We have approximately 30 stripe sites (in various revisions) hosted on a single FreeBSD box, that are currently under continuous attack.

Beginning several weeks ago, we noticed periodic serious slowing of the server. We traced it to a non-promoted site under development. The stock blog page had 6500 comments to the "successfully installed" item. These comments consisted of lists of links to "porn/cialis/viagra" sites. We quickly removed the blog entirely from that site. We still have a server from "serverconnect.se" trying to hit that non-existent page about 600 times a day.

We soon had nearly all of the stripe sites suffering from similar comment postings to blogs/pages/gallery items .

We next added "PageComment::enableModeration();" to all the sites, resulting in hundreds to thousands of comments awaiting moderation in each of the sites.

Until we work out something better we have turned off "allow comments" on every page, or blog item in every site.

We get large waves of demand for specific comment numbers from IPs worldwide. These are mostly sites for local restaurants/landscapers/hair-dressers/veterinarians/non-profits, hardly of international interest.

Posting servers are in Sweden, Netherlands, and Belize. They seem to be monitored for success by a German IP registered to a Russian address.

You might like to try the spam protection module and your choice of provider (recaptcha or mollom) - http://doc.silverstripe.com/doku.php?id=modules:spamprotection. Bots brought my whole VPS down and once I installed the recaptcha tool the spam has dried up (but the server is still under the load)

I recreated one of the sites in V-2.3.2 at Sonomasky.com
with the following:
mollom-v0.2-rc1
spamprotection-v0.2-rc1
userforms-trunk-r80052
blog-v0.2.0
newsletter-v0.1.1

_config.php is updated with my keys, and the Mollom report says keys are working, but I don't think the blog-to-Mollom connection is working.

Attempts to post messages on the blog (network/news) from another workstation using the buzwords "Viagra" "Cialis" "Canadian Pharmacy" etc. went right through un-challenged. I see nothing on the Mollom Report

Did I miss a step, what am I doing wrong?

Make sure you are not logged in as this bypasses the captcha.

Also mollom uses alot more then the text for deciding if you are spam. So its not always so straightforward.

I have been entering copies of "actual spam" from another P.C. while nobody was logged into the CMS.Mollom report shows 0 for two days, after 30+ entries.

my _config contains:

Mollom::setPublicKey("my key");
Mollom::setPrivateKey("my private key");
SpamProtecterManager::set_spam_protecter('MollomSpamProtector');

What gives with the TWO spellings of "Protector", dictionary says OR is correct ER is a variant?

I also do not see a "Spam Protection" field in the userforms dropdown.

the Or spelling is the correct one, this has been fixed in the latest rcs of each of the releases. Please update all your code to use the 'or'

Finally with all correct versions, and corrected spelling, it has rejected the text of an "ecard" email.

Thanks for your help!! Now I just have to repeat what I've learned a couple of dozen times....

Hi!

I’m resurrecting this thread because I wake up this morning with over 10,000 warnings from one of my sites. Somebody is using the Search Form to overflow the site. As far as I see, they are sending search requests without content (the needle) for every page of the site. For the moment being, I’ve disabled the search form, but it’s not a solution. Any insight? I’m thinking of limiting search to words of more than three letters or something like this, but if they are sending blanks, they can send what they want, isn’t it?

Thanks in advance,
Juan