Problems with SPAM? Read this!

ravetildon1 · Post by **ravetildon1** » Fri Jul 21, 2006 6:54 am

here's mine if ya want it?

Hey I just noticed that if I pull up this:

[PART REMOVED BY KLEMEN]

ravetildon1 · Post by **ravetildon1** » Fri Jul 21, 2006 6:57 am

It looks as though the same peopel are doing postings but with differnt ip's?

Post by **Klemen** » Fri Jul 21, 2006 9:51 am

Hmm, I don't like this. I will do some testing and tracking myself and hopefully can come up with a solution quick.

ravetildon1 · Post by **ravetildon1** » Fri Jul 21, 2006 10:08 am

cool, do you think my permissions are wrong? should peopel be able to view entries file?

Post by **Klemen** » Fri Jul 21, 2006 10:23 am

Well since it's a plain text file it can be viewed. You can rename the file to something "asdvfzieafhkj.txt" and set the new name for the file in settings.php under $settings['logfile'] (that's why it's for). But yes, I see the issue and will see if that can be renamed to a PHP file by default in next version (a PHP one couldn't be viewed).

Ninja1 · Post by **Ninja1** » Fri Jul 21, 2006 11:53 am

Couple of familiar names and URLs up there... Nik, Tomas and the Krasaoh link.
Different ip's though.

Few more:
[PART REMOVED BY KLEMEN]

Wasn't aware of the ability to view the entries.txt, have to change that later today

Post by **Klemen** » Fri Jul 21, 2006 8:47 pm

Hi,

I removed the SPAM info from the two posts as I don't want to advertise SPAMvertised websites here

I am now tracking posts at some test GBook I have installed on a website. It was version 1.35 and started getting some SPAM last few days. I updated it to 1.42 with some added tracking info but so far no spam... I have yet to get some of this new spam in the demo GBook as well.

I noticed IPs are from various countries (Japan, Russia, North Korea, Jemen, ...) and with so different IP numbers (and C classes) blocking them isn't a solution. Like said, will see what I can find out and post it here.

As for entries.txt I will have them renamed to entries.txt for next releases.

Regards,

ravetildon1 · Post by **ravetildon1** » Fri Jul 21, 2006 9:24 pm

You mean entries.php

Maybe they are using a rotating proxy application to submit the links, thats why they are differnt each time.

Post by **Klemen** » Fri Jul 21, 2006 11:08 pm

Yes, I meant entries.php

As for the SPAM problem my logs show these new spam posts really do come from anonymous proxies and are actually being sent out by someone located in Russia...

Give this file a try:
Download GBook 1.42 rev2

Cheepnis · Post by **Cheepnis** » Tue Jul 25, 2006 2:26 pm

I don't mean to sound rude, but why re-invent the wheel? Why not use GD-based verification codes like everthing else does (including this forum software)? I have had no spam on either my phpBB or my OSCommerce sites that use GD verification. Are you attempting to use methods that are better (since nothing is perfect, of course)? Just curious...

Cheepnis

Post by **Klemen** » Tue Jul 25, 2006 2:59 pm

Hi,

GBook was meant to provide good anti-spam protection to people all over the web and on various (even free) hosts, that's why I didn't use GD (a lot of host don't support it, especially the free ones) and it worked well - until now (although I'm not yet 100% sure it is the number they are reading).

The file in my previous post should fix the latest spamming technique, but yes, a GD version of the security image will be added (soon), probably with the ASCII version being an option for those on hosts that don't support GD.

Note that GBook goes beyond that, it filters out even posts that actually come through the number check, but it can't really tell the difference between a valid post and these casual posts like "Nice website".

Cheepnis · Post by **Cheepnis** » Tue Jul 25, 2006 3:20 pm

Thanks, Klemen. The option for either method is a perfect solution. I really like this script (clean, simple, and easy to maintain/customize). Thanks for your prompt attention to the issue and the continued support for a free product! Do you accept Paypal at the email in your readme file? I'd like to put my wallet where my mouth is

Post by **Klemen** » Wed Jul 26, 2006 5:38 pm

Hi,

The new version with image security number is out, see viewtopic.php?t=959

As for PayPal no I don't accept it at that e-mail. I personally am not able to receive any funds in my PayPal account, but I can accept donations to a friend's account at donations AT phpjunkyard DOT com. But instead of receiving donations I usually prefer to give something in exchange, see
http://www.phpjunkyard.com/help-phpjunkyard.php

Regards,

ravetildon1 · Post by **ravetildon1** » Mon Aug 14, 2006 4:06 am

Just upgraded to 1.43 from 1.41. So I am anxious to see how my site does. Currently have 14 pages of spam and 139 entries. I am goign to delete them all and see how it goes..

update aug 26, 2006 - So far so good. Only one in a couple weeks. Hope it continues!

suehutton · Post by **suehutton** » Mon Aug 28, 2006 11:33 am

I think this guestbook script is excellent particularly that it is so well documented and supported in the forum.

I upgraded from 1.41 to 1.43 today, and am pleased that the image captcha component is working.

The guestbook under 1.41 had started to receive spam, apparently from these IP addresses:

210.233.102.66 Tokyo, Japan
125.245.166.2 Seoul, South Korea
61.155.22.117 China
203.149.62.66 Bangkok, Thailand
82.160.156.27 Olawa, Poland
217.65.158.120 Keele, UK, (I shall telephone the Innovation Centre at Keele tomorrow, to tell them that one of their computers may be being used as a spam proxy)
213.35.219.69 Talinn, Estonia

Comments were variously: Hello! or Cool site webmaster.

Maybe this information could be useful in tracing a spam network.

Many thanks for all your hard work.