Jump to:

382 Posts in 209 Topics by 196 members

Connect With Other SilverStripe Members

SilverStripe Forums » Connect With Other SilverStripe Members » All of our Stripe sites under bot attack

For all SilverStripe-related topics that don't fit into any of the categories above.

Moderators: martimiz, Sean, biapar, Willr, Ingo, swaiba, simon_w

Page: 1 2
Go to End
Author Topic: 3303 Views
  • sonoma-sky
    Avatar
    6 Posts

    All of our Stripe sites under bot attack Link to this post

    We have approximately 30 stripe sites (in various revisions) hosted on a single FreeBSD box, that are currently under continuous attack.

    Beginning several weeks ago, we noticed periodic serious slowing of the server. We traced it to a non-promoted site under development. The stock blog page had 6500 comments to the "successfully installed" item. These comments consisted of lists of links to "porn/cialis/viagra" sites. We quickly removed the blog entirely from that site. We still have a server from "serverconnect.se" trying to hit that non-existent page about 600 times a day.

    We soon had nearly all of the stripe sites suffering from similar comment postings to blogs/pages/gallery items .

    We next added "PageComment::enableModeration();" to all the sites, resulting in hundreds to thousands of comments awaiting moderation in each of the sites.

    Until we work out something better we have turned off "allow comments" on every page, or blog item in every site.

    We get large waves of demand for specific comment numbers from IPs worldwide. These are mostly sites for local restaurants/landscapers/hair-dressers/veterinarians/non-profits, hardly of international interest.

    Posting servers are in Sweden, Netherlands, and Belize. They seem to be monitored for success by a German IP registered to a Russian address.

  • Willr
    Avatar
    Forum Moderator
    5489 Posts

    Re: All of our Stripe sites under bot attack Link to this post

    You might like to try the spam protection module and your choice of provider (recaptcha or mollom) - http://doc.silverstripe.com/doku.php?id=modules:spamprotection. Bots brought my whole VPS down and once I installed the recaptcha tool the spam has dried up (but the server is still under the load)

  • sonoma-sky
    Avatar
    6 Posts

    Re: All of our Stripe sites under bot attack Link to this post

    I recreated one of the sites in V-2.3.2 at Sonomasky.com
    with the following:
    mollom-v0.2-rc1
    spamprotection-v0.2-rc1
    userforms-trunk-r80052
    blog-v0.2.0
    newsletter-v0.1.1

    _config.php is updated with my keys, and the Mollom report says keys are working, but I don't think the blog-to-Mollom connection is working.

    Attempts to post messages on the blog (network/news) from another workstation using the buzwords "Viagra" "Cialis" "Canadian Pharmacy" etc. went right through un-challenged. I see nothing on the Mollom Report

    Did I miss a step, what am I doing wrong?

  • Willr
    Avatar
    Forum Moderator
    5489 Posts

    Re: All of our Stripe sites under bot attack Link to this post

    Make sure you are not logged in as this bypasses the captcha.

    Also mollom uses alot more then the text for deciding if you are spam. So its not always so straightforward.

  • sonoma-sky
    Avatar
    6 Posts

    Re: All of our Stripe sites under bot attack Link to this post

    I have been entering copies of "actual spam" from another P.C. while nobody was logged into the CMS.Mollom report shows 0 for two days, after 30+ entries.

    my _config contains:

    Mollom::setPublicKey("my key");
    Mollom::setPrivateKey("my private key");
    SpamProtecterManager::set_spam_protecter('MollomSpamProtector');

    What gives with the TWO spellings of "Protector", dictionary says OR is correct ER is a variant?

    I also do not see a "Spam Protection" field in the userforms dropdown.

  • Willr
    Avatar
    Forum Moderator
    5489 Posts

    Re: All of our Stripe sites under bot attack Link to this post

    the Or spelling is the correct one, this has been fixed in the latest rcs of each of the releases. Please update all your code to use the 'or'

  • sonoma-sky
    Avatar
    6 Posts

    Re: All of our Stripe sites under bot attack Link to this post

    Finally with all correct versions, and corrected spelling, it has rejected the text of an "ecard" email.

    Thanks for your help!! Now I just have to repeat what I've learned a couple of dozen times....

  • Juanitou
    Avatar
    Community Member
    323 Posts

    Re: All of our Stripe sites under bot attack Link to this post

    Hi!

    I’m resurrecting this thread because I wake up this morning with over 10,000 warnings from one of my sites. Somebody is using the Search Form to overflow the site. As far as I see, they are sending search requests without content (the needle) for every page of the site. For the moment being, I’ve disabled the search form, but it’s not a solution. Any insight? I’m thinking of limiting search to words of more than three letters or something like this, but if they are sending blanks, they can send what they want, isn’t it?

    Thanks in advance,
    Juan

    3303 Views
Page: 1 2
Go to Top

Want to know more about the company that brought you SilverStripe? Then check out SilverStripe.com

Comments on this website? Please give feedback.