Hello,
My Serendipity blog seems to be under spam attack and my hosting provider has suspended my account for server over-utilization. Assuming they allow me back in, I must disable all commenting (and maybe trackback too) functions completely if I don't want to lose the site, not being able to afford dedicated hosting.
Here's my question: I've renamed the file comment.php in the blog's root directory so that it couldn't be accessed any more, thinking that would take care of my problem, but it hasn't and the commenting function still seems to be working as usual, allowing posting and reading of comments.
I've also used the emergency comment shutdown option in spamblock, but it doesn't stop the process entirely, only he final comment approval step, and I assume that the server is still getting requests.
Also the spamblock log still reports blocking spam with the comment.php file renamed, so I assume that there is major comment functionality located somewhere else.
Is there a way to remove the commenting capability all together from the blog?
I'm running version 1.2 beta x if I remember well...
Any help much appreciated!
Vince
Spam attack, help needed!
Spam attack, help needed!
Vincent Mounier
http://www.vincentmounier.com/blog2/
http://www.vincentmounier.com/blog2/
-
- Core Developer
- Posts: 30022
- Joined: Tue Sep 16, 2003 9:45 pm
- Location: Cologne, Germany
- Contact:
Re: Spam attack, help needed!
Hi!
The comment.php AFAIR only is used for trackbacks. Usual comments are routed via the serendipity index.php file, so you cannot simply rename/remove a file.
You could patch index.php to disallow commenting, but then the spammers have already successfully made a HTTP request. So you must try to catch them on an IP routing level or block them via .htaccess based on their HTTP user agents, their IP address range.
Sadly this is a problem not unique to serendipity, and there's no real way to deal with it. With people's increasing bandwidht, this will cause much more trouble in the future.
The only way to block it is to prevent spam at its root. Use antivir software, fight against trojans, educate people not to buy things that spammers advertise.
Best regards,
Garvin
The comment.php AFAIR only is used for trackbacks. Usual comments are routed via the serendipity index.php file, so you cannot simply rename/remove a file.
You could patch index.php to disallow commenting, but then the spammers have already successfully made a HTTP request. So you must try to catch them on an IP routing level or block them via .htaccess based on their HTTP user agents, their IP address range.
Sadly this is a problem not unique to serendipity, and there's no real way to deal with it. With people's increasing bandwidht, this will cause much more trouble in the future.
The only way to block it is to prevent spam at its root. Use antivir software, fight against trojans, educate people not to buy things that spammers advertise.
Best regards,
Garvin
# Garvin Hicking (s9y Developer)
# Did I help you? Consider making me happy: http://wishes.garv.in/
# or use my PayPal account "paypal {at} supergarv (dot) de"
# My "other" hobby: http://flickr.garv.in/
# Did I help you? Consider making me happy: http://wishes.garv.in/
# or use my PayPal account "paypal {at} supergarv (dot) de"
# My "other" hobby: http://flickr.garv.in/
API denying could solve it?
I have had severe problems with spam too, but then I denied comments via API, and that solved the problem.
The SpamBlock-plugin has to be installed.
The SpamBlock-plugin has to be installed.
I was getting a ton of spam for a long while, until I enabled Akismet in the spamblock plugin. You need to get an API key, but all you need to do is sign up for a free wordpress account. I already had one for when I first setup my site (used wordpress). Then I put in the API key into s9y, I have to clean up maybe one spam a month at this point.
-
- Core Developer
- Posts: 30022
- Joined: Tue Sep 16, 2003 9:45 pm
- Location: Cologne, Germany
- Contact:
Hi!
You can install the spamblock plugin, it has an "emergency shutdown" mode for comments!
Regards
Garvin
You can install the spamblock plugin, it has an "emergency shutdown" mode for comments!
Regards
Garvin
# Garvin Hicking (s9y Developer)
# Did I help you? Consider making me happy: http://wishes.garv.in/
# or use my PayPal account "paypal {at} supergarv (dot) de"
# My "other" hobby: http://flickr.garv.in/
# Did I help you? Consider making me happy: http://wishes.garv.in/
# or use my PayPal account "paypal {at} supergarv (dot) de"
# My "other" hobby: http://flickr.garv.in/
-
- Regular
- Posts: 1331
- Joined: Sun Dec 04, 2005 5:43 pm
- Location: Andalucia, Spain
- Contact:
I have just suffered the most extreme case of trackback spam I could imagine ever having to endure, and I need some help from those of you with more experience in this.
Basically, over the last 24 hours my site has been spammed (trackbacks and comments) on average 5-6 times per second, peaking at 30 times per second. My spamblock plugin now probably lists every single medication known to man, and I've had to completely disable api comments again.
How do I completely disable trackbacks so that they don't even get processed? The server has taken a lot of load from this and is still doing so, and my blog is on a shared account.
Basically, over the last 24 hours my site has been spammed (trackbacks and comments) on average 5-6 times per second, peaking at 30 times per second. My spamblock plugin now probably lists every single medication known to man, and I've had to completely disable api comments again.
How do I completely disable trackbacks so that they don't even get processed? The server has taken a lot of load from this and is still doing so, and my blog is on a shared account.
-
- Core Developer
- Posts: 30022
- Joined: Tue Sep 16, 2003 9:45 pm
- Location: Cologne, Germany
- Contact:
Hi Carl!
The FAQ suggests to patch your comment.php file and insert
(or plural, please look it up).
HTH,
Garvin
The FAQ suggests to patch your comment.php file and insert
Code: Select all
if ($_REQUEST['type'] == 'trackback') {
die('Disabled');
}
HTH,
Garvin
# Garvin Hicking (s9y Developer)
# Did I help you? Consider making me happy: http://wishes.garv.in/
# or use my PayPal account "paypal {at} supergarv (dot) de"
# My "other" hobby: http://flickr.garv.in/
# Did I help you? Consider making me happy: http://wishes.garv.in/
# or use my PayPal account "paypal {at} supergarv (dot) de"
# My "other" hobby: http://flickr.garv.in/
-
- Regular
- Posts: 1331
- Joined: Sun Dec 04, 2005 5:43 pm
- Location: Andalucia, Spain
- Contact: