My exhibition feedback getting spammed--40 messages last night. I delete them but they keep coming back. I am taking the feedback down but was wondering if anyone else experienced this and if anyone knew a way to combat it.

Thanks.

Cal

I was just about to post the same message, I am having a major problem also the last few days. 40-50 messages Spammed each day. :evil:


here is my Feedback link

http://www.ekreating.com/gallery/feedback.php


What can we do about it? :mad: this really sux

This is the exact same stuff I am getting.

Cal

Quickly checking my own gallery but didn't find anything suspicious, thank God.

Chriz

Install Spambayes (spambayes.sourceforge.net) if you work with Outlook. After a short learning period, it will keep all spam from your inbox while letting regular messages through.

P.

Install Spambayes (spambayes.sourceforge.net) if you work with Outlook. After a short learning period, it will keep all spam from your inbox while letting regular messages through.

P.


We are talking about SPAM on our Feedback and message board, not in email :o


I wish it was that easy

I was looking on hotscripts.com for a simple-to-install CAPTCHA ( Completely Automated Public Turing test to tell Computers from Humans Apart ) but I didn't find anything that was particularily easy to install and anyway, I don't want to start hacking Pekka's code.

Maybe this is a feature Pekka could add to the final release or maybe someone has a simple and quick way to prevent this kind of spam in the feedback section of EE.

Any ideas appreciated.

For now I have turned off feedback.

Cal

IN 2.0 I have added code stripping (simple with 1.5, too: add strip_tags() function to point where feedback is retrieved from POST), and there is also prevention to resubmit same data just by hitting browser refresh. More can be put to todo list, like forced approval and IP viewer in editor like comments have.
If you have any other ideas to prevent it let me know.

If you are spammed, disable feedback system in EE. It does not delete any feedbacks, merely hides them.

I couldn't find a simple method to disable feedback at the exhibition level as well as feedback for individual images, so I just yanked all the feedback code out of my EE install. I had only ever had two "real" feedback messages in four years of running EE, so I don't miss it. Feedback comes via my guestbook code, which is set to disallow posting more frequently than once every five minutes from the same IP address

To disable feedback go to Settings>misc. settings>Global Settings. There is a "Select Feedback Rule" Set this to "Feedback System Offline"

Anybody have a suggestion for a guestbook that's secure?

Thanks.

Cal

I use viper GB without problem.

700 feedback SPAM's in one day. Ouch. Erased them and they continue to come fast and furious. Disabled feedback. Why the sudden outbreak?

Lee

In my WordPress blog by filtering the comments for a few words that have been common to spam messages I have managed to block all spam so far. The list is short:

poker
holdem
ringtone
mortgage
viagra
penis
blogspot
phentermine

If the comment has any of these words it is simply trashed.

Depending on your webhost you can use features in CPanel management to block certain IP's or ranges of IP's from accessing your site.

If you know the IP of the spammer from the feedback you can add them to that list and they will no longer be able to get onto your site :)

This is getting bad, Just deleted 200+ spams from feedback. Is there a simple solution Pakka or even a difficult one that you could talk some of us less techy types through.

Within two mins of deleting them they are back, if you want to see what the look like here is a link


http://www.neil-rice.com/gallery/feedback.php

N

What about adding a captcha feature to the feedback form? it's added to many blog and guestbook scripts and seem to work quite well. another suggestion would be to rename the file to something different than feedback because the spiders might search for the word feedback or a feedback.php automatically.

Here's what I have now added to next version's guestbook (feedback in 1.5):

- IP logging
- Browser logging
- stopwords
- resubmit time limit
- page refresh resubmit prevention
- duplicate entry prevention
- tag removal

IP filter is also easy to add, but in my view those should be done in server firewall.

To have above mentioned spam filtering in EE 1.5 replace in feedback.php


if (isset($HTTP_POST_VARS['submit_feedback']))
{
$text_to_sql = ee_addslashes(ee_safer_html($HTTP_POST_VARS['text']));
$home_to_sql = ee_addslashes(ee_safer_html($HTTP_POST_VARS['home']));
$name_to_sql = ee_addslashes(ee_html_conversion($HTTP_POST_VARS['name']));
$country_id_to_sql = $HTTP_POST_VARS['country_id'];
$email_to_sql = ee_addslashes($HTTP_POST_VARS['email']);
$dt = $HTTP_POST_VARS['dt'];
$to_exhibition = $HTTP_POST_VARS['to_exhibition'];

$addnewfeedback = mysql_query(
"
INSERT INTO
ee_exhibition_feedback (ee_exhibition_id, ee_country_id , ee_exhibition_feedback_name, ee_exhibition_feedback_text, ee_exhibition_feedback_email, ee_exhibition_feedback_approved, ee_exhibition_feedback_homepage)
VALUES ('$to_exhibition', '$country_id_to_sql', '$name_to_sql', '$text_to_sql', '$email_to_sql', 'yes','$home_to_sql')
"
);
// ERROR HANDLING
ee_error ($addnewfeedback,"addnewfeedback",$currentpage);
}

with






$s_comment_submit_interval = 20;
$s_comment_submit_stopwords = array("spam","soma","viagra");

function ee_datacleaner() {
//dummy
return;
}

if (isset($_POST['submit_feedback'])) {

$ip_to_sql = ee_user_ip();
$agent = ee_datacleaner($_SERVER['HTTP_USER_AGENT']);
$text_to_sql = trim(ee_addslashes(strip_tags(ee_datacleaner(ee_st ripslashes($_POST['text'])))));
$home_to_sql = ee_addslashes(strip_tags(ee_datacleaner(ee_stripsl ashes($_POST['home']))));
$name_to_sql = trim(ee_addslashes(strip_tags(ee_datacleaner(ee_st ripslashes($_POST['name'])))));
$country_id_to_sql = ee_datacleaner($_POST['country_id']);
$email_to_sql = ee_addslashes(strip_tags(ee_datacleaner(ee_stripsl ashes($_POST['email']))));
$dt = ee_datacleaner($_POST['dt']);
$to_exhibition = ee_datacleaner(@$_POST['to_exhibition']);
$agent_to_sql = ee_addslashes($agent);
$now = date("Y-m-d H:i:s");
$checksum = "0";
$checksum = md5($text_to_sql . $ip_to_sql . $agent_to_sql);
$nogo = 0;

if ($agent_to_sql == "") $agent_to_sql = "unknown";

$check_checksum = mysql_query("
SELECT
ee_exhibition_feedback.ee_exhibition_feedback_chec ksum
FROM
ee_exhibition_feedback
WHERE
ee_exhibition_feedback.ee_exhibition_feedback_chec ksum = '$checksum'
LIMIT 1
");
ee_error ($check_checksum,"check_checksum",$currentpage);

$check_time_sql = "
SELECT
ee_exhibition_feedback.ee_exhibition_feedback_id,
UNIX_TIMESTAMP(ee_exhibition_feedback.ee_exhibitio n_feedback_timestamp) as lastaction,
ee_exhibition_feedback.ee_exhibition_feedback_time stamp as lastactiondt,
UNIX_TIMESTAMP() as momentago
FROM
ee_exhibition_feedback
WHERE
ee_exhibition_feedback.ee_exhibition_feedback_ip = '$ip_to_sql'
AND ee_exhibition_feedback.ee_exhibition_feedback_user _agent = '$agent_to_sql'
ORDER BY
ee_exhibition_feedback.ee_exhibition_feedback_id DESC
LIMIT 1
";
$check_time = mysql_query($check_time_sql);
ee_error ($check_time,"check_time",$currentpage);

while ($row = @mysql_fetch_array($check_time)) {
$last_activity = $row["lastaction"];
$last_activity_dt = $row["lastactiondt"];
$timenow = $row["momentago"];
if ($timenow - $last_activity <= $s_comment_submit_interval) {
$nogo = 1;
}
}

foreach ($s_comment_submit_stopwords as $sw => $stopword) {
$pos = strpos($text_to_sql, $stopword);
if ($pos === false) {
// spam detected
} else {
$nogo = 1;
}
}

if ($nogo == 0) {
if (@mysql_num_rows($check_checksum) == 0) {
if ($text_to_sql != "" AND $name_to_sql != "") {
$addnewfeedback = mysql_query("
INSERT INTO
ee_exhibition_feedback (ee_exhibition_id, ee_country_id , ee_exhibition_feedback_name, ee_exhibition_feedback_text, ee_exhibition_feedback_email, ee_exhibition_feedback_approved, ee_exhibition_feedback_homepage, ee_exhibition_feedback_checksum, ee_exhibition_feedback_ip, ee_exhibition_feedback_user_agent, ee_exhibition_feedback_timestamp)
VALUES ('$to_exhibition', '$country_id_to_sql', '$name_to_sql', '$text_to_sql', '$email_to_sql', 'yes','$home_to_sql','$checksum','$ip_to_sql','$ag ent_to_sql','$now')
");
ee_error ($addnewfeedback,"addnewfeedback",$currentpage);
}
}
} else {
// error message for writer
}
}

And then give following commands on by one in PHPmyAdmin:


ALTER TABLE `ee_exhibition_feedback` CHANGE `ee_exhibition_feedback_timestamp` `ee_exhibition_feedback_timestamp` DATETIME ;

ALTER TABLE `ee_exhibition_feedback` ADD `ee_exhibition_feedback_checksum` VARCHAR( 32 ) NOT NULL ;

ALTER TABLE `ee_exhibition_feedback` ADD `ee_exhibition_feedback_user_agent` varchar(255) NOT NULL default '' ;

ALTER TABLE `ee_exhibition_feedback` ADD `ee_exhibition_feedback_ip` varchar(15) NOT NULL default '000.000.000.000' ;



Above is untested with 1.5, let me know if you have any problems with it.

Thanks Pekka:

Installed last night and so far so good.

Regards,

Cal

Yep. Thanks for the fix. Working like a charm!

Lee

Pekka:

I haven't been getting any feedback so I tried posting something myself. I don't know where the message is going but it doesn't appear in the feedback forum. Any ideas?

Cal

As I said I did not test it :)

One obvious thing could be this. Change:

function ee_datacleaner() {
//dummy
return;
}


to


function ee_datacleaner($data) {
//dummy
return($data);
}

You know, that didn't do it either. I am having the same problem even after the change. Don't break your back on this Pekka. I know you are a busy man.

Thanks for all you do.

Lee