Skip to main content

This site requires you to update your browser. Your browsing experience maybe affected by not having the most up to date version.

Connect With Other SilverStripe Members /

For all SilverStripe-related topics that don't fit into any of the categories above.

Moderators: martimiz, Sean, biapar, Willr, Ingo, swaiba, simon_w

All of our Stripe sites under bot attack


Go to End
Reply


10 Posts   3420 Views

Avatar
sonoma-sky

6 Posts

6 July 2009 at 7:20am

We have approximately 30 stripe sites (in various revisions) hosted on a single FreeBSD box, that are currently under continuous attack.

Beginning several weeks ago, we noticed periodic serious slowing of the server. We traced it to a non-promoted site under development. The stock blog page had 6500 comments to the "successfully installed" item. These comments consisted of lists of links to "porn/cialis/viagra" sites. We quickly removed the blog entirely from that site. We still have a server from "serverconnect.se" trying to hit that non-existent page about 600 times a day.

We soon had nearly all of the stripe sites suffering from similar comment postings to blogs/pages/gallery items .

We next added "PageComment::enableModeration();" to all the sites, resulting in hundreds to thousands of comments awaiting moderation in each of the sites.

Until we work out something better we have turned off "allow comments" on every page, or blog item in every site.

We get large waves of demand for specific comment numbers from IPs worldwide. These are mostly sites for local restaurants/landscapers/hair-dressers/veterinarians/non-profits, hardly of international interest.

Posting servers are in Sweden, Netherlands, and Belize. They seem to be monitored for success by a German IP registered to a Russian address.

Avatar
Willr

Forum Moderator, 5513 Posts

6 July 2009 at 8:54am

You might like to try the spam protection module and your choice of provider (recaptcha or mollom) - http://doc.silverstripe.com/doku.php?id=modules:spamprotection. Bots brought my whole VPS down and once I installed the recaptcha tool the spam has dried up (but the server is still under the load)

Avatar
sonoma-sky

6 Posts

7 July 2009 at 10:59am

I recreated one of the sites in V-2.3.2 at Sonomasky.com
with the following:
mollom-v0.2-rc1
spamprotection-v0.2-rc1
userforms-trunk-r80052
blog-v0.2.0
newsletter-v0.1.1

_config.php is updated with my keys, and the Mollom report says keys are working, but I don't think the blog-to-Mollom connection is working.

Attempts to post messages on the blog (network/news) from another workstation using the buzwords "Viagra" "Cialis" "Canadian Pharmacy" etc. went right through un-challenged. I see nothing on the Mollom Report

Did I miss a step, what am I doing wrong?

Avatar
Willr

Forum Moderator, 5513 Posts

7 July 2009 at 11:10am

Make sure you are not logged in as this bypasses the captcha.

Also mollom uses alot more then the text for deciding if you are spam. So its not always so straightforward.

Avatar
sonoma-sky

6 Posts

7 July 2009 at 12:37pm

I have been entering copies of "actual spam" from another P.C. while nobody was logged into the CMS.Mollom report shows 0 for two days, after 30+ entries.

my _config contains:

Mollom::setPublicKey("my key");
Mollom::setPrivateKey("my private key");
SpamProtecterManager::set_spam_protecter('MollomSpamProtector');

What gives with the TWO spellings of "Protector", dictionary says OR is correct ER is a variant?

I also do not see a "Spam Protection" field in the userforms dropdown.

Avatar
Willr

Forum Moderator, 5513 Posts

7 July 2009 at 1:00pm

the Or spelling is the correct one, this has been fixed in the latest rcs of each of the releases. Please update all your code to use the 'or'

Avatar
sonoma-sky

6 Posts

7 July 2009 at 2:04pm

Finally with all correct versions, and corrected spelling, it has rejected the text of an "ecard" email.

Thanks for your help!! Now I just have to repeat what I've learned a couple of dozen times....

Avatar
Juanitou

Community Member, 323 Posts

6 March 2010 at 10:25pm

Hi!

I’m resurrecting this thread because I wake up this morning with over 10,000 warnings from one of my sites. Somebody is using the Search Form to overflow the site. As far as I see, they are sending search requests without content (the needle) for every page of the site. For the moment being, I’ve disabled the search form, but it’s not a solution. Any insight? I’m thinking of limiting search to words of more than three letters or something like this, but if they are sending blanks, they can send what they want, isn’t it?

Thanks in advance,
Juan

Go to Top