Comment Spam...

135

Comments

  • rainforest1155rainforest1155 Registered Users Posts: 4,566 Major grins
    edited February 21, 2006
    JamesJWeg wrote:
    yeah then you better do some updates, that is why you research before you attack back, too easy to get the wrong one. If I were you I wouldn't browse from a server. Kinda odd that it only showed you hitting my root page and nothing else.

    James.
    I'm not sitting at it, but it's the internet router for my flat. Also it isn't unsual at all to only get hits at the frontpage. I often have people clicking my link visiting the frontpage, but then quit. Statcounter or whatever you're using can't measure (at least most of them don't, because it would require a script continuisly reporting back to the counter) how long a visitor has looked at a single page. They just can guess it by looking at how long did it take for the user to click the next link.
    As I said, I was just checking on your site if you had a site password, too, because that didn't keep the comments away from my site. That also proves that these bots weren't using standard browsing method to leave their spam as they would have been blocked out by a site password.

    Sebastian
    Sebastian
    SmugMug Support Hero
  • AndyAndy Registered Users Posts: 50,016 Major grins
    edited February 21, 2006
    Hi Everyone, I'm repeating this message:


    Thanks for writing and thanks for letting us know. Yes, we had a comment spammer. Our engineers have since fixed the problem, and deleted all spam comments from the system.

    You can change your comment email alert preferences by going to Control Panel>Mail Preferences

    You can enable comment approval by following the instructions here:
    http://www.smugmug.com/help/photo-sharing-comments

    Please watch our Support Forum http://www.dgrin.com/forumdisplay.php?f=12 for updates.

    We'll continue to monitor the system. Please let us know if you experience any more comment problems. I'm sorry for the hassle.
  • JamesJWegJamesJWeg Registered Users Posts: 795 Major grins
    edited February 21, 2006
    bigwebguy wrote:
    in other words, you need to know when to hold 'em, know when to fold 'em?





    sorry.

    well, exactly, when I run into a deal like this I pull in all the info I can on the most likly sources, then compair more, I just was giving out what looked to be a likly source to see if others had the same and actually also in case exactly what the case was, in case it was someone on dgrin with legit use. Most people don't browse with a system like that, a fact which raised a flag or 2 for me.

    James.
  • rainforest1155rainforest1155 Registered Users Posts: 4,566 Major grins
    edited February 21, 2006
    If you enable comment approval, wont you be bombarded with approval emails?? If you turn off email notifications in you account settings, will you still get comment approval emails??
    Nope, there are no pending approval mails. You have to go to the control panel and there you'll see an option to display the comments awaiting approval. So it definately works without the email notification.

    Sebastian
    Sebastian
    SmugMug Support Hero
  • peestandinguppeestandingup Registered Users Posts: 489 Major grins
    edited February 21, 2006
    Nope, there are no pending approval mails. You have to go to the control panel and there you'll see an option to display the comments awaiting approval. So it definately works without the email notification.

    Sebastian
    Nice. Thanks!
  • rainforest1155rainforest1155 Registered Users Posts: 4,566 Major grins
    edited February 21, 2006
    JamesJWeg wrote:
    Most people don't browse with a system like that, a fact which raised a flag or 2 for me.
    Well technically I don't browse with it. My workstation here is pretty much up-to-date. Your scanning tools only hit my relatively unsecure server which doesn't hold any important information. It's just the first barrier.
    And I like my Win2000 - I don't feel the urge to switch to anything else and it has been running okay for a long time.

    Sebastian
    Sebastian
    SmugMug Support Hero
  • JamesJWegJamesJWeg Registered Users Posts: 795 Major grins
    edited February 21, 2006
    I'm not sitting at it, but it's the internet router for my flat. Also it isn't unsual at all to only get hits at the frontpage. I often have people clicking my link visiting the frontpage, but then quit. Statcounter or whatever you're using can't measure (at least most of them don't, because it would require a script continuisly reporting back to the counter) how long a visitor has looked at a single page. They just can guess it by looking at how long did it take for the user to click the next link.
    As I said, I was just checking on your site if you had a site password, too, because that didn't keep the comments away from my site. That also proves that these bots weren't using standard browsing method to leave their spam as they would have been blocked out by a site password.

    Sebastian

    A system setup properly to route should not show up that way. You might want to look at how you are doing your routing with it then. And hope that the spammers don't find your system, I have had tighter servers hacked before.

    James.
  • JamesJWegJamesJWeg Registered Users Posts: 795 Major grins
    edited February 21, 2006
    Well technically I don't browse with it. My workstation here is pretty much up-to-date. Your scanning tools only hit my relatively unsecure server which doesn't hold any important information. It's just the first barrier.
    And I like my Win2000 - I don't feel the urge to switch to anything else and it has been running okay for a long time.

    Sebastian

    Yup, I understand the if it works keep it idea, but unsecure is a good wording for that box.

    James.
  • rainforest1155rainforest1155 Registered Users Posts: 4,566 Major grins
    edited February 21, 2006
    Andy wrote:
    Hi Everyone, I'm repeating this message:


    Thanks for writing and thanks for letting us know. Yes, we had a comment spammer. Our engineers have since fixed the problem, and deleted all spam comments from the system.
    Thanks Andy and the team for the fix of the nasty problem! It's been a while since you last had to wake the west coast crew for an emergancy?

    Sebastian
    Sebastian
    SmugMug Support Hero
  • MarkSBMarkSB Registered Users Posts: 96 Big grins
    edited February 21, 2006
    I had 12 of those "poker" comments this morning, then, when I went back a few minutes later, all the comments were gone, and there was no sign of them! Guess someone took care of it!
    THANKS!
  • AndyAndy Registered Users Posts: 50,016 Major grins
    edited February 21, 2006
    MarkSB wrote:
    I had 12 of those "poker" comments this morning, then, when I went back a few minutes later, all the comments were gone, and there was no sign of them! Guess someone took care of it!
    THANKS!

    You're welcome!

    Thanks for writing and thanks for letting us know. Yes, we had a comment spammer. Our engineers have since fixed the problem, and deleted all spam comments from the system.

    You can change your comment email alert preferences by going to Control Panel>Mail Preferences
    You can enable comment approval by following the instructions here:
    http://www.smugmug.com/help/photo-sharing-comments

    Please watch our Support Forum http://www.dgrin.com/forumdisplay.php?f=12 for updates.

    We'll continue to monitor the system. Please let us know if you experience any more comment problems. I'm sorry for the hassle.
  • rainforest1155rainforest1155 Registered Users Posts: 4,566 Major grins
    edited February 21, 2006
    JamesJWeg wrote:
    Yup, I understand the if it works keep it idea, but unsecure is a good wording for that box.
    You're probably right, but I can't put a firewall on this thing. It's a 300mhz celeron notebook and it's only on when I or one of the people in my flat are in the internet. I've been taking my chances on this for a while and will keep it that way. If somethings wrong with it, I'll get to know it pretty fast.

    Thanks for the advice though.

    Sebastian
    Sebastian
    SmugMug Support Hero
  • peestandinguppeestandingup Registered Users Posts: 489 Major grins
    edited February 21, 2006
    JamesJWeg wrote:
    Yup, I understand the if it works keep it idea, but unsecure is a good wording for that box.
    Yup, time to update.
    PoweredByMacOSX.gif

    index_darwinunixbased20050412.gif
  • AndyAndy Registered Users Posts: 50,016 Major grins
    edited February 21, 2006
    Thanks Andy and the team for the fix of the nasty problem! It's been a while since you last had to wake the west coast crew for an emergancy?

    Sebastian

    Yes - and I don't like doing it, of course, because by 7am my time in NY, it's 4am in Calif. And Onethumb and Wireless sure work late hours as it is, so the wakey wakey thing is not fun. I'm just glad that they were able to stop the spam, and delete it, too.

    Thanks everyone for their patience and understanding.
  • bwgbwg Registered Users, Retired Mod Posts: 2,119 SmugMug Employee
    edited February 21, 2006
    JamesJWeg wrote:
    well, exactly, when I run into a deal like this I pull in all the info I can on the most likly sources, then compair more, I just was giving out what looked to be a likly source to see if others had the same and actually also in case exactly what the case was, in case it was someone on dgrin with legit use. Most people don't browse with a system like that, a fact which raised a flag or 2 for me.

    James.

    i was actually making an attempt at humor.....know when to hold em'....the gambler....kenny rogers....poker spam...


    i fear i may be wasting my energy though...doesnt seem like you're much in the mood.
    Pedal faster
  • bwgbwg Registered Users, Retired Mod Posts: 2,119 SmugMug Employee
    edited February 21, 2006
    Yup, time to update.

    geez. who let the fanboys in?
    Pedal faster
  • JamesJWegJamesJWeg Registered Users Posts: 795 Major grins
    edited February 21, 2006
    bigwebguy wrote:
    --chop--doesnt seem like you're much in the mood.

    yeah, "talking" to the fiance right now, you know those times. umph.gif

    james.
  • cosleiacosleia Registered Users Posts: 7 Beginner grinner
    edited February 21, 2006
    Wow!

    All kinds of drama while I was asleep :D

    Thank you so much to smugmug for fixing everything before I even knew anything had happened! You guys are the bestest.
  • peestandinguppeestandingup Registered Users Posts: 489 Major grins
    edited February 21, 2006
    bigwebguy wrote:
    geez. who let the fanboys in?
    Oh, sorry. You are right. Windows is very secure & UNIX sucks. My bad. rolleyes1.gif
  • FrancoisFrancois Registered Users Posts: 140 Major grins
    edited February 21, 2006
    Thanks Andy and Team ! thumb.gif

    Francois


    Andy wrote:
    Hi Everyone, I'm repeating this message:


    Thanks for writing and thanks for letting us know. Yes, we had a comment spammer. Our engineers have since fixed the problem, and deleted all spam comments from the system.

    You can change your comment email alert preferences by going to Control Panel>Mail Preferences

    You can enable comment approval by following the instructions here:
    http://www.smugmug.com/help/photo-sharing-comments

    Please watch our Support Forum http://www.dgrin.com/forumdisplay.php?f=12 for updates.

    We'll continue to monitor the system. Please let us know if you experience any more comment problems. I'm sorry for the hassle.
    Francois A. Dumas
    Founder
    Silver Cloud Publishing
    fssupport.smugmug.com
  • technocrafttechnocraft Registered Users Posts: 108 Major grins
    edited February 21, 2006
    I got 44 of them overnight. I've always had comment approval on, so they didn't post. But I also see that they must have been cleaned up as I had nothing to approve this morning.
    -Tony
    http://images.tonyschreiber.com
    (technocraft.smugmug.com)
  • onethumbonethumb Administrators Posts: 1,269 Major grins
    edited February 21, 2006
    bigwebguy wrote:
    update: 1528 comments and rising.

    looks like the deck is stacked against me.


    Nah, you've got me on your side. :)

    I've been having fun with this loser for the past hour or so. I figure I've got a LOT more CPU power than he has, so I'm actually not just not posting his comments - I'm holding his TCP connections open for 5 minutes before closing them. :)

    The dork keeps on coming though. (And based on his efforts, this isn't just a bot - he's totally poking around manually)

    Whoever he is, he's pretty clueless - smugmug adds 'rel="nofollow"' to all of the HREFs in comments and such so none of the search engines will see his silly spam.

    Oh well, back to play with my mouse :)

    Don
  • BarbBarb Administrators Posts: 3,352 SmugMug Employee
    edited February 21, 2006
    Mike Lane wrote:
    Anyone else get bombarded with comment spam recently. I was working on the site when it happend. I got 11 spam comments (poker 838 or something) in the span of about a minute to 11 different images and galleries. I have comment approval turned on so they didn't get through, and since it was 11 it was a minor annoyance, but imagine if it were hundreds or thousands.

    Short of hiding comments with CSS, there isn't a simple way to disable comments site-wide. Plus if someone is using a script, hiding it with CSS may not do anything anyway.

    I wonder if Smugmug is working on some way to prevent this kind of thing from happening like using a captcha or something.

    I had 295. Normally, I'd be flattered - haha. But they're gone now :)
    Barb
    Smug since 2006
    SmugMug Help
    PhotoscapeDesign
  • iamagooiamagoo Registered Users Posts: 45 Big grins
    edited February 21, 2006
    Thanks
    You guys are amazing. This has been an interesting and enlightening drama. I'm enthralled by the lingo being flung around by you tech whizzes. Well done to the West coast guys. You're the true CSI guys in this episode. I especially enjoyed your ridicule of the fool that's attempting to match wits with you. We all hold the hammer with you! Go get 'em.1drink.gif
  • rainforest1155rainforest1155 Registered Users Posts: 4,566 Major grins
    edited February 21, 2006
    bigwebguy wrote:
    i was actually making an attempt at humor.....know when to hold em'....the gambler....kenny rogers....poker spam...
    For the problem is that I simply don't get it. Can someone enlighten the non-native speaker around here?:D

    Thanks,
    Sebastian
    Sebastian
    SmugMug Support Hero
  • JamesJWegJamesJWeg Registered Users Posts: 795 Major grins
    edited February 21, 2006
    This is exactly why I was looking at the simple stuff, all of the recent attacks that I have had at the office came from small level guys, doing basic stuff, the big boys know that we have thier number and the are paying joe blow to go spam his brain out till he gets canned by his ISP. The last one I caught was a UCLA student trying to make beer money, dumb kid, tried to use my state owened servers to send spam from the UCLA campus, like we arn't gonna catch that. I have much better toys for when they try this to my work boxes, kinda like don I like to play when I get a bite. On that last one I called UCLA too soon and didn't get to have much fun, but then again they did catch him sitting at the system.

    James.
    onethumb wrote:
    Nah, you've got me on your side. :)

    I've been having fun with this loser for the past hour or so. I figure I've got a LOT more CPU power than he has, so I'm actually not just not posting his comments - I'm holding his TCP connections open for 5 minutes before closing them. :)

    The dork keeps on coming though. (And based on his efforts, this isn't just a bot - he's totally poking around manually)

    Whoever he is, he's pretty clueless - smugmug adds 'rel="nofollow"' to all of the HREFs in comments and such so none of the search engines will see his silly spam.

    Oh well, back to play with my mouse :)

    Don
  • rainforest1155rainforest1155 Registered Users Posts: 4,566 Major grins
    edited February 21, 2006
    Oh, sorry. You are right. Windows is very secure & UNIX sucks. My bad. rolleyes1.gif
    Nope, they're all more or less secure, just depends on the crowd using them. Comes with fact that there are more Windows guys out there having spare time I guess.
    Still MAC or Linux are no option for me. Too much Windows stuff I hang on. But let's not start this discussion over here again. mwink.gif

    Sebastian
    Sebastian
    SmugMug Support Hero
  • JamesJWegJamesJWeg Registered Users Posts: 795 Major grins
    edited February 21, 2006
    For the problem is that I simply don't get it. Can someone enlighten the non-native speaker around here?:D

    Thanks,
    Sebastian
    He was quoting and old and very good country song about poker, it was kinda dry humor attempt, that flopped on me because I am having a bad morning already.

    James.

    Edit: the song name is "the gambler"
  • bwgbwg Registered Users, Retired Mod Posts: 2,119 SmugMug Employee
    edited February 21, 2006
    JamesJWeg wrote:
    He was quoting and old and very good country song about poker, it was kinda dry humor attempt, that flopped on me because I am having a bad morning already.

    James.

    sebastian, look up Kenny Rogers & The Gambler

    get an mp3 if you can, i guarantee you've heard the song before.
    Pedal faster
  • ReneesEyesReneesEyes Registered Users Posts: 92 Big grins
    edited February 21, 2006
    Ahhh, too funny, I got "The Gambler" right away. Now I feel old, and I'm only 32 (at least for a few more weeks...)

    Thanks guys for cleaning up the mess! I guess I didnt' need to read the whole thing but it was interesting anyways.
Sign In or Register to comment.