.